Analysis of witneses statements in the court
I believe that jury has not been properly instructed by not including as the points for their consideration all the issues shown by me . On rare occasion when something brought by me was mentioned it was not presented in a fair way .
875-20- judge said that my
exhibit 35 'purports to show ' information about faults on SCADA when
in fact this exhibit was based on data from Exhibit 13 and correctness
of my presentation was verified by
Stringfellow ( his graphs – exhibits 31,32,33 – were
designed to provide misleading information )
583-0 – Stringfellow confirms correctness of information in my spreadsheet detailing SCADA faults on different
days
Lewer statements from 28.07.00 – time in Buderim monitoring file page 33-34
484-20 admits that a part of his statement was incorrect – most likely he was looking at a
different version of the file than that which was presented to court as evidence
619-10 – Stringfellow says that Lewer was dialling in from Newcastle ( using program PCAnywhere )
to Maroochy SCADA and this way he could download files or make changes to files
remotely without anybody knowing what he did
……………………… Lewer said that cables ( for establishing communication ) were not available unless bought from HWT ( page 14 ) in
fact these are not only common cables but also schematic connections
of them are displayed and are available on HWT Internet site
statement from 26.2.00 – use of default address ( also - committal hearing 80-10 )
360-45- admits that his assumption was incorrect as it was pointed to him during committal hearing
when he jumps to false conclusions to create a proof of my guilt especially in Nambour area
Stringfellow first complaint to police ( 4.3.2000 ) he claimed that problems , as happening from 24.12.99 , were caused by hacking – after it was found that I was at that time overseas the charges were removed
179-10 Zohn agrees that I was initially charged with offences committed from 24.12.99 , based on
information provided by HWT and MSC, later it was found that I was not even in Australia
when problems were happening on Maroochy SCADA ( which were identical to problems
occurring later and with which I was charged )
549-50 Stringfellow provided the list of problems allegedly caused by hacking which started from
24.12.99 –
Stringfellow statement from 01.09.00,
555-30 he is making excuses why accusations from his first statement to police were proven
to be wrong ( and I proved that for many of them I could not have been responsible ,
or they were technically impossible )
557-20 I am proving that I could not be responsible for some problems,
558-30 admits that he made silly accusations by claiming hacker responsibility for faults which were
technically impossible to be done by a person
Stringfellow statement from 07.10.01,
541-50 from the minutes and his recollection he implied that I did unauthorised changes
to the SCADA system ( in fact I showed the correspondence and I proved that it has been
approved by Lewer and MSC knew about those changes )
544-50 he admitted that what I did could have been temporary measure ,
570-10 he is giving excuses why in faxes to EPA about overflows – he describes the amount as
' unknown '
Exhibit 34 – proves that he knew about the amount of overflow and he lied to EPA
Yager had limited knowledge of the telemetry and system used in Maroochydore
( only 3 months after finishing his study ) also exhibit 43 ( pier to pier communication )
716-40 – he answers my
questions incorrectly showing his lack of knowledge of HWT equipment –
in fact - 'pier to pier ' communication or 'communication
blocks' can be used both for data registers and configuration
registers
717-40- he still did not about the need to reset PDS after making changes to configuration
719-40- he is trying to cover up the fact that even in HWT manuals there is a warning that it
is easy to make mistakes when making changes over the network – due to
peculiar setup of PDSCONF it is easy to write to different address than intended
699-0 – he claims that hacker changed on his unit the same registers as he changed on hacker ,when
in all likehood , due to his inexperience , he was writing to his own device and not noticing that
721-30- I am proving that his observation of ' trends ' and making comments about
values in registers based on his observation is technically and logically ' crap '
706-50 – he did not know if configuration registers were based on 12 hour or 24 hour format - this is
significant in the view of the later claim that the differences in time in monitoring files in respect
to the real time , were several hours in one area and 24 hours in another area ( in fact the time
recorded by devices was anything but reliable )
- HWT equipment provided for Maroochydore SCADA had continuous problems before and after my arrest ; in fact old problems are still being rectified , over 2 years after ' practical completion ' .
** admitted by Lewer problems with batch of COMPACTS sent to Maroochydore ( possible of 50 faulty )
396-15 - admits that there was a batch of Compacts with a faulty component which sometimes
produced corruptions ( of ISAGRAF programs ) ( residing in one part of the same memory
as PDSCONF )
396 – 30 – he said there may be still some units from that batch but they ' are likely to continue
operate correctly '
589-40- in response to that I provided information received from MSC electrical department saying
that in the period from 1.10.00 to 30.06.01 ( months after my arrest ) there were :
12 Isagraf fails , 3 overflows , 12 problems with UNIOP - MAXIMO report
* 364- 30- I am showing that failure rate on Compacts was about 40%
364-50 – Lewer admits that Compacts were tested twice before arriving on site
366-0- Lewer said that he was not particularly interested how many units failed ????
