Beruflich Dokumente
Kultur Dokumente
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
1
2
http://www.newsinenglish.no/2014/08/27/oil-industry-under-attack-by-hackers/
http://securityaffairs.co/wordpress/26092/cyber-crime/cyber-espionage-havex.html
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
Table of Contents
Analysis of Malicious Tools and Hacking Methods ......................................................................... 4
Brute-Force Tool for PLC Component Siemens S-7.......................................................................... 4
ScadaScan Tool.................................................................................................................................... 5
PLCScan Tool ....................................................................................................................................... 6
SCADA Vulnerability Assessment Online Guide............................................................................ 6
Discussions and Trends on Closed and Password-Protected Forums .............................................. 8
Iranian Sources.................................................................................................................................... 8
Chinese Sources .................................................................................................................................. 9
Russian Sources................................................................................................................................. 10
Arabic Sources................................................................................................................................... 11
English Sources ................................................................................................................................. 14
SCADA-Related Cyber Incidents .................................................................................................. 16
New Vulnerability Poses Possible Threat to ICS and SCADA Systems .............................................. 16
What this Means ........................................................................................................................... 17
The Syrian Electronic Army Hacks into Israeli SCADA Systems ......................................................... 18
The Syrian Electronic Army (SEA).................................................................................................. 19
Iranian Hacker Group Implicates itself in Physical Attack on Electric Power Facility ....................... 22
Parastoo ........................................................................................................................................ 23
Jihadist Cyber Terror Group to Target SCADA Systems .................................................................... 24
Conclusion ................................................................................................................................. 26
Appendix 1 Brute-Force Tool Full Script.................................................................................... 27
Appendix 2 Technical Indicators for the SCADA-Related Tools .................................................. 29
Brute-Force Tool for S-7 .................................................................................................................... 29
ScadaScan ......................................................................................................................................... 29
PLCScan 29
Appendix 3: Full Translation of Yaman Mukhaddab's Message .................................................... 30
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
SenseCy has identified several SCADA-oriented hacking tools, on both Iranian and Chinese hacking
forums.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
..As a general security measure, Siemens recommends that asset owners configure the environment according
3
to our operational guidelines in order to run the devices in a protected IT environment and to avoid
unauthorized network captures.
We respectfully suggest that you check to confirm that Siemens operational guidelines4 are being
followed correctly and thus safeguard yourself from this exploit.
The hacking tool as presented on the forums (left); part of its script (right)
ScadaScan Tool
A second tool, ScadaScan, was found on the Chinese hacking forum. This tool was written by Amol
Sarwate from Qualys and is similar to the tool mentioned above. It too, has brute-force capabilities,
along with an option to scan and locate protocols widely used in SCADA systems. The tool essentially
scans to locate Modbus and DNP protocols (over TCP). The script can be implemented as part of a
larger suite.
http://www.industry.siemens.com/topics/global/en/industrialsecurity/Documents/operational_guidelines_industrial_security_en.pdf
4
Ibid.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
PLCScan Tool
Another hacking tool found in the Chinese cyber arena is PLCScan. This is a scanning tool designed
to locate PLC devices based on IP range scan. It locates the IP and the relevant open ports on the
device. This tool supports S7 and Modbus protocols. For technical indicators based on our analysis
of the malicious tools, see Appendix 2.
Introduction
Background of Critical Infrastructure Systems
The Different Parts in SCADA Systems
Industrial Control Systems (ICS)
Additional Background
Content Review
ICS and Critical Infrastructure
Protocol Layers Analysis
Modbus Protocol
Introduction to Fuzzing
Modbus Protocol Fuzzer
DNP3 Protocol
Security Assessment for ICS
Penetration Testing
Presenting the Devices used in our Experiments
Rapid Security Evaluation of ASATech RMU-2004 and DCM-2004
Cross Debugging and Cross Compiling
Reverse Engineering
Fuzzing Modbus TCP Protocol
Hardware Inspection
Additional Components and the Threat to Critical Systems
Example: Image of the Entire System
Security Assessment for Schneider Electric PLC
Example: Image of Firmware
Appendix 1: Proof of the Exploitability of ASATech Devices
Appendix 2: Modbus Fuzzer
Appendix 3: Virtual Portal of GSM Shield for Arduino
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
This guide reveals the tremendous interest in SCADA vulnerabilities and exploits, while displaying a
high level of understanding. This well-written document displays a significant degree of proficiency
on this particular subject. The structure and depth of the information, the level of details and the
description implies that a considerable amount of time was invested in it. This is without a doubt a
great guide and starting point for a beginner and even a specialist in the SCADA world.
