SCADA Stories to Tell in the Dark

Posted: 1^st February, 2021

It’s Halloween! For this spooky holiday we’ve put together some chilling tales of SCADA and HMI gone horribly awry. Please enjoy the spine-tingling tales, and remember - don’t make these mistakes yourself!

The Wailing Machine

Alarms rang on the day the machine died. Alarms always rang. The incessant flashing red lights turned the operators into fatigued automatons, who grew accustomed to simply acknowledging and disregarding the constant bombardment of alarm signals.

That fateful day, it was already too late. No one noticed the alarm warning about excessive vibration, because it was too like the other alarms always beeping and blinking. By the time the machine shook itself in a death rattle, there was nothing they could do.

It Came from Inside the Plant

This true story comes from Queensland, Australia, where a system integrator helped install a SCADA system for Maroochy Shire Council. When he was rejected for a job at the council, he extracted some truly horrible revenge. He used stolen equipment to issue commands to the SCADA system that released almost a million liters of raw sewage into local parks, rivers, and a Hyatt hotel. This caused great environmental damages and huge costs, and it all happened from inside the plant. (kind of)

The Door to Danger

On dark and lonely nights, the plant grows quiet, with only the soft hum of machines to break the monotony. One such night, two employees took over the remote access to browse the internet. Soon after, critical machines were possessed by malicious poltergeists in the form of particularly nasty malware. They were never the same again.

Shodan Sees You

It seemed simple enough to set up remote access to the CC TV cameras with VNC. Why would a password be necessary? They were just cameras. Little did the plant know that Shodan could see it all - a quick search would allow an unseen visitor to view the entire plant with a few clicks of a button. No authentication required.

The Cursed USB

The forgotten USB seemed a harmless enough device, left on a desk in a jumble of cords. A well-meaning employee picked it up with good intentions of looking at the content to return it to its rightful owner. Little did they know that it contained a powerful curse that would spread a malicious virus to the entire system the moment they plugged it into a port.

They Left the Line Open

A plant set up remote communications for system integrators, with easy to use passwords and unfettered access to control systems. The arrangements were pleasant and the work was exemplary. The horror began much later, when the entire system was breached by a malicious specter. The guest credentials and easy access to the system were left wide open to attack.

Got yourself in a scary situation?

If you've gotten stuck in your own SCADA horror story, AVEVA is always here to help you. With support, resources on mitigating security threats, and consulting services, we can help prevent these nightmare scenarios from effecting your SCADA/HMI systems.