Hackers attacking SCADA systems and wreaking havoc in a nation's critical infrastructure has become a justified concern for all countries. But, setting aside Iran and attacks against its nuclear program for a moment, the U.S. seems to attract a seemingly disproportionate amount of these kind of assaults.
The latest has targeted the control system of the city water utility in Springfield, Illinois, and has resulted in the destruction of a water pump, Wired reports.
The hackers have staged the attack from an Russian IP address and have used login credentials for the SCADA system used by the utility which they acquired by previously hacking into the networks of the manufacturer and vendor of the said SCADA system.
Software vendors usually keep that kind of information because they need to remotely access the systems they sold for maintenance and updating purposes. In this case, the discovery of the compromise has raised a crucial question: How many other systems sold by the same vendor will be attacked in the future - or have been attacked already - due to this breach?
The utility's operators have noticed some difficulties with the system's remote functionality months before the pump incident, but thought it was a normal instability of the system.
All this information was in a report released by a state fusion center
Joe Weiss, the security expert and managing partner of Applied Control Solutions who discovered this information from a report compiled by a state fusion center, still hasn't managed to track down which water utility was hacked (the report doesn't say) and, consequently, which software vendor was breached.
The fact that the utility company is located in Springfield was revealed by the Department of Homeland Security in a statement, leading to speculation that City Water Light and Power is the one.
http://www.net-security.org/secworld.php?id=11974
The latest has targeted the control system of the city water utility in Springfield, Illinois, and has resulted in the destruction of a water pump, Wired reports.
The hackers have staged the attack from an Russian IP address and have used login credentials for the SCADA system used by the utility which they acquired by previously hacking into the networks of the manufacturer and vendor of the said SCADA system.
Software vendors usually keep that kind of information because they need to remotely access the systems they sold for maintenance and updating purposes. In this case, the discovery of the compromise has raised a crucial question: How many other systems sold by the same vendor will be attacked in the future - or have been attacked already - due to this breach?
The utility's operators have noticed some difficulties with the system's remote functionality months before the pump incident, but thought it was a normal instability of the system.
All this information was in a report released by a state fusion center
Joe Weiss, the security expert and managing partner of Applied Control Solutions who discovered this information from a report compiled by a state fusion center, still hasn't managed to track down which water utility was hacked (the report doesn't say) and, consequently, which software vendor was breached.
The fact that the utility company is located in Springfield was revealed by the Department of Homeland Security in a statement, leading to speculation that City Water Light and Power is the one.
http://www.net-security.org/secworld.php?id=11974
"After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois," said the researchers from ISC CERT in an email sent to members of the Industrial Control Systems Joint Working Group.
"There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," they claim. "In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported."
The investigation followed last Friday's revelation that a Fusion Center report contained claims that hackers were behind the destruction of a water pump in Springfield.
"In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility," added the investigators. "The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident."
"How can two government agencies be so at odds at what’s going on here? Did the fusion center screw up, or is the fusion center being thrown under the bus?” commented Joe Weiss, the security expert who discovered the initial Fusion Center report and reported on it. “There’s a lot of black and white stuff in that report. Either there is or there isn’t a Russian IP address in there. It’s hard to miss that."
http://www.net-security.org/secworld.php?id=11997
"There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," they claim. "In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported."
The investigation followed last Friday's revelation that a Fusion Center report contained claims that hackers were behind the destruction of a water pump in Springfield.
"In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility," added the investigators. "The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident."
"How can two government agencies be so at odds at what’s going on here? Did the fusion center screw up, or is the fusion center being thrown under the bus?” commented Joe Weiss, the security expert who discovered the initial Fusion Center report and reported on it. “There’s a lot of black and white stuff in that report. Either there is or there isn’t a Russian IP address in there. It’s hard to miss that."
http://www.net-security.org/secworld.php?id=11997