Water Utility Damaged by Cyberattack

2011-11-18T16:26:00
ID WATER-UTILITY-DAMAGED-CYBERATTACK-111811/75910
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:05:49

Description

Water hackAn electronic attack believed to emanate from computers in Russia reportedly destroyed a water pump belonging to an unnamed, Springfield, Illinois water utility earlier this month after hackers gained unauthorized access to that company’s industrial control system, according to published reports.

A report by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10 described the incident, in which remote attackers hacked into and compromised supervisory control and data acquisition (SCADA) software in use by the water utility company. The hackers leveraged the unauthorized access to pilfer client user names and passwords from the SCADA manufacturer. Those credentials were used to compromise the water utility’s industrial control systems, according to Joe Weiss, a security expert at Applied Control Solutions, who described the incident on ControlGlobal.com’s Unfettered Blog.

Related Posts

FBI Warned State Election Board Systems of Hacks

August 29, 2016 , 5:40 pm

Undocumented SNMP String Exposes Rockwell PLCs to Remote Attacks

August 12, 2016 , 1:00 pm

PLC-Blaster Worm Targets Industrial Control Systems

August 5, 2016 , 4:49 pm

Details about the incident are sparse and haven’t been verified by the Water Information Sharing and Analysis Center (ISAC), the DHS Daily unclassified report, the ICS-CERT, or anyone else for that matter. Weiss further claims that no other water utilities he has spoken with are aware of the incident, and for this reason, he is critical of the DHS.

It remains unknown if any other SCADA users have been attacked or remain vulnerable to attack given the compromise.

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois,” DHS spokesperson Peter Boogaard said in an email to The Register. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

The attackers are reported to have been operating from behind machines with Russian IP addresses.

“Over a period of two to three months, minor glitches had been observed in remote access to the water district’s SCADA system,” Weiss told the Register.

Weiss also told The Register that attackers repeatedly powered the SCADA systems on and off, which eventually burned out and destroyed the water pump.

Industrial control and, more specifically, SCADA systems monitor and control various industrial processes, some of which are considered critical infrastructure. Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran. Since then SCADA has transformed from obscurity to a household term, and there seem to be weekly reports involving SCADA vulnerabilities that put critical infrastructure at risk.