The full document will be delivered to the client upon request.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
Iranian Sources
Iran is without doubt a hotspot for SCADA enterprises, both from an academic frame of reference, in
addition to more sinister motivating factors, such as hacking and vulnerability exploitation. As
mentioned, some hacker forums have designated rooms for SCADA hacking discussions, while some
individual hackers are more SCADA-oriented than others. One example of such a hacker is Pouriya
Naseri, who goes by the alias NOTER, and is affiliated with the Iranian DataCoders hacker group. One
document written by Naseri is titled Electo Hack and it comprises three sections:
The full document written by Naseri will be delivered to the client upon request.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
Chinese Sources
Unlike hacker forums in other arenas, no dedicated rooms for SCADA were found on Chinese hacker
forums. Discussions about SCADA-related issues are usually held in rooms with general designations,
such as "Software Security". Most SCADA-related content is either translated to Chinese from
English sources or directly quoted from the official sites of the manufacturers (for example warnings
against newly uncovered vulnerabilities).
There are several professional Chinese sites dedicated solely to SCADA. These sites typically feature
discussion rooms, news reports, downloading areas, and articles and products for sale. In the
discussion section, separate rooms are established for various SCADA components and different
manufacturers such as Siemens, AB and Schneider. The information exchanged on these platforms is
mostly professional or educational, and the forum members occasionally share vulnerabilities as
published by the official manufacturers or by the US-CERT.
Example of different
discussion rooms
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
Even though we did not find a Chinese hacking blog dedicated entirely to SCADA, some blogs do
publish SCADA-related articles and tools. Two of these tools were described above in the Malicious
Tools and Hacking Methods chapter:
ScadaScan
PLCScan
Russian Sources
While monitoring Russian sources, SenseCy identified mostly open source reports dealing with
SCADA vulnerabilities5 and analyses of major incidents in the SCADA field from the last few years,
such as the Havex malware and Stuxnet.
One example of such a report was published in June 2014 by the Russian security company USSC
(Ural Center for System Security). This report reviewed the Havex Trojan for SCADA systems, relying
mostly on English sources.6
In addition, we identified several closed forums dedicated to SCADA discussions addressing mostly
technical topics, rather than harmful activity. The members of these forums are professionals who
work in the industry and often discuss different aspects of ICS systems.7
http://internetua.com/kriticseskie-uyazvimosti-v-SCADA-pozvolyauat-hakeram-polucsit-kontrol-nadpromishlennimi-sistemami
6
http://www.ussc.ru/articles/id/19
7
www.Asutpforum[.]ru/viewtopic.php?f=104&t=4302&start=75
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
10
It is important to note that the Russian underground is primarily devoted to financial scams that can
turn easy profits. Russian underground players appear less concerned with attacking SCADA systems
and are more interested in making a profit. While we cannot underestimate the capabilities of
Russian hackers in impairing SCADA systems, such plans would most likely not be discussed on
accessible web platforms.
Arabic Sources
Since 2013, Arab hackers have become more and more involved in the global petroleum Industry. In
June 2013, the infamous hacker group AnonGhost launched a hacktivist operation titled #OpPetrol, a
cyber-campaign targeting the petroleum industry around the world. The group's official target list
includes companies such as the Saudi Arabian Aramco, British Petroleum in the U.K. and Texaco in
the U.S.
The #OpPetrol operation is responsible for defacements of the websites of petroleum companies
and the leakage of valuable data such as usernames, passwords and personal details.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
11
However, security experts are often more concerned about advanced hackers who could
compromise SCADA systems or ICS in the petroleum industry.8
Discussions pertaining to SCADA-related topics from Arabic sources focus on the importance of
SCADA systems and the significant damage that could result if these systems were to be
compromised in an operation like #OpPetrol.
SCADA systems are mentioned on white hat platforms as well. One such platform is a Facebook page
titled "Teaching Hack for Arabs" that promises to teach people how to hack SCADA systems and
other control systems in order to become security experts.9
Another example of SCADA hacking practices is a tweet posted on December 3, 2013 by Abdulla elAly, a Kuwaiti information security (IS) expert and CEO of Cyberkov Ltd. This tweet comments on
hacking SCADA as part of a course at a black hat conference. El-Aly uploaded a picture of the various
tools that he uses to hack the system.10
https://blog.cyberkov.com/?s=%D8%B3%D9%83%D8%A7%D8%AF%D8%A7
https://www.facebook.com/pages/Teaching-Hack-For-ofArabs/323714387692923?sk=app_106171216118819
10
https://twitter.com/3bdullla/status/275698599789211648; https://twitter.com/3bdullla
9
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
12
Another forum discussion thread about SCADA was started on September 25, 2013 on the Arabic
forum, Dev-Point, a platform dedicated mostly to developers discussions. Hacker al-Basra al-Iraqi
inquired about ways to hack SCADA systems. Another hacker called SkAnDeR X replied that he had
never heard of any hacker who had succeeded in breaching SCADA systems but he hoped that
someone would do so in the future. A third hacker named al-Safah provided detailed technical
information about SCADA systems and claimed that a simple computer with BackTrack Linux
distribution created for penetration testing was insufficient for hacking a SCADA system. A hacker
named Black Ghost claimed that there were many ways to hack SCADA systems, by exploiting its
vulnerabilities for instance. He also mentioned that in 2011, a vulnerability was identified in
KingView SCADA software and exploited via Metasploit. Moreover, he claimed that SCADA systems
could be hacked by radio waves, a method requiring close proximity to the system. Another hacker
with the alias Muslim Aqeel provided a link to VUPEN Security Researchs11 "7T Interactive Graphical
SCADA Systems (IGSS) Remote Memory Corruption" from May 24, 2011.12
Another source for SCADA-related topics is military forums. In January 2014, a review about PLC with
an emphasis on traffic systems13 was posted on the Arabic-Military forum.
11
www.seclists.org/bugtraq/2011/May/168; www.vupen.com/english/research.php
www.dev-point[.]com/vb/t431641.html
13
http://www.arabic-military[.]com/t90369-topic
12
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
13
In conclusion, the information accumulated from Arabic sources is mostly general, with references
to SCADA vulnerabilities, but with no actual tools or detailed methods for hacking SCADA systems or
endangering critical infrastructure systems.
English Sources
Throughout our research, we noticed a large variety of discussions on the topic of SCADA. Most
discussions revolved around theoretical attacks of critical infrastructures,14 where users discussed
the implications and complexities of attacking large organizations and strictly supervised
infrastructures. Few forum threads showcased security holes discovered by forum members in
critical infrastructure software and hardware. However, most of the showcased vulnerabilities were
published by major security firms.
Critical infrastructures companies were mentioned on a platform commonly used by hackers for
leaking sensitive information and target lists.15
On another Pastebin upload from 2013, organizers called on participants to use DDoS tools to attack
governmental and major corporate websites.16 Several malware developers even offered their
customized DDoS tools, designed specifically to take down carefully monitored and powerful servers.
14
http://www.garage4hackers[.]com/showthread.php?t=2431
http://pastebin.com/bHvn7rwe
16
http://pastebin.com/Bqak4Mjm
15
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
14
In addition to the Pastebin upload, SenseCy identified a post on a closed forum reviewing an exploit
found at a U.S. water power plant. This exploit is being offered online by the hacker who created it.
