Quote:

 

Illinois Water Utility Pump Destroyed After Hack
ARTICLE DATE : November 18, 2011
By Chloe Albanesius

A cyber attack on a Springfield, Ill. public water utility resulted in the destruction of one of its pumps, according to a security expert.

Joe Weiss, managing partner at Applied Control Systems LLC, said in a Thursday blog post that cyber scammers hacked a Supervisory Control And Data Acquisition (SCADA) software vendor and stole customer usernames and passwords. During the hack, however, the SCADA system was powered on and off, burning out a water pump, he said.

Department of Homeland Security spokesman Peter Boogaard said officials were investigating the incident.

"DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," Boogaard said. "If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available."

Weiss said the IP address of the hacker was traced to Russia; it's currently unknown if any other systems were targeted. "Minor glitches were observed in remote access to the SCADA system for 2-3 months before it was identified as a cyber attack," he wrote.

However, Sean McGurk, former director of the National Cybersecurity and Communications Integration Center, told CNN that these types of attacks are routine.

"This is just one of many events that occur almost on a weekly basis," he said. "While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance."

A hacker known as 'pr0f' begs to differ. He took issue with Boogaard's statement about there being no threat to public safety in the Illinois hack, posting on Pastebin what he said were internal documents from the water systems of South Houston, Nev.

"I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly," pr0f wrote. "On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic."

In a blog post about both attacks, McAfee's analyst David Marcus said "it is really no more difficult to attack a SCADA network or system than it is to attack any other system."

"My gut tells me that there is greater targeting and wider compromise than we know about. Why? Again, my instincts tell me that there is a lack of cyberforensics and response procedures at most of these facilities," Marcus wrote. "If you do not have cyberforensic capabilities, it is kinda hard to know if you have a cyberintrusion. Does this mean that I think it is cyber-Armageddon time? No, but it is certainly prudent to evaluate our systems and ask some questions."

Sophos analyst Chester Wisniewski, meanwhile, said in his own blog post that linking critical infrastructure systems up to the public Web "is bordering on criminally negligent when you are responsible for our water, power, gas and other sensitive utilities."

Wisniewski called for DHS to conduct "a top-down audit of these systems and mandate that these insecure practices come to an end."

Earlier today, Norway's National Security Authority (NSM) confirmed that systems associated with the country's oil, gas, and energy sectors were hit with a cyber attack.

24thcenstfan

Nov 19 2011, 11:32 AM

^^ My question too.

Public works has got to be one of the many high targets for terrorists and other criminals. Most of these systems need to be better contained and compartmentalized. That way if there is a costumer base, those people can still access personal account information via the internet, but overall systems won’t be affected if there is an attack of some kind.

SeerSGB

Nov 19 2011, 11:48 AM

Off the top of my head: Centralization to reduce cost. They build in remote access to the public works so the on-site staff is basically a skeleton crew and the actually oversight and monitoring is handled at a central "public works" office complex. The problem is I guarantee you the "hackers" got in through some dumbass's user account that had a common pass (god, username spelled backwards, username plus DOB, a whole list of "Do Not Dos" from Net Security 101 class).

ImpulseEngine

Nov 19 2011, 01:44 PM

SeerSGB

Nov 19 2011, 11:48 AM

Off the top of my head: Centralization to reduce cost. They build in remote access to the public works so the on-site staff is basically a skeleton crew and the actually oversight and monitoring is handled at a central "public works" office complex. The problem is I guarantee you the "hackers" got in through some dumbass's user account that had a common pass (god, username spelled backwards, username plus DOB, a whole list of "Do Not Dos" from Net Security 101 class).

You're probably right, but they could have the best of both worlds. If they put this on a private network consisting only of the systems they need to access, they could still access everything remotely, but at least no one outside the country would be able to access it. Even within the country, someone would have to tap into a physical line somewhere that is part of the private network before any hacking would be possible.

And then, of course, all the best practice security measures (like strong passwords and limited top-level access) would need to be in place too.

Retro_Fan

Nov 19 2011, 03:06 PM

It seems to me that we are dropping our guard a bit and in the world that we live in (post Sept. 11) this is very, very dangerous.

SeerSGB

Nov 19 2011, 11:48 AM

24thcenstfan

Nov 19 2011, 11:32 AM

^^ My question too.

Public works has got to be one of the many high targets for terrorists and other criminals. Most of these systems need to be better contained and compartmentalized. That way if there is a costumer base, those people can still access personal account information via the internet, but overall systems won’t be affected if there is an attack of some kind.

Off the top of my head: Centralization to reduce cost. They build in remote access to the public works so the on-site staff is basically a skeleton crew and the actually oversight and monitoring is handled at a central "public works" office complex. The problem is I guarantee you the "hackers" got in through some dumbass's user account that had a common pass (god, username spelled backwards, username plus DOB, a whole list of "Do Not Dos" from Net Security 101 class).

Given the evolving nature of terrorizing, we need to go for de-centralization. But hey, if it saves a penny, the penny pinchers will **** over the whole nation. There's places to cut cost, and there's place where you don't. Public works should be a safe harbor spending area.

[Luddite rant] De-centralize, unnetwork, and screw "21st Century and Beyond!" tech for critical systems and go for tried, true, and sturdy. Good rule of thumb: If someone can fubar it with a off-brand netbook from Walgreens or EMP they built from plans they got online and parts from Radio Shack: Rethink your system! [/rant]

Sorry. I may be trained in computers and do it for job..but Gods know that I think the whole move to "The Cloud" and "Universal Connectivity" will destroy the infrastructure of the Western Civilization.