Home Business IT Security Two US water authorities' control systems breached

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

In the past few days, two separate US-based water authorities appear to have had their control systems breached - one of them has suffered physical damage.

Originally announced via Joe Weiss' ControlGlobal website and expanded in a number of other reports, it seems that some kind of breach into the control (SCADA) system at Curran-Gardner Townships Public Water District near Springfield, Illinois occurred, leading to the burn-out of a water pump.

According to the secret report obtained by Weiss (dated Nov 10th and referring to the discovery of the attack two days earlier), it appears that the site's control system vendor had previously been hacked and various customer usernames and passwords taken.  Although not stated, presumably this gave insight into how to connect to the Curran-Gardner system.

It appears that once having control of the SCADA system, the intruder was able to repeatedly turn the pump on and off, leading to its burn-out (note some reporters have suggested the SCADA system itself was turned on ad off repeatedly; this is a laughable proposition).  Weiss also reports that the site had been (in hindsight) suffering such issues for a couple of months with site workers commonly observing unexplained problems with the system. 

Back tracking the attack led to an IP address located in Russia, although as most researchers know, such attribution is flimsy at best; in fact the perpetrator could have been absolutely anywhere.  The FBI and DHS were reported to have stated that they are "gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety." 

Really?  A water authority's control system is breached, leading to the destruction of a pump (potentially costing hundreds of thousands of dollars to replace depending on the size of the pump) and you don't believe there's a risk to critical infrastructure?

Let's segue to a second attack by touching on a November 18th PasteBin posting by its perpetrator (who goes by the handle of 'Pr0f'), who posted five screen shots of various pages in the City of South Houston's water management system. 

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect