Apparent cyberattack destroys pump at Ill. water utility
In separate incident, hacker claims access to SCADA system at Houston utility
Computerworld - A pump at a public water utility in Springfield, Ill., was recently destroyed after cyberattackers gained access to a SCADA system controlling the device, according to a security expert who said he obtained an official report about the incident.
A spokesman from the U.S. Department of Homeland Security (DHS) today confirmed the pump incident, but said it's too soon to say whether it was the result of a cyberattack.
"DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois," Peter Boogaard, deputy press secretary at the DHS, said in an emailed statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."
Meanwhile, in a separate case, a hacker named "pr0f" earlier today posted several images on Pastebin purporting to show access to a "really insecure" Supervisory Control and Data Acquisition (SCADA) system at the city of South Houston.
The posting was prompted by what the hacker claimed was the DHS's attempts to downplay the Springfield incident. "This was stupid," pr0f wrote in a note on Pastebin. "I dislike, immensely, how the DHS tend to downplay how absolutely f**** the state of national infrastructure is," the hacker wrote.
The hacker claimed that no damage was done to any of the machinery. "I don't really like mindless vandalism. It's stupid and silly," pr0f wrote. "On the other hand, so is connecting interfaces to your SCADA machinery to the Internet." The hacker said the Houston hack required no skill "and could be reproduced by a two year old."
It was not possible to immediately verify any of pr0f's claims.
Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat said that the pump failure in Springfield occurred on Nov. 8.
The pump burned out after the SCADA system controlling it began to power off and on intermittently, said Weiss, citing the incident report he obtained titled "Public Water District Cyber Intrusion."
Employees had reported "minor" glitches with the remote access component of the compromised SCADA system for between two and three months prior to the pump failure, Weiss said. An investigation into the cause of the failure showed that the SCADA system had been improperly accessed by someone using a computer with an IP address based in Russia, he said.
The attackers are thought to have obtained the usernames and passwords to the system by first breaking into a computer belonging to the utility's SCADA software vendor. SCADA vendors often maintain a list of usernames and passwords for accessing systems at customer locations for support purposes. Anyone with those credentials can gain access to the customer system, which is what appears to have happened here.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Cybercrime and Hacking White Papers | Webcasts