Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Hackers have reportedly breached the systems of two US water utility companies, potentially causing physical damage in one case.
A manufacturer of supervisory control and data acquisition (SCADA) systems used to manage operations at critical infrastructure facilitates, was breached and had customer usernames and passwords stolen, according to Joe Weiss, managing partner of SCADA security firm Applied Control Solutions.
The attack was traced back to an IP address located in Russia.
The incident was first disclosed in an Illionis state government report, according to Weiss. The affected water utility noticed minor issues in the remote access to SCADA system for about two to three months before the problem was identified as a breach.
“There was damage – the SCADA system was powered on and off, burning out a water pump,” Weiss wrote in the blog post.
The US Department of Homeland Security (DHS) spokesman Peter Boogaard indicated that the affected facility was located in Springfield, Ill.
“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Ill," Boogaard wrote. “At this time, there is no credible, corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
Weiss, meanwhile, criticised the DHS, US-CERT and WaterISAC (Information Sharing and Analysis Center), for failing to disclose the incident to those in the sector.
“Consequently, none of the water utilities I have spoken to were aware of it,” Weiss wrote.
Following news of the incident, a hacker with the alias "pr0f," on Friday posted on Pastebin apparent proof of a separate intrusion into the systems of a South Houston water supplier.
The hacker posted images that appear to show the desktop interface of the water utility's SCADA system.
Hacking into a SCADA system is not any more difficult than hacking into any other computer, Dave Marcus, director of security research at McAfee, wrote in a blog post Friday.
“My gut tells me that there is greater targeting and wider compromise than we know about,” Marcus said. “Why? Again, my instincts tell me that there is a lack of cyberforensics and response procedures at most of these facilities.”
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.