Cyber Hackers Infiltrate Illinois Water Utility: 'This Could Get Ugly

Just last month The Blaze reported that cyber attacks on U.S. utilities are on the rise, as more and more hook up to the Internet to synchronize systems. Well, here's the latest case-in-point.

Wired's Threat Level reports that attackers with IP addresses based in Russia infiltrated the control system of a water utility in Springfield, Illinois, and destroyed a pump last week. But even though employees at the utility report noticing something fishy, they thought it was just a glitch in the system and analysis has shown the initial hack could have happened in September.

Wired has more:

The hackers were discovered on Nov. 8 when a water district employee noticed problems in the city’s Supervisory Control and Data Acquisition System (SCADA). The system kept turning on and off, resulting in the burnout of a water pump.

[...]

The hackers stole usernames and passwords that the vendor maintained for its customers, and then used those credentials to gain remote access to the utility’s network.

The theft of credentials raises the possibility that other customers using the vendor’s SCADA system may be targeted as well.

“It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company’s database and if any additional SCADA systems have been attacked as a result of this theft,” the report states, according to Joe Weiss, managing partner of Applied Control Solutions, who obtained a copy of the document and read it to Threat Level.

In the “Public Water District Cyber Intrusion” report released by the Illinois Statewide Terrorism and Intelligence Center, the utility is not named and Weiss expressed frustration, according to CNET, over other utilities not being alerted of the threat. CNET continues:

"This is a really big deal," said Weiss. The incident has not been disclosed by the Department of Homeland Security's ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) or any other officials, he said, adding "What are we doing with disclosure?"

The DHS said in a statement to CNET that it was investigating the incident but declined to comment on whether a security breach had occurred.

"DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Ill.," DHS spokesman Peter Boogaard said in a statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

Weiss said that the statement was "inconsistent" with the report. According to Wired, the report states that the hacked SCADA software vendor that compromised the Illinois utility is located inside the U.S.:

"One thing that is important to find out is whose SCADA system this is,” Weiss said. “If this is a [big software vendor], this could be so ugly, because a biggie would have not only systems in water utilities but a biggie could even be [used] in nukes.”

According to a blog post by Weiss on Control Global, here are actions he thinks should come of this:

• Provide better coordination and disclosure by the government.
• Provide better information sharing with industry.
• Provide control system cybersecurity training and policies.
• Implement control system forensics.

The Blaze's previous article on infrastructure vulnerability stated that under the current law, it's completely voluntary for utilities to report threats or hacks to their system.