In this presentation we will show how effective a team of individuals can be in using open source intelligence gathering techniques in gathering leaked data on the electrical grid. By using Google dorking alone, the team has been able to not only gather insider information on grid technologies but also their deployment in the US including and up to passwords to systems and blueprints and runbooks. Using such information an attacker could not only attempt to gain access to power company and grid networks but also easily be able to connect the dots and perform hybrid (physical and electronic) attacks on the US power grid systems.
Chris is an electrical engineer who is fluent in RS-232 and Kirchhoff’s Laws. Krypt3ia has been in INFOSEC since the 90’s working for fortune 500 companies in pentesting and now blue team DFIR.
An infamous curmudgeon, Krypt3ia has a blog featuring national security issues and OSINT. He also co hosted Cloak & Swagger a podcast on all things natsec and INFOSEC with a Sasquatch named Ali.
SynAckPwn is a semi-professional retired troll that spends most of his time in a hardhat and popping MS08-067 in control systems. Yes, MS08-067 is still a thing and he takes little pleasure in exploiting it. Yes, when it comes to critical infrastructure, it’s still a problem. Yes, most of what you hear about grid hacking is bullsh!t.