Results 1 to 5 of 5

Thread: MSblast caused blackout?

  1. #1
    Join Date
    Nov 2002

    MSblast caused blackout?

    "What if the power plant servers in Niagra Falls were running Windows 2000? Could they have been infected with the msblast worm? "
    -A troubleshooter from Nortel Networks

    I really don't have much knowledge of power grids or Windows 2000, and I only understand the basic concepts of MSblast, so I don't have any indepth theory on that statement.

    Any speculations?
    I read somewhere you shouldn\'t always believe what you read so what the Hell am I supposed to do?

  2. #2
    Join Date
    Aug 2001
    The only thing that I can say about it, is that most (if not all) vital systems (power plants, traffic control, water supply,...) are not linked to the internet in any way. All power plants for example have two totally independent systems. The system responsible for the functioning of the plant never sees the outside (as the outside never sees that system). And I doubt they run 2k, too, actually... I'm pretty sure they use systems you and I have never even heard of... (Powerplant OS 2003...yay)

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Hehe.. That's what I thought of the 9-1-1 systems until Sapphire infected them last year. That said, reports of what I've heard suggest that it is not a worm (although it did cross my mind). Apparently it's either overuse or a fire at a plant.

    In fact, I think it will be a few days before we figure out what caused it.


    A little further to that, I just read on Full Disclosure the following:

    "Bernie" from Full Disclosure Mailing List

    Being an old PLC automation and control hack let me say that there is a very good plausibility that the recent East Coast power outage was due to an attack by an MBlaster variant on the SCADA system at the power plant master terminal, or more likely at several of the remote terminal units "RTU". SCADA runs under Win2000 / XP and the telemetry to the RTU is accessible via TCP/IP / HTTP and the Internet.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    It was someone at M$ ensuring that the power's down so that it reduces the DOS attack against update cause loads of machines can't power up.

    *ARRRGH The M$ Lawyers are after me*

    It's a joke, honest, I couln't possible _know_ anything for real!
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    steve... i think you've hit on something there.. .. material for the conspiracy theory buffs maybe???

    Quis Custodiet Ipsos Custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts