14 DAY TRIAL // A user published images allegedly obtained as a result of hacking a wind turbine administration system on a public mailing list, but subsequent investigations from the security community suggest a hoax.
Someone using the online moniker "Bgr R" sent an email containing details of the supposed hack to the Full Security mailing list on Saturday.
The message contains links to screen shots of a Siemens WinCC SCADA system allegedly used to administer wind turbines owned by Florida Power & Light (FPL).
Bgr R identified himself as a former FPL employee who was unlawfully dismissed by the company, reason for which he decided to hack into the system.
"Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL)... ain't nothing you can do with it, since your electricity is turned off !!! Secure you SCADA better! Leaked files are attached…," he wrote in the email.
The report includes IP addresses supposedly belonging to FPL and a configuration of the Cisco router protecting the network.
Soon after the information was published, security experts familiar with SCADA systems starting pointing out errors. For example, some buttons displayed in the screenshots were in German and the wind speed was listed in km/h instead of mph.
Spanish security researcher Ruben Santamarta debunked the hoax on his blog, while NextEra Energy Resources, the FPL subsidiary operating the allegedly targeted 136-turbine Fort Sumner wind farm in New Mexico, rejected the claims.
"We have investigated the claim of a potential computer hacking and found that the information provided as proof of 'hacking' is largely publicly available information, which by itself would not be adequate to launch a successful attack against the named SCADA system or wind site," the company said, according to The Register.
"We have not seen any evidence of a breach, and we are continuing our monitoring and detection to protect against possible attacks," NextEra added.