Hacktivist GhostShell Reveals 46 Major Flaws in India’s SCADA Systems

GhostShell, the Romanian hacktivist behind breaking into FBI, Interpol and NASA’s systems to dump millions of files online, has now discovered vulnerabilities in India’s infrastructural computer systems.

Ominously, these type of attacks can cripple even non-tech infrastructure such as power grids or dam controls, which is why the need to fix them is even greater. In an interaction with FactorDaily, GhostShell revealed that over 46 SCADA (Supervisory Control And Data Acquisition) systems in the country – used to control subsystems at power stations, networking infrastructure and industrial sites – are vulnerable to cyber attacks.

The details shared by GhostShell consist of servers that lack password protection protocols, and all one needs is the IP address of the target subsystem and the default port number to break into the server and manipulate the machinery. Once someone has obtained server controls of a SCADA system, they can deal a lot of damage like shutting down an entire city’s power supply, cause irreversible damage to telecom infrastructure, steal critical data from a factory unit, etc.

One of the biggest examples of a SCADA attack is Stuxnet, the well-publicized cyber-attack that stunted Iran’s nuclear program, and some lawmakers have suggested forcing companies and organisations to move away from this weak and vulnerable system. Experts have raised numerous concerns about the security of SCADA systems due to a large number of interconnections between subsystems and lack of authentication measures which leaves them prone to network attacks. GhostShell pointed this out too: “The SCADA industry is facing a crisis all over the world nowadays because these types of systems don’t have any type of security implanted into them, meaning that anyone with a client for the respective protocol can login to the servers and either do espionage by logging the traffic or cause significant damage,” he said.

GhostShell, whose real name some people say is Gheorghe Razvan Eugen, has already sent details of the vulnerabilities to India’s CERT (Computer Emergency Response Team) wing, and is in touch with the government-backed group to solve the issues. About his motives he said,“I’m trying to raise awareness about the dangers of open SCADA protocols and how much damage someone can do to them.”