A member of the Anonymous hacktivist collective has published a list of Internet-facing Israeli SCADA (supervisory control and data acquisition) systems and alleged login details.
The user, who uses the Twitter handle FuryOfAnon, posted the information on Pastebin with the message: “Who wanna have some fun with israeli scada systems?”
The Pastebin post contains a list of IP-based URLs that allegedly correspond to web administration interfaces of systems that are used to monitor automated equipment in industrial facilities.
Most of the URLs in the original post are no longer accessible. However, the hacker has since released a second list which contains newly found Israeli SCADA systems.
“Find their systems. Login using default logins (’100′ being the password)” FuryOfAnon said. In December 2011, Google security engineer Billy Rios, disclosed that the default web login credentials for the Siemens SIMATIC SCADA software are Administrator:100.
The same default login credentials might have been used by a hacker named pr0f to access a South Houston water utility’s SCADA back in November 2011. The hacker claimed at the time that the system was protected by a three character password.
FuryOfAnon’s original Pastebin post also contains a list of email addresses and passwords belonging to people from the Israeli Ministry of Defense, Ministry of Foreign Affairs, Ministry of Health and the Israel military. It’s not clear if those also serve as login details for the listed SCADA systems.
FuryOfAnon appears to have the support of long time Anonymous member and former LulzSec leader Sabu, who endorsed his actions via Twitter. Anonymous is currently engaged in an effort to hack Israeli websites as part of a campaign called Operation Free Palestine.
Last week a Saudi hacker published the personal information and active credit card numbers of thousands of Israeli citizen, prompting Israel’s Deputy Foreign Minister Danny Ayalon to compare hacking to terrorism. “No agency or hacker will be immune from a response,” Ayalon said.
View full post on National Cyber Security » Computer Hacking