Feds investigating 'pump failure' as poss cyber attack

[axial]

Feds investigating Illinois 'pump failure' as possible cyber attack

Quote:

Washington (CNN) -- Federal officials confirmed they are investigating Friday whether a cyber attack may have been responsible for the failure of a water pump at a public water district in Illinois last week. But they cautioned that no conclusions had been reached, and they disputed one cyber security expert's statements that other utilities are vulnerable to a similar attack.

.... Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords.

http://www.cnn.com/2011/11/18/us/cyb...html?hpt=hp_t2

[axial]

Brian Krebs has more detail here:

http://krebsonsecurity.com/2011/11/c...on+Security%29

[hawki]

Quote:

Foreign cyber attack hits US infrastructure:

Nov 18 08:47 PM US/Eastern

A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.

"This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage," Applied Control Solutions managing partner Joseph Weiss told AFP.

"That is what is so big about this," he continued. "They could have done anything because they had access to the master station."

The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier, Weiss said.

The network breach was exposed after cyber intruders burned out a pump.

"No one realized the hackers were in there until they started turning on and off the pump," according to Weiss.

The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.

There are about a dozen or so firms that make SCADA software, which is used around the world to control machines in industrial facilities ranging from factories and oil rigs to nuclear power and sewage plants.

Stealing passwords and account names from a SCADA software company was, in essence, swiping keys to networks of facilities using the programs to control operations.

"We don't know how many other SCADA systems have been compromised because they don't really have cyber forensics," said Weiss, who is based in California.

The US Department of Homeland Security has downplayed the Illinois cyber attack in public reports, stating that it had seen no evidence indicating a threat to public safety but was investigating the situation.

Word also circulated on Friday that a water supply network in Texas might have been breached in a cyber attack, according to McAfee Labs security research director David Marcus.

"My gut tells me that there is greater targeting and wider compromise than we know about," Marcus said in a blog post.

"Does this mean that I think it is cyber-Armageddon time?" Marcus continued. "No, but it is certainly prudent to evaluate our systems and ask some questions."

http://www.breitbart.com/article.php...show_article=1

[hawki]

Quote:

Hacker says he broke into Texas water plant, others


A twentysomething hacker said today that he hacked into a South Houston water utility to show that it can easily be done, after U.S. officials downplayed the risks from a report yesterday of an intrusion at an Illinois water plant.

The hacker, using the alias "pr0f," said he has hacked other SCADA (supervisory control and data acquisition) systems too.

He tweeted on November 5 links to public posts with what he identified as PLC configurations for a Polish waste-water treatment plant; SCADA data from an HMI (human-machine interface) box possibly for a generator used for research purposes at Southern Methodist University; and what he believes are water metering control system files from Spain or Portugal.

"Basically, people have no idea what's going on in terms of industrial control, groups like ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) are too slow/don't have enough power to react to situations," he wrote in an e-mail to CNET. "There's a lot of rubbish information out there that's being treated seriously, etc. Lot of crap. So I'm putting information out there to show people what kind of systems are vulnerable to basic attacks."

He said his actions were prompted by the U.S. government's response to a report from an Illinois Statewide Terrorism and Intelligence Center that said intruders compromised a water utility in the state last week, burning out a pump. Industry expert Joe Weiss blogged about the report and provided more information to CNET yesterday. The Department of Homeland Security initially identified the location as Springfield, but a local official today reportedly confirmed that it happened in nearby Curran-Gardner Townships Public Water District, but the official could not say whether it was a hacking incident.

A DHS representative responded to the report with this comment: "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

That government response irked pr0f.

"I dislike, immensely, how the DHS tend to downplay how absolutely F***ED the state of national infrastructure is," he wrote in a Pastebin post. "Ive also seen various people doubt the possibility that an attack like this could be done."

Then he provided screenshots of what look like diagrams of water and waste-water treatment facilities in South Houston, Texas.

This is one of the screenshots provided by pr0f as proof of his intrusion into a South Houston water utility.

