Russian Cyberattack on Illinois Water Plant

Water treatment plant, Springfield, IL
Fellowship of the Minds

Cyber warfare is real and it’s here.
I belong to an e-mail list of active and retired military men, both American and foreign. The reaction from the list is that:
  • Russia accounts for the greatest number of our computer hacking, but that doesn’t necessarily mean the culprit is the Russian government. Many Russian hackers are criminals.
  • An Australian writes that China, Russia and North Korea are the three worst offenders and that attempts are made to hack his military account every day. He didn’t have active probes on his defense account until 2011; now he gets a minimum of three intercepts a day.
By – Washington Post – Nov. 18, 2011
Foreign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what appears to be the first reported case of a malicious cyber attack damaging a critical computer system in the United States, according to an industry expert.
On Nov. 8, a municipal water district employee in Illinois noticed problems with the city’s water pump control system, and a technician determined the system had been remotely hacked into from a computer located in Russia, said Joe Weiss, an industry security expert who obtained a copy of an Illinois state fusion center report describing the incident.
“This is a big deal,” said Weiss. The report stated it is unknown how many other systems might be affected.
The Department of Homeland Security confirmed that a water plant in Springfield, Ill. had been damaged, but spokesman Peter Boogaard said officials had not yet determined that the water pump failure was caused by a cyber-attack. “DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” he said.
Dave Marcus, director of security research for McAfee Labs, said that the computers that control critical systems in the United States are vulnerable to attacks that come through the Internet, and few operators of these systems know how to detect them. “So many are ill-prepared for cyber attacks,” Marcus said.

Problems with the system in Springfield had been observed for two to three months and recently the system “would power on and off, resulting in the burnout of a water pump,” the Nov. 10 report from the statewide terrorism and intelligence center stated, according to Weiss, who read the report to The Washington Post.
According to the report, hackers apparently broke into a software company’s database and retrieved user names and passwords of various control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.
It’s not the first time that two-step technique — hack a security firm to gain the keys to enter other companies or entities — has been used.
Earlier this year, hackers believed to be working from China stole sensitive data from RSA, a division of EMC that provides secure remote computer access to government agencies, defense contractors and other commercial companies around the world. Armed with that data, they breached the computer networks of companies, including Lockheed Martin, whose employees used RSA “tokens” to log in to the corporate system from outside the office. Lockheed said that no sensitive data were taken.
“RSA is the gold standard” for remote access security in industry, said Gen. Keith Alexander, head of U.S. Cyber Command and director of the National Security Agency, at a conference in Omaha this week. “If they got hacked, where does that leave the rest?”
Alexander noted his concern about “destructive” attacks on critical systems in the United States.
According to the fusion center report obtained by Weiss, the network intrusion of the software company “is the same method of attack recently used against a Massachusetts Institute of Technology server” used to “aid and initiate an attack on other Websites.”
For Weiss, though, the incident has significance. “It was tracked to Russia. It has been in the system for at least two to three months. It has caused damage. We don’t know how many other utilities are currently compromised.”
Senior U.S. officials, including Alexander, have recently raised warnings about the risk of cyber attacks on critical infrastructure. Questions persist about the readiness and capabilities of DHS to respond to a major attack, and the scope of authority of the U.S. military, which has the greatest cyber operational capabilities, to respond.

Popular Posts