The BBC reports that a hacker — traced via I.P. address to Russia — infiltrated a control system for water distribution in Illinois, and by rapidly switching a pump on and off, broke it.
As virtually every system in the world has become computer-controlled, such breaches are increasingly likely and increasingly dangerous. While this attack jeopardized water, and didn’t have an extreme effect on the water system, it was relatively mundane. The same types of systems — Supervisory Control and Data Acquisition (SCADA) systems — are responsible for water and power distribution, chemical mixing, and train control all over the nation, according to the BBC.
Of all the possible consequences of such an attack, a broken pump seems a small price to pay for such a warning. And a warning it is; a hacker by the name of Pr0f claims he has control of another water system in the U.S. The hacker told ThreatPost, a security news service, that “This was barely a hack. A child who knows how the [Human Machine Interface] that comes with Simatic works could have accomplished this.”
ThreatPost also reports that the system in question was compromised using a three-character password.
The source of the breach seems to be infiltration into a SCADA manufacturer’s customer database, which stored login credentials.
Blogger Joe Weiss, an expert in SCADA systems, provided some insight into the attack and how officials can move forward:
Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:
- The disclosure was made by a state organization, but has not been disclosed by the Water ISAC, the [Department of Homeland Security] Daily unclassified report, the ICS-CERT, etc. Consequently, none of the water utilities I have spoken to were aware of it.
- It is believed the SCADA software vendor was hacked and customer usernames and passwords stolen.
- The IP address of the attacker was traced back to Russia.
- It is unknown if other water system SCADA users have been attacked.
- Like Maroochy, minor glitches were observed in remote access to the SCADA system for 2-3 months before it was identified as a cyber attack.
- There was damage – the SCADA system was powered on and off, burning out a water pump.
There are a number of actions that should be taken because of this incident.
- Provide better coordination and disclosure by the government.
- Provide better information sharing with industry.
- Provide control system cybersecurity training and policies.
- Implement control system forensics.
The lack of nation-wide coordination is key to his analysis. If there isn’t nationwide awareness of these attacks, it will be very difficult for the right people to come up with the right course of action.
Update: Nov. 23, 2011, 3:30 p.m.
The Department of Homeland Security has released a notice disputing the claim that the pump was broken by hackers.