April 19, 2011, 11:33 AM — Experts on SCADA industrial-automation security are almost unanimous in their assessment that the successful penetration of online security at a New Mexico wind turbine facility was a hoax.
The utility, owned by Florida Power & Light, said there was no evidence of damage or data theft.
Eric Byres, CTO of Byres Security, which analyzed data included in a post notifying a security list of the attack, agreed there that it appeared to have been faked using generic data, IP addresses and screenshots that, in some cases, didn't even refer to the correct facility.
The screen shots posted by a hacker using the name "BGR R" look like they came from a vendor demo or student experiment with SCADA software, not an actual attack, he wrote.
If the goal was to embarrass Florida Power & Light and generate a lot of bad publicity, it worked.
I and half the tech-ish media wrote about it, though most of us noted it was probably not true.
The Stuxnet worm remains the only high-profile successful attack on SCADA industrial control systems at utilities, though U.S. based utilities remain vulnerable to such attacks.
They (and we pixel-stained wretches in the media) also remain liable to propaganda attacks from anonymous sources claiming to have accomplished terrible things in covert ways, especially when it's hard to determine whether or not the terror really happened.
Call that one more potential security vulnerability in the U.S. network of highly digitized corporations and utilities, and one more thing the media have to be careful to corroborate or risk being used as mouthpieces for "hackers" with a grudge against one company or government agency.
A lot of people try to use members of or whole organizations within the media to broadcast their own points of view. Some of the POVs are legitimate, but slanted to their own side. Some are purely destructive and unquestionably false, as in this case and any number of other exaggerations and statements not meant to be factually true, whether they come from politicians, IT vendors or random "hackers."
Shockingly, not everyone in the tech business is entirely honest: