Hackers destroy pump at U.S. water utility plant

Leeky

Leeky

Posts: 3,357   +116

Hackers have managed to destroy a water pump at a U.S. water utility plant after gaining access to the industrial control system (ICS) used to control the pump and other equipment, according to a state government report published on November 10.

The hackers, whose IP addresses were traced to Russia, breached the network of a company that makes SCADA (supervisory control and data acquisition) systems, stealing access to its customers' usernames and passwords. They then used this information to gain entry to the utility plant and operate a pump, turning it on and off until it burnt out and stopped functioning.

The report stated that the company had been observing minor glitches with the system in the two to three months prior to the incident.

"It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company's database and if any additional SCADA systems have been attacked as a result of this theft," said Joe Weiss, managing partner of Applied Control Systems when speaking to CNET about the report titled "Public Water District Cyber Intrusion."

He refused to give the location but a Homeland Security statement later confirmed it as being in Springfield, Illinois. The "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Ill.," DHS spokesman Peter Boogaard said in a statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

Weiss disagreed with the DHS saying "the statement is inconsistent with the report from the Illinois Statewide Terrorism and Intelligence Center Daily Intelligence Notes dated November 10, 2011, titled Public Water District Cyber Intrusion." He also published a brief statement about the report yesterday saying he wanted to raise awareness of the incident.

This latest intrusion re-ignites the hotly debated subject surrounding the general security resistance of networked control systems. Those manufacturing and installing ICS prefer the remote connections to push software updates, and to aid in debugging of problems. Nevertheless, having critical infrastructure exposed to the internet poses a very serious risk.

Last week former Presidential cybersecurity advisor, Richard Clarke shockingly stated that the U.S. computer networks are vulnerable to attack. He also commented that the U.S. should seek to more strongly punish attacks against the nation originating from China and Russia -- consistently two of the U.S.' biggest culprits of cyber-espionage.

Permalink to story.

https://www.techspot.com/news/46317-hackers-destroy-pump-at-us-water-utility-plant.html

 
Why are industrial control systems connected to the internet instead of firewalled, internal network?
 
On the bright side, five water utility plants in Russia failed without no US interference whatsoever.

Hopefully this finally prompts some additional security in our infrastructure. Out gov't is wasting trillions on other crap anyway, might as well steer some of that cash towards something actually important, not shovel-ready rural roads.
 
Actually I hope we start funding our military for cyber warfare. Maybe cut our aid to *cough* Libya *cough* to fund it...
 
lchu12 said:
Actually I hope we start funding our military for cyber warfare. Maybe cut our aid to *cough* Libya *cough* to fund it...
Click to expand...
there are so many things wrong with that statement...
 
"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

Because breaking into an ICS system with premier security shows that the US security software is doing well and you have nothing to fear.

Ummmm.. Uhh. Mr. Uncle Sam, your public safety statement opposes what this article shows. Should we still believe you? Oh wait, America is full of people that let Uncle Sam form thier opinion, we should be fine.

Cough.
 
Most water treatment and distribution facilities are not manned 24 hours a day so workers normally have access through the internet. Then again there is nothing stopping someone from breaking into a facility like this and doing the damage manually. The real damage could be done at a wastewater treatment plant though.
 
The hackers only gained access to the SCADA network, which is generally on the corporate network of the utility, NOT the industrial control network as the article might suggest. If they had access to the control network they could have easily shut down the whole plant.
 
This latest intrusion re-ignites the hotly debated subject surrounding the general security resistance of networked control systems. Those manufacturing and installing ICS prefer the remote connections to push software updates, and to aid in debugging of problems. Nevertheless, having critical infrastructure exposed to the internet poses a very serious risk.
Click to expand...
I can understand a need in having the infrastructure exposed to the Internet. What I can't understand is why there is no disconnect from the Internet and only connecting when the need arises.

Keeping an Internet connection alive is waving a red flag and suggesting "Here I am, break me if you can!".
 
this is just bull sh!t propaganda right around the time they are pushing some stupid bill. It doesn't matter how much of security you have, The less and less allies and friends you have with all the stuff you're doing around the world you will always have enemies uncle sam. and it will never end unless you change our out look and foreign policies.
 
Guest said:
this is just bull sh!t propaganda right around the time they are pushing some stupid bill. It doesn't matter how much of security you have, The less and less allies and friends you have with all the stuff you're doing around the world you will always have enemies uncle sam. and it will never end unless you change our out look and foreign policies.
Click to expand...
Wouldn't this go over better at an Al-Qaeda website? Although, hearing yourself talk wouldn't be as satisfying there, now would it? Everybody would be saying the same thing as you. Oh wait, that would make you the one spouting propaganda....:rolleyes:
 
this is exactly what I'm talking about. If anyone has an alternative opinion from what you think. you mark them as hostile and associate them to a terrorist organization. Let's not even talk about al sh!taki cus we all know who made osama bin ladin and his bunch of sh!t heads. I hope you learn from this instead of just accusing them of being a terrorist. if you go about things the way you do pretty soon even your mother will be al-Qaeda.
 
Guest said:
this is exactly what I'm talking about. If anyone has an alternative opinion from what you think. you mark them as hostile and associate them to a terrorist organization. Let's not even talk about al sh!taki cus we all know who made osama bin ladin and his bunch of sh!t heads. I hope you learn from this instead of just accusing them of being a terrorist. if you go about things the way you do pretty soon even your mother will be al-Qaeda.
Click to expand...
So then, if my mother dies a martyr, will she get 76 virgins in paradise? Would she have her choice of the sex of the virgins?
 
nah dude she doesn't have to die a martyr, she can just to go to Brazil and do all that.
 
You must log in or register to reply here.

Similar threads

midian182
Russia-backed hacking group suspected of attack on US water system
Replies
13
Views
208
trparky
T
Shawn Knight
White House warns of cyberattacks targeting critical US water systems
Replies
3
Views
179
Athlonite
Athlonite
A
Russian state-sponsored hackers compromised Microsoft source code repositories
Replies
16
Views
420
ZedRM
ZedRM

Latest posts

Back