Security audits

A presentation on Project Basecamp was a highlight of the conference. The talk presented the findings of a volunteer-led security audit of leading programmable logic controllers (PLCs). The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. Here Reid Wightman of the firm Digital Bond shows a closeup of the Modicon Quantum PLC displaying a “fail” signal after researchers succeeded in crashing the device.

Examining Natanz

Langner was among the first independent researchers who argued that Stuxnet was designed to attack a specific target, namely: the Iranian nuclear facility at Natanz. Within recent weeks, his theory has been given a boost after the office of Iranian President Mahmoud Ahmadinejad issued publicity photos of the President’s visit to Natanz. Included in the photos, inadvertantly, were shots of computer screens used to manage the centrifuges used for uranium enrichment.

Bits of code

Ralph Langner was a highlight of the S4 Conference, taking attendees through his detailed analysis of Stuxnet source code used to manipulate the Siemens 400 series programmable logic controllers (PLCs). This shows a snippet of the Stuxnet code on display during Langner’s talk.

Reading material

Stuxnet expert and industry gadfly Ralph Langner was in attendance at S4 this year, as he has been in past years. This year, however, Langner had a new book to promote: Robust Control System Networks – a kind of call to arms for the industrial control sector to respond to a ‘post Stuxnet’ world. Attendees got a free copy.

An exclusive gathering, the conference takes place in a single meeting room at Florida International University. Talks are short – most limited to around 30 minutes, with quite a few clocking in at around 15 minutes. The organizers also leave room for so-called unsolicited response sessions, where folks get up to pose questions to the group for debate. In all, it’s very collegial. This is a shot of the conference room at FIU during a presentation by Sean McBride of Critical Intelligence.

S4 is a conference hosted by Digital Bond, a security consulting firm based in Sunrise, Florida. Now in its fifth year, the S4 draws some of the world’s top experts in securing industrial control systems to sunny Miami Beach to discuss the state of the art.

Go Analog

Last – but certainly not least – you could just eschew modern technology and digital devices of all kinds. Landline phones, snail mail and an abacus might be slow, but they also don’t leave a permanent digital trail and, these days, are likely to be overlooked.

Use the Cloud

When it comes to search and seizure by customs agents, the cloud is your friend. A plethora of online services today make it easy to simply copy your sensitive data – or your entire drive’s contents – up to a hosted storage server. Once again, you’ll want to make sure that the connection to whatever cloud service you’re using is encrypted. You’ll also want to make sure that the data itself is encrypted. Finally, you’ll want to leave yourself enough time prior to departure to complete the transfer.

Snail mail the data

Another way to avoid having your digital privacy intruded upon is to backup all the data onto an external hard drive, USB drive or SD card (making sure the content of your backup is encrypted, of course). You can then ship the data to your destination. With your data copied off the device, you can wipe the machine you just backed up, and travel across the border with a completely blank device or one with the default configuration. Once reunited with the external hard drive you can restore the data to whichever machine you ended up traveling with.

Snail mail the drive

Not comfortable sticking your precious mobile device in the mail? Remove the hard drive from the device and snail mail that to your destination. If you’re flying, pack it in your checked bag. If necessary, you can travel with a second, blank hard drive in case you need access to the computer while in transit.

(Hard drive image via walknboston‘s Flickr photostream)

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.