Original story at the Washington Post (http://www.washingtonpost.com/blogs/checkpoint-washington/post/foreign-hackers-broke-into-illinois-water-plant-control-system-industry-expert-says/2011/11/18/gIQAgmTZYN_blog.html)


Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says
By Ellen Nakashima

Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.

Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” said DHS spokesman Peter Boogaard.

News of the incident became public after Joe Weiss, an industry security expert, obtained a report dated Nov. 10 and collected by an Illinois state intelligence center that monitors security threats. The original source of the information was unknown and impossible to immediately verify.

The report, which Weiss read to The Washington Post, describes how a series of minor glitches with a water pump gradually escalated to the point where the pump motor was being turned on and off frequently. It soon burned out, according to the report.

The report blamed the damage on the actions of somebody using a computer registered to an Internet address in Russia. “It is believed that hackers had acquired unauthorized access to the software company’s database” and used this information to penetrate the control system for the water pump.

Experts cautioned that it is difficult to trace the origin of a cyber-attack, and that false addresses often are used to confuse investigations. Yet they also agreed that the incident was a major new development in cyber-security.

“This is a big deal,” said Weiss. “It was tracked to Russia. It has been in the system for at least two to three months. It has caused damage. We don’t know how many other utilities are currently compromised.”

Dave Marcus, director of security research for McAfee Labs, said that the computers that control critical systems in the United States are vulnerable to attacks that come through the Internet, and few operators of these systems know how to detect or defeat these threats. “So many are ill-prepared for cyber-attacks,” Marcus said.

The Illinois report said that hackers broke into a software company’s database and retrieved user names and passwords of control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.

Senior U.S. officials have recently raised warnings about the risk of destructive cyber-attacks on critical infrastructure. One of the few documented cases of such an attack resulted from a virus, Stuxnet, that caused centrifuges in an Iranian uranium enrichment facility to spin out of control last year. Many computer security experts have speculated that Stuxnet was created by Israel — perhaps with U.S. help — as a way to check Iran’s nuclear program.

Original Story at Breitbart (http://www.breitbart.com/article.php?id=CNG.bb560ae65a071dc80a1c88fdc371ec3 5.d51&show_article=1)


A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.

"This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage," Applied Control Solutions managing partner Joseph Weiss told AFP.

"That is what is so big about this," he continued. "They could have done anything because they had access to the master station."

The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier, Weiss said.

The network breach was exposed after cyber intruders burned out a pump.

"No one realized the hackers were in there until they started turning on and off the pump," according to Weiss.

The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.

There are about a dozen or so firms that make SCADA software, which is used around the world to control machines in industrial facilities ranging from factories and oil rigs to nuclear power and sewage plants.

Stealing passwords and account names from a SCADA software company was, in essence, swiping keys to networks of facilities using the programs to control operations.

"We don't know how many other SCADA systems have been compromised because they don't really have cyber forensics," said Weiss, who is based in California.

The US Department of Homeland Security has downplayed the Illinois cyber attack in public reports, stating that it had seen no evidence indicating a threat to public safety but was investigating the situation.

Word also circulated on Friday that a water supply network in Texas might have been breached in a cyber attack, according to McAfee Labs security research director David Marcus.

"My gut tells me that there is greater targeting and wider compromise than we know about," Marcus said in a blog post.

"Does this mean that I think it is cyber-Armageddon time?" Marcus continued. "No, but it is certainly prudent to evaluate our systems and ask some questions."

Original story at CNN (http://www.cnn.com/2011/11/18/us/cyber-attack-investigation/index.html?hpt=us_c2)


Washington (CNN) -- Federal officials confirmed they are investigating Friday whether a cyber attack may have been responsible for the failure of a water pump at a public water district in Illinois last week. But they cautioned that no conclusions had been reached, and they disputed one cyber security expert's statements that other utilities are vulnerable to a similar attack.

Joe Weiss, a noted cyber security expert, disclosed the possible cyber attack on his blog Thursday. Weiss said he had obtained a state government report, dated Nov. 10 and titled "Public Water District Cyber Intrusion," which gave details of the alleged cyber attack culminating in the "burn out of a water pump."

Such an attack would be noteworthy because, while cyber attacks on businesses are commonplace, attacks that penetrate industrial control systems and intentionally destroy equipment are virtually unknown in the United States.

According to Weiss, the report says water district workers noted "glitches" in the systems for about two months. On Nov. 8, a water district employee noticed problems with the industrial control systems, and a computer repair company checked logs and determined that the computer had been hacked.

Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords. Weiss said the Department of Homeland Security has an obligation to inform industry about the "water pump" attack so they can protect themselves from similar assaults.

But a DHS spokesman said the cause of the water pump failure is unknown. The DHS and FBI are "gathering facts," DHS spokesman Peter Boogaard said in a statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said.

If DHS identifies any useful information about possible impacts to additional entities, it will disseminate it as it becomes available, Boogaard said.

And another computer expert familiar with the incident said the government was acting properly.

"This is just one of many events that occur almost on a weekly basis," said Sean McGurk, former director of the National Cybersecurity and Communications Integration Center. "While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance," he said.

DHS does not have the luxury of jumping to conclusions, McGurk said. "The department has to ensure that they're sharing information in a way that's valuable to the community," he said.

McGurk also said the state report may be in error, especially if the writer was not a water or control systems engineer. "We see that all the time -- initial reports that turn out to be wrong," he said.

Weiss, a frequent critic of DHS, said he was revealing details of the state document because he believes other utilities should be aware of the incident so they could take precautions. DHS should have distributed information about the attack through several entities set up to share information, as well as to private industry groups, he said.

Weiss declined to identify the state -- or the region -- where the water utility was located, saying the report was marked "For Official Use Only."

But in its statement, the DHS said the water system was located in Springfield, Illinois.

so who can backpeddle faster?