You can buy power plant hacking tools for just $8100
You do not need to be a pro-level hacker, but just make sure that you have a lot of money in the bank
Hacking tools have become relatively easy to use, and surprisingly, exploits also exist for water and nuclear power plants. Now, a small company by the name of Gleg collects, researches and resells SCADA zero-days (supervisory control and data acquisition), which is a vulnerability that is yet to be patched. In short, the tools are packaged into something called Canvas and it determines the level of security for systems by attacking it.
The exploit only costs a total of $8,100 for a period of 12 months, and in order to start using it, you will require a Canvas license, which has a price of $3,000 for ten users. According to Yuriy Gurkin, he only sells the tool privately and not to governments, which is a very smart thing to do otherwise it could result in terrible consequences. According to Gurkin, he states that:
“We do not conduct any research aiming to control SCADA systems, we just write exploits for vulnerabilities for the Canvas framework.”
While some might believe that individuals could use these hacking tools to fulfill their nefarious requirements, Dave Aitel, a NSA computer scientist and information security entrepreneur has said that there has yet to be an individual who has succeeded in using these hacking tools for something dangerous. According to the scientist, if an individual is trying to do something dangerous, he is quickly caught by authorities.
Gurkin has stated that while he only sells the hacking tools to corporations and individuals, it still does not keep the government out of the equation because there is always a chance that they could somehow get their hands on the exploit and continue to stock several exploits overtime. Robert Lee has another opinion formed about this as he states the following:
“The development of exploits always land in the hands of governments, militaries, cyber criminals, etc. That doesn’t necessarily mean they are bad, creating exploits can be great for awareness. I do not see Gleg as an awareness and defensive platform but that is my personal opinion obviously not reflected in what they want to state about their company.”
Whatever the case maybe, SCADA vulnerabilities are not something that should be taken lightly because of the negative ramifications that they can have on critical infrastructure systems, especially when nuclear power plants are the subject. If this hacking tool is in fact very cheap for hackers, then we know for a fact that things could get very ugly in the future.