Security Market Segment LS
Tuesday, 22 November 2011 00:16

Two US water authorities' control systems breached

By

In the past few days, two separate US-based water authorities appear to have had their control systems breached - one of them has suffered physical damage.

Originally announced via Joe Weiss' ControlGlobal website and expanded in a number of other reports, it seems that some kind of breach into the control (SCADA) system at Curran-Gardner Townships Public Water District near Springfield, Illinois occurred, leading to the burn-out of a water pump.

According to the secret report obtained by Weiss (dated Nov 10th and referring to the discovery of the attack two days earlier), it appears that the site's control system vendor had previously been hacked and various customer usernames and passwords taken.  Although not stated, presumably this gave insight into how to connect to the Curran-Gardner system.

It appears that once having control of the SCADA system, the intruder was able to repeatedly turn the pump on and off, leading to its burn-out (note some reporters have suggested the SCADA system itself was turned on ad off repeatedly; this is a laughable proposition).  Weiss also reports that the site had been (in hindsight) suffering such issues for a couple of months with site workers commonly observing unexplained problems with the system. 

Back tracking the attack led to an IP address located in Russia, although as most researchers know, such attribution is flimsy at best; in fact the perpetrator could have been absolutely anywhere.  The FBI and DHS were reported to have stated that they are "gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety." 

Really?  A water authority's control system is breached, leading to the destruction of a pump (potentially costing hundreds of thousands of dollars to replace depending on the size of the pump) and you don't believe there's a risk to critical infrastructure?

Let's segue to a second attack by touching on a November 18th PasteBin posting by its perpetrator (who goes by the handle of 'Pr0f'), who posted five screen shots of various pages in the City of South Houston's water management system. 


All images are date-stamped around 12:30pm on November 18th and show five separate realistic-looking control system pages from (according to 'Pr0f') a Siemens SIMATIC control system (example pages from Siemens' website show similarly constructed demonstration pages).

As an aside, this writer has some experience in SCADA systems and would have been very embarrassed regarding the design quality of the pages, had they been mine.  Have a look at them and note for instance how matching elements on similar pages are not properly aligned.

The next day, 'Pr0f' is back again with something of an essay where he offers a tirade against government response to such intrusions.

I don't think I am alone in suggesting that the gravity of the problem is more serious than ICS-Cert and similar are equipped to deal with. I would love to see some real reform and discussions between the government, manufacturers of ICS, and people who use these systems happening, because there seems to be a huge disconnect between the parties involved.

I don't have much of a doubt the FBI will be investigating recent events, and I suspect my future may well contain orange uniforms and bad food, but I feel that there's a serious need to highlight these issues publicly worth all costs. Discussion is needed, but more than that, we need action.

Very few others seem to want to talk about anything from anything other than a theoretical standpoint, and legal systems across the world are attempting to stamp-out proactive, offensive security, under the misguided belief that this will somehow deter people from attacking systems.

(It won't.)


I couldn't have said it better myself.

'Pr0f' also offers a call-out to "The City of South Houston, Texas, for dealing with the highlighted security issue quickly professionally, and noting that I did indeed cause no damage."

A local Houston news outlet reported that the local Mayor confirmed no damage had been done and that the system had "been taken offline" whatever that means.

When it's this simple to get into control systems upon which the lives of millions of people rely, there is something very seriously wrong with the way these systems are configured and with governmental responses to such breaches.

'Pr0f' has been contacted for further response.

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments