Looks like undocumented backdoors have led to another breach… This time the culprit seems to be older versions of the Niagara AX Framework software used by an unnamed company in New Jersey. With no firewall to block external access, malicious hackers were able to gain access to the HVAC system and interact with a GUI that provided floor plan layouts of various offices.
Beyond its various environmental control functions, organizations can also configure the Niagara software to manage surveillance systems. This particular security breach is significant since the same software is installed in over 300,000 organizations throughout the world, including the Pentagon, FBI, IRS, and other government agencies. We imagine a quick Shodan search and an IP ownership check might yield some interesting findings.
Look … we know it’s convenient for administration to hook these industrial control systems up to the Internet … and many of us would argue that this practice should banished altogether … but geez … at least put them behind a firewall.
Hackers illegally accessed the Internet-connected controls of a New Jersey-based company’s internal heating and air-conditioning system by exploiting a backdoor in a widely used piece of software, according to a recently published memo issued by the FBI.
The backdoor was contained in older versions of the Niagara AX Framework, which is used to remotely control boiler, heating, fire detection, and surveillance systems for the Pentagon, the FBI, the US Attorney’s Office, and the Internal Revenue Service, among many others. The exploit gave hackers using multiple unauthorized US and international IP addresses access to a “Graphical User Interface (GUI), which provided a floor plan layout of the office, with control fields and feedback for each office and shop area,” according to the memo, which was issued in July. “All areas of the office were clearly labeled with employee names or area names.”
An IT contractor for the unnamed business told FBI agents the “Niagara control box was directly connected to the Internet with no interposing firewall,” according to the memo, which was published Saturday by Public Intelligence. The website has an established track record of posting authentic government documents. Barbara Woodruff, a spokeswoman in the Newark, New Jersey division of the FBI, where the memo originated, said the document appeared to be authentic.
Do you think the Pentagon, FBI, and other government organizations are affected by this backdoor? Post your comments below. Today’s post pic is from ControlConsultants.Inc.