IDG News Service - An anonymous hacker who claimed to have broken into monitoring systems at a New Mexico wind turbine facility made the whole thing up, security experts said Monday.
The hacker, who called himself Bigr R, said he broke into NextEra Energy Resources' Fort Sumner wind facility in revenge for an "illegitimate firing." He posted what he said was proof of his exploits to several places Saturday, including the Full Disclosure mailing list.
In fact, the "proof" he provided had been gathered from public websites and contained contradictory information.
Ruben Santamarta, head of security assessment at the security consultancy Wintercore, was the first to uncover the hoax. He found that the screenshots allegedly proving Bigr R had access to the Fort Sumner management console were lifted from a file on a publicly available FTP server.
After pointing out a number of technical errors in the alleged proof, Santamarta concluded that Bigr R was a fake.
NextEra, owned by Florida Power & Light (FPL), had already said on Sunday that the material offered as proof was largely publicly available and that there was no evidence that its facility had been hacked.
Some Cisco routers cited by Bigr R were reported to have been accessible, but the proof he offered that he had hacked into industrial systems was all faked, Santamarta said via instant message.
Others agreed: "We now believe most, if not all, of this is a hoax and an attempt to embarrass [Florida Power & Light]," wrote Eric Byres, CTO with Byres Security, in a blog post Monday.
One expert, Wesley McGrew of security consultancy McGrew Security, had thought on Sunday that Big R's claims were probably legitimate. By Monday he had changed his mind and agreed that "it looks like a lot of it has been faked."
Bigr R insisted Sunday that he was not a hoaxer. Late Sunday and Monday, however, he did not respond to e-mails seeking comment.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts