Ask Control Engineering
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control and embedded systems. Control Engineering answers questions from readers of Control Engineering's print and online magazines, newsletters and other publications. To comment on any blog posting, click on the post's highlighted question and scroll to the "Post a Comment" box at the bottom. Submit questions as comments to any existing post.
Update on digital certificates
September 02, 2011
The Ask Control Engineering posting of August 4 talked about how a hacker can pose as something else using fraudulent or stolen digital certificates. A recent article in Computer World discusses how hackers obtained “a digital certificate good for any Google website.” Using this, a hacker can pose as any of Google’s services and use this to pull off a man in the middle attack on anyone trying to access his or her accounts using the same network as the hacker.
The article goes into greater depth on how it all happened, but there are still many gaps as investigators try to piece together events.
This type of attack strategy is a favorite for cyber criminals trying to break into industrial networks, and is effectively what happened with Stuxnet. The attacker places himself between the HMI and the plant equipment, sending bogus and possibly harmful orders to the equipment while making the HMI tell operators that nothing is wrong.
--Peter Welander, pwelander(at)cfemedia.com