He showcased screenshots of the system interface, as well as his mail discourse with the Industrial
Control Systems Cyber Emergency Response Team (ICS-CERT) in the course of which CERT expressed
great interest in the exploits capabilities.17
One vulnerability disclosed in another discussion on this closed forum was an unauthorized access
vulnerability that affects many SCADA systems and remote Netgear. The vulnerability is used to
brute-force on HTTP login panels and its exploitation is explained in a step by step guide.18
17
18
http://www.alboraaq[.]com/forum/showthread.php?t=269076
http://www.alboraaq[.]com/forum/showthread.php?t=381388
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
15
19
http://www.slate.com/articles/technology/technology/2014/09/shellshock_what_you_need_to_know_about
_the_bash_vulnerability.html
20
http://www.macworld.com/article/2687826/apple-says-most-mac-users-are-safe-from-shellshock-bashbug-promises-quick-fix.html; http://krebsonsecurity.com/2014/09/apple-releases-patches-for-shellshock-bug/
21
http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-moreopen-to-attack.html
22
http://www.v3.co.uk/v3-uk/analysis/2372312/bash-shellshock-bug-puts-servers-scada-and-web-world-atrisk
23
http://news.softpedia.com/news/Industrial-Control-Systems-Equipment-Difficult-to-Patch-AgainstShellshock-Bug-460061.shtml
24
http://articles.economictimes.indiatimes.com/2014-09-27/news/54377111_1_solaris-bug-products;
http://news.softpedia.com/news/New-Remote-Code-Execution-Flaws-Found-In-Shellshock-Patched-Bash460348.shtml
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
16
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
17
We also noticed that the time shown on the screenshot indicated the end of April 2012. It is possible
that the system clock was incorrectly set, but it is more likely that the system was breached a year
ago and the published Retaliatory Strike was retained as a contingency plan for exactly such an
attack by Israel.
The Syrian Electronic Army posted a denial via its Twitter account, where it stated that it was not
behind the attack.26 On other occasions, this Twitter account has been used as a platform for claims
of responsibility, but with this incident, the above attack is not mentioned, neither here nor on the
groups official website or forums (apart from the denial). It should be noted that there are
numerous examples of fictitious claims of responsibility intended to deflect identification of the
attacker MO (Modus Operandi) of state-sponsored hacker groups.
25
26
http://cryptome.org/2013/05/sea-haifa-hack.htm, http://pastebin.com/aRCHLeRr
https://twitter.com/Official_SEA12/status/332172497397088256
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
18
This incidence is another link in a chain of events demonstrating an impressive ability to locate and
exploit SCADA systems that appear to be susceptible to the Muslim hackers skills. However, in our
view, this event is unprecedented. For the first time in public, a critical computerized infrastructure
facility on Israeli soil has been attacked, and it is extremely likely that a sovereign state is behind the
attack, declaring outright war in the cyber arena and deviating from the intelligence-gathering
plateau.
27
http://www.fireeye.com/blog/technical/cyber-exploits/2013/07/syrian-electronic-army-hacks-major-communicationswebsites.html
28
http://www.vice.com/read/the-syrian-electronic-army-almost-crashed-the-dow-jones
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
19
The drop in the DOW Jones after the SEA's Obama tweet
In May 2013, the cryptome.org website reported a successful attack by the SEA on a strategic Israel
infrastructure system in Haifa. Examination of the screenshots proved that the attack was authentic,
but was not aimed at a Critical National Infrastructure (CNI) like the municipal water SCADA system
in Haifa. Our research did, however, reveal that the attackers had targeted the irrigation control
system of a Kibbutz 30km north of Haifa. Nevertheless, it proves their growing capability and may
indicate a cooperation of the group with other state actors in the region.
Methods of Operation
The SEA is very active on social media networks, including Twitter, Facebook, Google+, YouTube,
Instagram, Pinterest, and smartphone apps. The group also runs an official website, SEA.sy, where it
appeals for volunteers to promote and aid its cause using social media.29 The group often sends
socially-engineered spear-phishing emails to lure the victim into opening weaponized and malicious
documents.30
29
30
http://www.memri.org/report/en/0/0/0/0/0/0/7357.htm
http://www.theregister.co.uk/2013/08/01/sea_analysis/
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
20
Summary
The SEA's exact relationship to the Syrian regime remains unclear. We believe however that the
group is not just working in support for the Syrian government, but rather operating under its orders
and guidance. In any case, recent months have proven that the SEA has emerged as a much more
serious threat not only to media outlets but also to government agencies, corporations and perhaps
even critical infrastructure systems around the world.
Having said that, it is important to emphasize that currently the group does not have the capabilities
to cause the damage that nation-state actors like China, Russia and even Iran hold.
In a scenario involving an American strike on Syria, we expect that the SEA will retaliate and wage
perhaps with the help of state-sponsored Iranian hacker groups cyber attacks against U.S. and
Western targets, such as media organizations, financial institutions, government entities and critical
infrastructure systems.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
21
Cryptome message
On April 16, 2013, an undetermined number of individuals breached the PG&E Metcalf power
substation in California and cut the fiber-optic cables in the area around the station. The act
neutralized some local 911 services and temporarily disrupted cell phone service in the area. The
perpetrators also fired shots from high-powered rifles at several transformers in the facility. Ten
were damaged and several others shut down.
