This talk will go into detail about how drilling systems communicate and some of the attacks that could be performed on a drilling rig. This includes throwing off toolface information and burning out motors in BITs, Disabling H2S and sour gas detection systems, changing survey data to cause the drilling crew to drill out of zone causing sidetrack and time drilling operations that can cost millions of dollars to a drilling rig. And finally modifying chromatograph information and mud weight causing a blow out and potentially burning a rig to the ground. Infection methods include excel files used by directional drillers and MWD staff and 3rd party’s.
Using a honeypot run as a disposable mail service on TOR, Weston Hecker came across custom tailored malware including several versions of SAMSAM and Cryptolocker. In early May he came across a sample that is targeting (WITS) information “Wellsite Information Transfer Specification” and (MWD) Measure while drilling systems associated with land based drilling platforms. This lead him to do research the attack surface of a drilling rig.