Apparent Cyberattack Destroys Pump At Ill. Water Utility
In separate incident, hacker claims access to SCADA system at Houston utility
By Jaikumar Vijayan
November 18, 2011 — Computerworld — A pump at a public water utility in Springfield, Ill. was recently destroyed after cyberattackers gained access to a SCADA system controlling the device, according to a security expert who said he obtained an official report about the incident.
A spokesman from the U.S. Department of Homeland Security (DHS) today confirmed the pump incident, but said it's too soon to say whether it was the result of a cyberattack.
"DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois," Peter Boogaard, deputy press secretary at the DHS, said in an emailed statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."
Meanwhile, in a separate case, a hacker named "pr0f" earlier today posted several images on Pastebin purporting to show access to a "really insecure" Supervisory Control and Data Acquisition (SCADA) system at the city of South Houston.
The posting was prompted by what the hacker claimed was the DHS's attempts to downplay the Springfield incident. "This was stupid," pr0f wrote in a note on Pastebin. "I dislike, immensely, how the DHS tend to downplay how absolutely f**** the state of national infrastructure is," the hacker wrote.
The hacker claimed that no damage was done to any of the machinery. "I don't really like mindless vandalism. It's stupid and silly," pr0f wrote. "On the other hand, so is connecting interfaces to your SCADA machinery to the Internet." The hacker said the Houston hack required no skill "and could be reproduced by a two year old."
It was not possible to immediately verify any of pr0f's claims.
Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat said that the pump failure in Springfield occurred on Nov. 8.
The pump burned out after the SCADA system controlling it began to power off and on intermittently, said Weiss, citing the incident report he obtained titled "Public Water District Cyber Intrusion."
Employees had reported "minor" glitches with the remote access component of the compromised SCADA system for between two and three months prior to the pump failure, Weiss said. An investigation into the cause of the failure showed that the SCADA system had been improperly accessed by someone using a computer with an IP address based in Russia, he said.
The attackers are thought to have obtained the usernames and passwords to the system by first breaking into a computer belonging to the utility's SCADA software vendor. SCADA vendors often maintain a list of usernames and passwords for accessing systems at customer locations for support purposes. Anyone with those credentials can gain access to the customer system, which is what appears to have happened here.