Hackers Broke Into Brazil Power Grid Operator's Website Last Thursday 85
An anonymous reader writes "A week ago, 60 Minutes had a story (we picked it up too) claiming that hackers had caused power outages in Brazil. While this assertion is now believed to be in error, hackers were inspired by the story actually to do what was claimed. Last Thursday, they broke into ONS, the operator of the grid (Google translation; Portuguese original). DarkReading has specific details on the SQL injection vulnerabilities the hackers probably used."
Re:Really.... (Score:2, Interesting)
Re:actually (Score:4, Interesting)
the hackers invaded the _website_, the ONS network of computers that actually control the system is private and not connect to the internet.
They may not have hacked the power grid, but TFA says the website has all kinds of fun docs which, I'm assuming, any smart hacker would go after in order to study up on their target.
Never forget that the next best thing to an insider is the freakin' manual.
Re:Really.... (Score:1, Interesting)
And yet, your bank probably uses internet based VPNs for their ATMs, because they are cheaper to run than dedicated lines.
Re:full disclosure (Score:1, Interesting)
What kind of action? Leave the country, then report it. Any government that paranoid of a situation such as you describe is up to something.
Re:Really.... (Score:4, Interesting)
I am told by the security people that the adaptor defaulted to 'ad-hoc' mode and could have easily been paired with passerby outside in the parking lot who had the know-how (and presumably the right credentials).
Re:SQL injection? (Score:3, Interesting)
Or maybe not just state-run companies even...