Home Security Two US water authorities' control systems breached

In the past few days, two separate US-based water authorities appear to have had their control systems breached - one of them has suffered physical damage.

Originally announced via Joe Weiss' ControlGlobal website and expanded in a number of other reports, it seems that some kind of breach into the control (SCADA) system at Curran-Gardner Townships Public Water District near Springfield, Illinois occurred, leading to the burn-out of a water pump.

According to the secret report obtained by Weiss (dated Nov 10th and referring to the discovery of the attack two days earlier), it appears that the site's control system vendor had previously been hacked and various customer usernames and passwords taken.  Although not stated, presumably this gave insight into how to connect to the Curran-Gardner system.

It appears that once having control of the SCADA system, the intruder was able to repeatedly turn the pump on and off, leading to its burn-out (note some reporters have suggested the SCADA system itself was turned on ad off repeatedly; this is a laughable proposition).  Weiss also reports that the site had been (in hindsight) suffering such issues for a couple of months with site workers commonly observing unexplained problems with the system. 

Back tracking the attack led to an IP address located in Russia, although as most researchers know, such attribution is flimsy at best; in fact the perpetrator could have been absolutely anywhere.  The FBI and DHS were reported to have stated that they are "gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety." 

Really?  A water authority's control system is breached, leading to the destruction of a pump (potentially costing hundreds of thousands of dollars to replace depending on the size of the pump) and you don't believe there's a risk to critical infrastructure?

Let's segue to a second attack by touching on a November 18th PasteBin posting by its perpetrator (who goes by the handle of 'Pr0f'), who posted five screen shots of various pages in the City of South Houston's water management system. 


All images are date-stamped around 12:30pm on November 18th and show five separate realistic-looking control system pages from (according to 'Pr0f') a Siemens SIMATIC control system (example pages from Siemens' website show similarly constructed demonstration pages).

As an aside, this writer has some experience in SCADA systems and would have been very embarrassed regarding the design quality of the pages, had they been mine.  Have a look at them and note for instance how matching elements on similar pages are not properly aligned.

The next day, 'Pr0f' is back again with something of an essay where he offers a tirade against government response to such intrusions.

I don't think I am alone in suggesting that the gravity of the problem is more serious than ICS-Cert and similar are equipped to deal with. I would love to see some real reform and discussions between the government, manufacturers of ICS, and people who use these systems happening, because there seems to be a huge disconnect between the parties involved.

I don't have much of a doubt the FBI will be investigating recent events, and I suspect my future may well contain orange uniforms and bad food, but I feel that there's a serious need to highlight these issues publicly worth all costs. Discussion is needed, but more than that, we need action.

Very few others seem to want to talk about anything from anything other than a theoretical standpoint, and legal systems across the world are attempting to stamp-out proactive, offensive security, under the misguided belief that this will somehow deter people from attacking systems.

(It won't.)


I couldn't have said it better myself.

'Pr0f' also offers a call-out to "The City of South Houston, Texas, for dealing with the highlighted security issue quickly professionally, and noting that I did indeed cause no damage."

A local Houston news outlet reported that the local Mayor confirmed no damage had been done and that the system had "been taken offline" whatever that means.

When it's this simple to get into control systems upon which the lives of millions of people rely, there is something very seriously wrong with the way these systems are configured and with governmental responses to such breaches.

'Pr0f' has been contacted for further response.

 

CDAO SYDNEY TURNS 5 IN 2019

With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect