How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Monday, June 16, 2014

Smart City Hacked at PHDays IV

The Critical Infrastructure Attack (CIA) contest at Positive Hack Days IV has shown for the second time how weak critical infrastructure systems can be in terms of security. The participants successfully compromised various ICS systems during this two-day contest.

Last year at PHDays III, the contest was held with different name – Choo Choo Pwn. Organizers designed a transportation system controlled by real ICS hardware and software.

The contest's infrastructure was massively updated.. Organizers added new SCADA systems (such as Siemens TIA Portal 13 Pro and Schneider Electric ClearSCADA 2014) and various OPC servers (Kepware KepServerEX, Honeywell Matrikon OPC). New HMI devices, the operator panel Siemens KTP 600, PLC (Siemens Simatic S7-300 and S7-1500)and remote control devices (ICP DAS PET-7067) were presented as well. Schneider Electric MiCOM C264 was provided by CROC.

The contest's stand was created by Ilya Karpov, ICS security expert at Positive Technologies, and his colleagues from the group of SCADA security researchers.

Contestants needed to discover and exploit vulnerabilities in SCADA systems and industrial protocols in order to gain control over robotic arm, cranes, heating plants, transport management and illumination systems. Moreover, there was an opportunity of remote control over certain elements: robots, plant facilities, a railroad crossing, and cooling towers.

Similar SCADA systems and controllers are commonly used in a number of critical objects of various industries: factories and water power plants, transport infrastructure, oil and gas.

Alisa Shevchenko became the winner of the two-day competition – she detected several zero-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric. Nikita Maksimov shared second place with Pavel Markov. They managed to disrupt RTU PET-7000, provided by ICP DAS, and guess the password of the web interface for the controller Allen-Bradley MicroLogix 1400 by Rockwell Automation. Dmitry Kazakov took third place. He discovered XSS vulnerabilities (published) in the web interfaces of the Simatic S7-1200 controllers by Siemens.

"Contestants managed to gain control over robots and cranes via Modbus TCP. During the two days, they detected many critical vulnerabilities, most of them being in Simatic S7-1200 controllers. What's more, during the second day, one of the participants caused several operation failures of MiniWeb’s web server WinCC Flexible 2008 SP3 Update4," — said Ilya Karpov.

If exploited in real life, discovered vulnerabilities could cause harmful consequences, such as denial of service, functional failure of critical infrastructure management systems, which in its turn may disrupt normal life of an entire city'.

According to the responsible disclosure policy, contestants notify respective vendors about vulnerabilities they detected. Details about the vulnerabilities will be available after the vendors address the vulnerabilities.

As a winner Alisa Shevchenko received a special prize – the quadrocopter Phantom 2 Vision+.

Pictured: Alisa Shevchenko

The winners of the last year's Choo Choo Pwn were Mikhail Elizarov, a student from the North Caucasian Federal University (Stavropol Krai, Russia) and Arseny Levshin, a university student from Minsk.

Contest on critical infrastructure security is one of the main attractions of PHDays. Positive Technologies experts also presented the contest’s stand and workshops at Power of Community and at the 30th Chaos Communication Congress in Hamburg.


  1. Just a regular old guy from America who read the guardian article and was interested in learning more about what you do. No intentions, just curious. Looks like you're very talented. Sorry for your inclusion on the sanctions list. The US government is largely a bunch of assholes. Good luck with future endeavors.

  2. I want to thank you for writing this article.This is great Article for me. It also more very informative & awesome.
    Online lead genaration

  3. Congrats to the winners! This year we are having a harsh rivalry between a student from Clearview Regional High School and Deptford Township High School. Both have showed the results shared on essayforcollege essay help org constructor's page.

  4. Showbox users all over spread content through facebook and youtube directly from the software. showbox apk

  5. It is not difficult to guess that he|she will be having WhatsApp installed in it and more this website

  6. nice post Our Asus Routers Customer Service team has encountered problems where the router is working but no wifi signal is available. Such things are possible and are tricky to fix. You can just reach out to us and we will take it from there. Call us to get easy and fast fixes for your Asus routers. The Asus Routers Customer Service is always available for resolving your problems. Asus Customer Support

  7. You have the nice information thanks for sharing . If you need Apple AirPort Help Use Our Service.

  8. you have shared the nice and informative post thanks for sharing.
    d link router customer support

  9. Useful Information You have the nice information thanks for sharing. If you need Cisco Customer Support Number
    Help Use Our Service.

  10. Thanks for sharing this kind of amazing post. It is a great experience to read all about.
    Linksys customer support

  11. Download Live NetTV Apk or Showbox Apk on your Android, iOS, Tablets, Amazon, Android Box device to watch Movies, TV Shows and 1000+ live TV channels in 27 categories.

  12. KineMaster Pro is the only full-featured professional video editor for Android, supporting multiple layers of video, images, and text, as well as precise cutting and trimming, multi-track audio, precise volume envelope control, color LUT filters, 3D transitions, and much more.

  13. Spotify APK is a digital music service that gives you access to millions of songs.
    The Ultimate Entertainment is back with the RedBox TV APK with hundreds of Live TV Channels available for streaming at your proposal.

  14. The Deep Websites, Dark web, Hidden Wiki is accessed using Tor that contains .onion websites and provided Deep Web Links 2018 with more of deep web news.

  15. You're searching for the Best Gaming Chair. We know that and don't worry - we got you completely covered with our updated guide on gaming and office chairs.

  16. If you are looking for the SSLC Result Karnataka, you can go through the official website of Karnataka board; here we are providing the details of the official sites of the Karnataka SSLC board 2018

  17. This comment has been removed by the author.

  18. Thanks for the unique post about Smart City Hacked at PHDays IV. If you would add a video tutorial with it. That will be more good. However, i will come next day to ready more about the next post. Thanks from Lucky Patcher

  19. Hope you will get the letest news about all android game, and download all kind of mod games, free apk for your android mobile. Here is the largest collection of android games and tools only for you, which are free of cost. from APKJA

  20. Buy High Quality Replica Watches in India. Best Quality First Copy Watches. First Copy Watches For Men and Women.

  21. nice this post, thanks for sharing... IMO for PC imo for pc

  22. This is very nice post. I found your website perfect for my needs
    anime download app pc

  23. thanks for this amazing article we loved it
    check out Fortnite Apk

  24. Thanks a lot for sharing this list, very useful.

  25. Thanks a lot admin for proving such information on a single blog keep posting.

  26. thanks for share informative information.....

  27. Droid4x is a free Android emulator that can install your favourite Android apps on computer.

    Droid4x Apk

  28. download terrarium tv for androidbox and watch unlimited movies and TV shows for free.

  29. Hey, I am glad I have found this information. This is what I need thanks for sharing an informative post.I am hoping the same best work from you in the future as well.Really the blogging is spreading its wings rapidly.If you are looking for the TSPSC details, you can go through the official website of here we are providing the details of the official sites of the TSPSC.
    TSPSC vacancy
    TSPSC SI Vacancy Details
    TSPSC Forest Gaurd Vacancy
    TSPSC Group 1 recruitment
    TSPSC group 2 recruitment

  30. it is good to use. i am having the same one. at the time of purchasing i am very much confused but i read a lot of reviews from diff sites. i share a link where a i buy this
    best front load washing machine

  31. thanks for the sharing wonderful article with us and also check the and Hindi Gana

  32. "Hello all budies keep updating with world news headlines....Digital world economy provides latest news from India and the world. Get today's news headlines from Business, Technology, cryptocurrency news, market updates, and economic news..

    Tesla to Remain Public, Confirms CEO...

    Electric Version of Jaguar coming soon...

    Cryptocurrency Accepted in Chile...

    Crypto Transactions Barred...

    CloudWalker launches smart tv…