Despite the fact that the attack is being treated as vandalism, the FBI has taken over the case. There
appears to have been some initial concern, or at least interest, in the fact that the shooting occurred
one day after the Boston Marathon attacks. But according to the FBI, there is no evidence at this
time relating the attack to terrorism.32
31
http://cryptome.org/2014/01/parastoo-pge-metcalf.htm
http://complex.foreignpolicy.com/posts/2013/12/24/power-station-militaryassault#sthash.EpAunaEs.8OPXCTqS.dpbs, http://www.dailymail.co.uk/news/article-2530879/FBI-investigatesmilitary-style-attack-California-power-station.html
32
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
22
It should be noted that there have been several attacks against different infrastructure facilities in
the U.S. in the past year, such as the Arkansas power grid. Furthermore, officials conceded that the
electric power industry is focusing on the threat of cyber attacks.33
Parastoo
The Iranian hacker group Parastoo34 first emerged on November 25, 2012, when they posted a
message announcing they hacked into the International Atomic Energy Agency (IAEA) and leaked
personal details of its officials.35
In February 2013, Parastoo claimed to have stolen nuclear information, credit card information, and
the personal identities of thousands of customers, including individuals associated with the U.S.
military, that work with IHS Inc., a global information and analytics provider.36
In March 2013, several weeks prior to an April 7 anti-Israeli cyber operation, Parastoo announced
that they would demonstrate "a new generation of APT on political, social, financial cyber entities"
during the upcoming #OpIsrael campaign.37 The campaign itself included mostly DDoS, defacement
and SQLi attacks on official and private Israeli websites. We have found no evidence of using APT
tools during this cyber operation.
33
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
23
On July 3, 2013, Parastoo claimed to have launched a UAV flight on U.S. soil.38 Several days later,
they published a short, mysterious video featuring allegedly documenting a UAV watching a U.S.
aircraft carrier.39
We do not have any information regarding the members of the group, but we believe this to be an
anti-American and anti-Israeli hacker group, likely supported by the Iranian regime like other Iranian
groups.
Mukhaddab goes on to list the main targets for future attacks. SCADA systems are ranked as a top
priority target, in order to destroy power, water and gas supply lines, airports, railway stations,
underground train stations, as well as central command and control systems in these three
38
http://cryptome.org/2013/07/parastoo-uav-launch2.htm
http://www.hongpong.com/archives/2013/07/07/mysterious-parastoo-apparent-iranian-hacker-groupclaims-uav-flight-inside-usa-r, http://www.youtube.com/watch?v=lmuScdQPMFc&feature=player_embedded
40
See Appendix 3 for a full translation of Mukhaddabs message.
39
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
24
countries. The second priority includes control systems of general financial sites, such as central
savings organizations, stock markets and major banks. Third on the groups agenda are websites and
databases of major corporations dominating the economies of these countries, while fourth and last
are less specified public sites affecting the daily routine of citizens, in order to maximize the terror
effects on the population.
Mukhaddab details the desired skills of anyone wishing to join the group, including: thorough
understanding of SCADA systems, preferably with experience in hacking them; acquaintance with
writing hacking programs and scripts, and programming in C, C+ and C++ languages; expertise in
networks, communication protocols and various kinds of routers and firewalls, specifically
mentioning CISCO; Expertise in Linux or Unix operating systems; expertise in Windows operating
system; capability of detecting security vulnerabilities; acquaintance with hacker websites, capability
of entering them easily, searching for required scripts, tools, or software, and providing them to
fellow members, if asked to; complete mastery of English or French scientific language, and scientific
background in computer engineering; mastery of the Russian language; and mastery of the Chinese
language. Members who want to volunteer are asked to post a response in the thread, specifying
the categories that fit their capabilities.
To date, close to a hundred volunteers have already signed on to Mukhaddabs Electronic Jihad
group. We have yet to see indications that this newly formed group has started to engage in online
hacking activity, but given the enthusiasm it created among forum members, this is likely to occur in
the near future.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
25
Conclusion
The purpose of this report is to provide a thorough review of the SCADA field in major cyber arenas.
This report included information regarding malicious tools and methods for hacking SCADA systems
and a review of major cyber arenas and the practice of SCADA-related topics.