This is the statement made by one of the directors of the HWT . If HWT withdraw all the faulty
COMPACTS it would add up to already made loss on the job ( admitted $100 000 ( 501-50 ) ,
They took the chance knowing that MSC is tied up to their equipment due to commercial reality
** problems with HWT equipment on Maroochy SCDA are still happening
74-15 O`Kane got indication from MSC about Isagraf problems between May and September 2000 – that is - after my arrest,
125-55 – Wilkins admitted that he is still coming to rectify problems on MSC SCADA (October 2001)
231-50 Tripcony said that even now ( October 2001 ) ,1.5 years after my arrest , they still are
working on rectification of problems on the SCADA system
589-40- I am quoting information from MSC electrical department about faults still occurring on
Maroochy SCADA
147-10- Wilkins , when asked by prosecution - Hanson - confirmed that eg. fault which
happened on 11 of May on PS 1 ( after my arrest ) was the same as faults observed in February , March , April – when such faults were attributer to hacking )
402-40 Lewer admits that there were the same type of problems at the same time on
Nambour repeater ( for which neither me nor anybody was charged)
* the same problems , as attributed to hacking , were after my arrest hidden under different
descriptions in the ' Fault spreadsheet ' produced by Stringfellow to prevent showing that
identical problems are still happening
488-20 - I am proving that problems with ' configuration not for this address ' were still occurring
few months after my arrest but this time were not attributed to hacker and an attempt was
made to hide them in the spreadsheet of faults prepared by MSC
790-20- Taylor admits that after my arrest there was still serious problem with COMPACT`S
' displaying configuration not for this address ' which was previously claimed as caused by
hacker . They believed it was a serious problem ( exhibit 13 and 47 point 14 )
**identical messages as attributed to hacking were being sent
and there are conflicting explanations as to the nature of them
443-20 Lewer never saw a record that HWT people would send a message over the network in the
field – committal hearing ( page 133-10) ' he ever saw them doing that from CMF computer '
444-40 admits that in his previous statement (1.09.00 ) he said that it is possible that a
faulty Compact could send a message to another Compact
586-30 Stringfellow is giving excuses why the fault ' PDSconf not for this address ' initially credited
to hacker later disappeared from the list of faults so not to show that problem existed after
my arrest – but record of re-occurring problems is existing in the minutes of the meeting from 14.12.00
765-15 – YAGER - after I showed him messages sent on different days and which were
not claimed to be sent by a hacker he ' suddenly ' remembers that it was him sending them (and pages 766 as well)
( exhibits 27 , 28 , 35 )
HWT – in technicians diary from 08.03.00 descriptions of problems during storms, and
some problems were selected as accusations but others were not
775-30 – Yager said that ' it appears as though the person doing the hacking liked to do the
hacking doing storms ' – silly statement as I lived in Brisbane and I would have to know
what kind of weather was on Sunshine Coast at that time ( 140 km away )
** Hwt equipment ( Compacts ) have built in feature enabling them to automatically send
messages from one unit to another in the same fashion as attributed to hacking
141-10 Wilkins said that he seen faulty
messages being sent on occasions from one unit to another when
configuration have not been set correctly
442-30 – Lewer admits that COMPACTS have built in feature allowing stations to
communicate with each other
443-15 – Lewer says that messages with op code 1E are from unit set to ' pier to pier
communication ' but 2E must be from hacker
298-40- he claims that the messages with opcode '04' and ' 200* ' could not be generated by Compact itself
* file Nambour 20_4_00 with messages having code 1E and 2E , extract from exhibit 21
( copy of the page 1691 of the file Nambour 12_4_00 where messages with opcode 1E and 04
are present next to each other )
Since pier to pier communication was not used in Maroochy SCADA these messages must have
been generated due to a fault ( no accusation of hacking in this case ) .
Lewer admitted that messages can be easily edited ( 486-40 ) – it may be possible that messages
presented as the work of hacker with opcode '04' or '02' may in fact originally been '01'
** faulty messages from addresses '0' or to RTUM pigeon hole '0' exist on various days
465-0 – Lewer confirms my findings of other unusual messages in that file , most important being
that there was a station with address '0' on the network sending and receiving messages
( presence of '100' in the address for timetag messages )
467-15 does not have any explanation for the presence of messages with the address '0',
471-0 I proved that the messages from the address '0' were also sent on other occasions ( files
Coolum_ 27-3-00 , Coolum_28-3-00 ) ; he - ' they were associated with the rectification work '
473-30 he admits that it looks to him that someone set the Compact address to '0'
477-20 he agrees that messages from pigeon hole '0' in RTUM were also sent on days other than
hacker is accused of doing anything – says that hacker changed configuration and
somehow did not reset the station and the maintenance people few days later ' partially
repaired the damage ' and did not notice that ( rectification of corrupted configuration in a unit
consists of reloading completely the whole configuration file – as detailed by entries in diaries )
( also exhibit 29 )
** times and dates claimed for events by HWT and prosecution were proven incorrect