This is one of the screenshots provided by pr0f as proof of his intrusion into a South Houston water utility.
(Credit: pr0f)

Fred Gonzalez, superintendent of the South Houston water plant, told CNET, "We're still checking into the whole problem and seeing what's going on."

A DHS representative said he would look into the purported Texas incident.

"I'm not going to expose the details of the box," pr0f wrote in his Pastebin post. "No damage was done to any of the machines; I don't really like mindless vandalism. It's stupid and silly.

"On the other hand, so is connecting interfaces to your SCADA machinery to the Internet," he added. "I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two-year-old with a basic knowledge of Simatic," which is automation software from Siemens that's used to control equipment in industrial production.

Asked how he gets into systems, pr0f said: "As for how I did it, it's usually a combination of poor configuration of services, bad password choice, and no restrictions on who can access the interfaces."

He said he isn't a security professional and doesn't work in the SCADA sector. "I'm just an interested party who has read a few books about ICS and embedded systems," he said.

Though he uses an e-mail address from a service provider in Romania, he said he is not in that country, but declined to say where he's based.

"I assumed companies located there would be less likely to cooperate with the U.S. and turn over any logs of e-mails," he said. "That said, I believe the servers for these are located in Germany, which does dent the protection somewhat."

Pr0f's Twitter profile picture shows a "V for Vendetta," or Guy Fawkes, mask, which is used by people who participate in online activism and hacking as part of the Anonymous collective.

http://news.cnet.com/8301-27080_3-57...-plant-others/

[dw426]

Oh dear Lord, they're going to turn this into another Anonymous thing I hope they realize that every numbnut with a Guy Fawkes mask isn't Anon. Hell, half of Anon really isn't Anon, but just a bunch of really stupid people with too much time on their hands. As for this attack, I'm hoping this wakes more people up and they start actually trying to fix these massive vulnerabilities. Forget pranksters and terrorists getting into military structures/equipment, the civilian infrastructure is what is at most danger, and what will be targeted more and more.

I'm not going to hate on the guy, yes, what he did was wrong, but hell, he's right too. There are far too many things, not just in the U.S, but the world connected to the Internet, that have no damn business being connected to it. The world has flown aircraft, driven cars, received clean water, heat and air conditioning, had healthcare and operated every part of common and necessary national infrastructure...all without the Internet for decades.

So, why in the world is it so necessary now? The Internet can barely handle what it was meant for, and it cant even do it securely.

[CloneRanger]

Lulz

Quote:

Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System

In an e-mail interview with Threatpost, the hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI (human machine interface) software used to manage water and sewage infrastructure accessible to the Internet and used a password that was just three characters long to protect the system, making it easy picking for a remote attack.

https://threatpost.com/en_us/blogs/h...a-system-11201

SHTWMI = Dumber than Dumb

Quote:

loldhs pr0f

http://pastebin.com/Wx90LLum

[JRViejo]

Quote:

In a statement, DHS spokesman Chris Ortman said his agency and the FBI have completed a detailed analysis of the pump failure at the Curran-Gardner Public Water District in Springfield.

"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media -- that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," Ortman said. "In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."

DHS sees no evidence of cyberattack on Ill. water facility by Jaikumar Vijayan.

[dw426]

Quote:

Originally Posted by JRViejo

DHS sees no evidence of cyberattack on Ill. water facility by Jaikumar Vijayan.

You had to be a fool not to expect that response. They're scrambling, people are being told to keep their mouths shut, and there is a lot of sweat pouring off a lot of embarrassed faces.

[axial]

SCADA Expert Accesses Illinois Utility from Russia, Not Hackers

http://news.softpedia.com/news/SCADA...s-237716.shtml

Quote:

As it turns out, the DHS was right when they claimed that the water pump incident was a simple failure and nothing more. The founder and owner of Navionics Research, and the one who helped set up the Illinois utility's SCADA systems was actually the one who accessed the systems from Russia, during one of his vacations.