Vulnerabilities


DHS Report Debunks Claim That Illinois Water System Was Hacked

The United States Department of Homeland Security cried foul yesterday morning, debunking claims from both the Illinois Statewide Terrorism and Intelligence Center (STIC) and Applied Control Solutions that a water station in Illinois was hacked earlier this month.

A flurry of reports late last week described an attack on an unnamed Springfield, Ill. water treatment facility where the plant’s supervisory control and data acquisition software (SCADA) were compromised by Russian computers.


Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s SCADA software played a role. 

In an e-mail interview with Threatpost, the hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI (human machine interface) software used to manage water and sewage infrastructure accessible to the Internet and used a password that was just three characters long to protect the system, making it easy picking for a remote attack.

Citing a looming crisis over lax computer security, Senate Majority Leader Harry Reid said on Wednesday that the Senate will debate cybersecurity legislation. The move comes despite the lack of a coherent Senate plan and could set up a showdown with House Republicans over the government’s role in forcing industry to strengthen cyber protections, according to a report by The Hill.