The report included and analysis of hacking tools for SCADA systems found on Chinese and Iranian
closed forums. It is clear that the SCADA field as whole, as well as relevant vulnerabilities and
exploits, are of great interest to Chinese and Iranian hackers. The report also covered discussions on
closed hacking forums and the review of significant SCADA-related cyber incidents.
Generally speaking, we can attest that the world of SCADA hacking is becoming more and more
accessible to hackers from around the world, from Hacktivists to Cyber Criminals. In our mind, both
the vendors and the users should take into account that in the next two years, the amount of
probing and research done on SCADA systems is going to be as prolific as vulnerability research on
desktops and mobile systems.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
26
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
27
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
28
ScadaScan
Tool Type: Scanner, brute-force
Tool Size: 3,908 bytes
MD5: ac0ebc8b18b98639a1b1d8531db17cb2
PLCScan
Tool Type: Scanning tool
Tool Size: 3,093 bytes
MD5: be7d53a8992ba11aa715b2c9b664054f
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
29
Whoever cannot meet the general requirements, or finds no field fitting his capabilities, I kindly ask
him to only pray for his fellows, taking no part in this project, no matter how enthusiastic he may be
about it. He may have many other ways to support jihad and jihadists. This is to make this thread
focused and easy to check, and to allow the advance to the next stage, by Allahs will.
I ask whoever reads the thread not to be amazed at or complain about the public manner in which
we decided to make this address, and not advise us to keep it secret. If secrecy was of any use, we
would not have resorted to publicity. We need, first of all, to make sure we have the necessary
number of male and female volunteer terrorists meeting the requirements, and this can only be
done publicly.
Likewise, to anyone arguing that some of these volunteers may be enemy agents, I say: certainly,
this is quite expected. But do not worry, since they will be eventually uncovered and suffer
unexpected blows. This may be another advantage of this project and the new terrorist base.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
30
SCADA systems, in order to destroy power, water and gas supply lines, airports, railway
stations, underground train stations, as well as central command and control systems in
these three infidel countries, in the aforementioned order.
Control systems of general financial sites, such as central saving organizations, stock
markets, and major banks.
Sites and databases of major corporations controlling the infidel countries economy.
Public sites affecting the citizens daily routine, in order to maximize the terror effects on the
population.
Wholehearted devotion to Allah, reliance on Him, and absolute conviction that ones actions
are a fight for Allahs Cause. One must never have the slightest doubt of the Islamic
legitimacy of it, and believe this is ones personal duty, if he is capable of it.
Keeping it secret, without ever mentioning it, not even to ones closest relatives, such as
spouse, household, children, or parents. One's should never boasting of his capability,
despite any provocations or accusations, or even if this matter is discussed in ones
presence.
Making time for practicing this project, and not being diverted by anything else. In case it
interferes with other occupations, electronic Jihad should have priority, and one should vow
this to God.
Keeping ones promise and pledge, without any slackening, under any excuse whatsoever.
Whoever suspects that certain matters may prevent him from doing so, he should not
volunteer, since he have thousands of other ways to support Jihad and Jihadists, and Allah
will reward him.
Once a target and a tactic is selected, one may never withdraw or oppose it, or express other
views, just get to work resolutely and forcefully, immediately carrying out any assignment,
following all detains and manner of operation, at all cost. Since he is in the battlefield, any
retreat or slackening is just like turning his back in a day of attack.
Finally, one must have a totally unlimited and unrestricted access to a computer with an
Internet connection.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
31
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
32
None of the aforementioned categories, but full, fearless, undeterred readiness, to operate
on his PC a program provided by the terrorist base, letting it operate according to future
orders, following them precisely, with no fear from the consequences of the programs
operation. The programs MO shall be explained to such an operative, if he is ready to trust
it without any doubts, and operate it following the instructions precisely.
Now, those male and female terrorists who wish to volunteer should post a response in this thread,
made of two parts, even using the copy-paste option:
I swear to Allah that I fully accept the general conditions, and fully meet the general
requirements. I swear, before Allah, to comply with everything.
I fit into the following category or categories. Now copy-paste what fits your capabilities, if
you find any.
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
33
2014 SenseCy PO Box 8551, Poleg Netanya 4250711, Israel Tel +972-9-7482180 Israel info@sensecy.com
34