Can a computer virus cause a server to catch fire?

The Aurora Project (late-1990s/early-2000s) was about when “SCADA” or “ICS” (Industrial Control System) security became a big buzzword… in layman’s terms, “the ability to hack into an enormous control computer
Can a computer virus cause a server to catch fire

I have knowledge of incidents very like this happening on three occasions.
  • The Aurora Project (late-1990s/early-2000s) was about when “SCADA” or “ICS” (Industrial Control System) security became a big buzzword… in layman’s terms, “the ability to hack into an enormous control computer, for example those running the electrical power-grid infrastructure, so as to do harm.” A memorable 60 Minutes episode aired during this timeframe showed an Idaho Dept of Energy demonstration, which successfully hacked into a 27-ton (~1-megawatt) diesel generator, causing it to overload, smoke, shudder, and reach catastrophic failure. This could easily have resulted in fire, as could a number of smaller systemic failures (local substations, etc.).

  • A 2006 SANS wireless-security course (taught in California, by hax0r legend Joshua Wright), where Joshua had one of those RAlink 802.11 cards with the two extensible antennae sticking out of his Linux laptop’s PCMCIA slot. Josh demonstrated that, at sustained bouts of maximum transmit power (e.g., continuous hours of sniffing and rapidly contributing packets to a wireless network, as if to crack its wireless key), it was possible to overheat to the point where the card physically became soft, malleable, and bent/curved under its own weight. There is no doubt in my mind that combustion could have resulted under the right (wrong) conditions.
  • Roughly four weeks ago (2016), in an office environment: a small data-center’s APC cooling systems (fans) were reconfigured by certified technicians to blow (cool) in a different pattern than they had been doing for the previous 12 months. This worked well for several days, except for a gradually-rising audio pitch, as if the fans were working harder, continuously blowing most of the time, and getting ever louder/shriller. Ultimately, the cooling system sprung a leak due to over-agitation; the copper pipe developed a fault (gap) at its soldered junction, spraying coolant oil throughout one of the data-center’s server cabinets, and the now-reduced quantity of oil remaining in the pipes began to heat and smoke, just as olive oil might when left on an overly-hot griddle. Thankfully, the fire-suppression system picked up on the smoke, and sounded the alarm; in another time and place, widespread fire might easily have resulted, and, worst of all, this condition could probably still be replicated via careful push-the-system-to-100%-till-it-leaks cyber manipulation.

  • Though this fourth example is not really a “fourth example” (rather, it’s a clarifying point from the data-center oil leak scenario above), consider that, from 2001-2003, I rented two stories of a house in suburban Boston, with a single window air-conditioner unit, which I plugged into a network-accessible power strip, so that, before leaving work, I could “TELNET” and “POWER SOCKET_0 ON,” getting the living room nice and frosty for my arrival. A malicious individual could have done the same thing to my power outlet, again and again and again, either running up my electric bill, or causing my AC unit to fail, or both simultaneously. Would’ve taken 38 keystrokes.
So, yeah. A variety of “commonplace machines,” ranging from common Linux laptops with wireless cards to heavy-duty electrical power grids, can be raised to dangerous temperature extremes. Much depends on the surrounding conditions, but it’s very feasible, and distressingly easy to accomplish.

أضف تعليق: