Water Utility Damaged by Cyberattack

An electronic attack believed to emanate from computers in Russia reportedly destroyed a water pump belonging to an unnamed, Springfield, Illinois water utility earlier this month after hackers gained unauthorized access to that company’s industrial control system, according to published reports. 

Water hackAn electronic attack believed to emanate from computers in Russia reportedly destroyed a water pump belonging to an unnamed, Springfield, Illinois water utility earlier this month after hackers gained unauthorized access to that company’s industrial control system, according to published reports. 

A report by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10 described the incident, in which remote attackers hacked into and compromised supervisory control and data acquisition (SCADA) software in use by the water utility company. The hackers leveraged the unauthorized access to pilfer client user names and passwords from the SCADA manufacturer. Those credentials were used to compromise the water utility’s industrial control systems, according to Joe Weiss, a security expert at Applied Control Solutions, who described the incident on ControlGlobal.com’s Unfettered Blog.

Details about the incident are sparse and haven’t been verified by the Water Information Sharing and Analysis Center (ISAC), the DHS Daily unclassified report, the ICS-CERT, or anyone else for that matter. Weiss further claims that no other water utilities he has spoken with are aware of the incident, and for this reason, he is critical of the DHS.

It remains unknown if any other SCADA users have been attacked or remain vulnerable to attack given the compromise.

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois,” DHS spokesperson Peter Boogaard said in an email to The Register. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

The attackers are reported to have been operating from behind machines with Russian IP addresses.

“Over a period of two to three months, minor glitches had been observed in remote access to the water district’s SCADA system,” Weiss told the Register.

Weiss also told The Register that attackers repeatedly powered the SCADA systems on and off, which eventually burned out and destroyed the water pump.

Industrial control and, more specifically, SCADA systems monitor and control various industrial processes, some of which are considered critical infrastructure. Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran. Since then SCADA has transformed from obscurity to a household term, and there seem to be weekly reports involving SCADA vulnerabilities that put critical infrastructure at risk.

Suggested articles

Discussion

  • Uncle_Al on

    Let me offer some information - the above report is false.  There is no computer breach at City, Water, Light and Power and all pumps are working properly according to E. Slotag, city government.  CWLP is a city owned utility.

  • Uncle_Al on

    Let me offer some information - the above report is false.  There is no computer breach at City, Water, Light and Power and all pumps are working properly according to E. Slotag, city government.  CWLP is a city owned utility.

  • Uncle_Al on

    Let me offer some information - the above report is false.  There is no computer breach at City, Water, Light and Power and all pumps are working properly according to E. Slotag, city government.  CWLP is a city owned utility.

  • Alan Kelly on

    I ask naiively and sincerely...

    Who would intentionally post falsities concerning such a serious event, e.g., a public utilities station being "attacked" when it was not so?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.