Hackers Manipulated Railway Computers, TSA Memo Says

An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."

Re:Why...

[F34nor]

Here here! In addition they have their own swath of wireless bandwidth for their radios that could be reapportioned for this by going to digital radios.

Re:You never know...

[ajpuciat]

"Amagasaki, Japan 26 April 2005 A seven-car train with 580 passengers derailed and slammed into an apartment building of nine floors. 73 people were killed and nearly 450 injured"

Trains, in my buildings?

It's more likely than you think.

Re:Why...

[currently_awake]

I don't think it was. They clearly tried to blow this thing up as a major terrorist attack, but they never claimed risk to life. I'm guessing the "attacks" were a virus on the windows boxes used for selling tickets.

Re:Why...

[siddesu]

The corporate politics isn't all that different inside the Socialist enterprise, the difference is that everything else is much worse.

Sounds awfully simliar to...

[b5bartender]

...the well-publicized "attack" on an Illinois water system by Russian Hackers [washingtonpost.com] that, unsurprisingly, never actually happened. [sj-r.com]

Train control has gone Linux/Ethernet/IP

[Animats]

Railroad signalling used to be all special purpose hardware. Not any more. Here's the "VitalNetâ Wayside Message Server" [ptc-asts.com]. Runs Red Hat Linux. Talks "Interoperable Train Control Messaging" protocol.

It gets worse. Here's a General DataComm unit for railroad signal control. [gdc.com] "SC-ADT ports configured for Telnet/ SSH sessions, for bypass transport (port forwarding), and to convert async PPP data to IP for transport over a cellular data network. SC-ADT managed via Telnet, SSH, SNMP, FTP, TFTP and HTTP from the Dispatch Facility. "

TFTP? FTP? Telnet? What's wrong with this picture?

There's even a hobbyist program for listening in on signal control traffic [atcsmon.com], some of which is passed around on unencrypted radio links.

Sounder Train or Westside Express Service?

[McGruber]

The article tells us that this event happened to a railroad that (1) is in the Northwest, (2) runs scheduled trains during the workweek (Dec 1 was a Thursday) and (3) has frequent enough service that a 15 minute delay would be noticed.

It appears to me that the railroad described is either Washington State's Sounder Train (en.wikipedia.org/wiki/Sounder_commuter_rail) or Oregon's Westside Express Service (WES) (http://en.wikipedia.org/wiki/Westside_Express_Service).