Security Researcher Exonerated

DedicatedICS

Delano, GA lawyer,
Junior Butts announced this morning that the Department of Justice had dropped
all charges against his client, David Lightman, for the ransomware
attack on Bliechen Chemicals last December. Butts told reporters: “My client is
a diligent white-hat hacker who found a vulnerability in the Robotron SK-1a
safety system and reported that defect to the manufacturer. It was hardly his
fault that Robotron was unable to control access to their site.”

Lightman has been in
federal custody in Atlanta since January 2nd. He was released this
morning. Lightman was arrested on December 31st and all of his
research computers and equipment were seized on that day. Lightman referred all
questions from the press today to his lawyer.

Della Street, spokesperson
for the DOJ confirmed that Barlow was no longer a suspect in the case. “Mr. Lightman’s
story checked out in all particulars after we were able to convince his lawyer
to provide us access to the unencrypted contents of his research computer,” Ms.
Street said this morning; “We are now on the trail of the team that hacked the
Robotron web site that allowed them to intercept David’s vulnerability
disclosure.”

The Federal Bureau of Inquiry is
reportedly on the trail of AssaB, a notorious environmental hacker,
thought to be working with Students for Immediate Neutralization of Chlorine
Technology and Energy Reversion (SFINCTER). Johnathan Quest, FBI spokesperson,
confirmed that AssaB was a person of interest in the case. “Anyone with
information about the whereabouts of AssaB, should contact the FBI or their
local law enforcement personnel,” Quest told reporters.

A reliable source at the National Critical Infrastructure
Security Operations Center (CI-SOC) who is not authorized to talk to the press
confirmed that someone had hacked the Robotron web site and substituted the
links to their ‘Security.txt’ listing on the main page that pointed at a web
site controlled by SFINCTER. That allowed the hacker collective to intercept
Lightman’s vulnerability report which included proof-of-concept code. That
vulnerability, along with at least one other zero-day vulnerability allowed
SFINCTER to install ransomware on the Bleichen Chemical safety controller.

Carl Scheele, the Bleichen Delano Plant Manager, told
reporters in December that the company was forced to shut down production at
the plant for five days while they negotiated a final ransom payment to unblock
the safety controller. “There was no way that we were going to run our chlorine
production unity without that safety controller in place,” Scheele told
reporters at the time; “We had to pay the ransom as we had no other way to restart
that controller.” Bleichen has not disclosed how much ransom was paid to
SFINCTER. Sources report that it was certainly less than the 100 bitcoin asked
for in the initial ransom demand.

Kate Libby, security researcher at Dragonfire Cyber,
provided background information on the ‘Security.Txt’ exploit used by the
attackers. She explained that industry has been settling on using a standardized
link on their web pages to allow independent security researchers like Lightman
to reach out to the appropriate folks at a company to report cyber
vulnerabilities. The ‘Security.txt’ link takes the researcher to a brief
message that provides contact information, including an encryption key, to
allow them to securely send information about vulnerabilities to teams at the
company that are responsible for fixing such vulnerabilities.

“In this case,” Libby said; “Poor web site security allowed
hackers to substitute their own contact information for those of the company’s
security team.” That allowed SFINCTER to utilize the good work of Lightman for
their own nefarious ends.

Erich Mielke, spokesperson for Robotron refused to take
questions from reporters after issuing the following statement:

“Robotron thanks Mr. Lightman for his efforts to help us
maintain our high standards of security. Researchers like Mr. Lightman are an
important part of our security program. We are happy to see him vindicated and
look forward to working with him in the future.”

CAUTIONARY
NOTE: This is a future news story –Future ICS Security NewsRead More