A security researcher has published a long list of software vulnerabilities that theoretically could be used to take down power plants, oil refineries and other critical infrastructure systems.
On his personal website, independent researcher Luigi Auriemma released the flaws a cybercriminal could exploit to compromise SCADA (Supervisory Control and Data Acquisition) systems, the computer networks that automate machinery at infrastructure systems such as wastewater facilities and nuclear plants.
(In June 2010, the Stuxnet worm took advantage of a SCADA vulnerability to cripple an Iranian nuclear-fuel processing plant.)
The exploits and proof-of-concept hacks listed on Auriemma's page include "step-by-step" instructions on how to "execute full remote compromises and denial of service attacks" on power, water and waste-distribution facilities, SC Magazine's Darren Pauli wrote.
One of the vulnerabilities he exposed exists in the SCADA system of Milwaukee-based Rockwell Automation.
It could be seen as a controversial decision to make public security flaws that a criminal attacker could use maliciously, but Auriemma insists he should not be held accountable for any such exploits.
"I find bugs, I don't create them," he wrote. Comparing his disclosure of security flaws to a knife maker arrested for someone stabbing another with a knife he made, Auriemma added, "As everything in the world [it] is not possible to control the usage of what we create … so for me, [it] is only important that my research has been useful or interesting."