According to a message to the official ICS-CERT (Industrial Control Systems-Computer Emergency Response Team) mailing list about 12 hours ago, both the FBI and the DHS are adamant no such breach occurred. The message also confirms the previously unnamed water authority to be the Curran-Gardner Public Water District as claimed in our previous report.
With no further detailed information, one is left with the assumption that after the pump motor burned out someone jumped to the conclusion that "the hackers did it." Possibly to divert attention from a mistake!
From the ICS-CERT message:
Sent: Tuesday, November 22, 2011 05:38 PM Eastern Standard Time
Subject: UPDATE - Recent Incidents Impacting Two Water Utilities
After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.
There is no evidence to support claims made in the initial Fusion Center report - which was based on raw, unconfirmed data and subsequently leaked to the media - that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant. In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported. Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.
The ICS-CERT message continues by agreeing that the second breach, in the City of South Houston's water management system did indeed appear to be real.
iTWire can confirm that we have been in contact with the claimed South Houston intruder, who goes by the name of pr0f and his claims do seem real. This appears to be confirmed by other outlets (Sophos for instance) who have also been in contact with him.
This is the remainder of the email:
In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility. The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident.
ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. ICS-CERT encourages those in the industrial control systems community who suspect or detect any malicious activity against/involving control systems to contact ICS-CERT.