Feds Refute Hackers Destroyed US Water Pump

Dennis Faas's picture

An unconfirmed report claims foreign hackers were able to gain control of a US water company's pump and destroy it, remotely. If true, this appears to be the first such publicly acknowledged attack in the US.

The report comes from Joe Weiss of Applied Control Solutions, an independent security firm for industrial control systems.

Weiss says he received a government report about a water utility firm (which doesn't use ACS services), on the condition he withhold the water company's name and location. Separate reports have indicated the site was in Springfield, Illinois. (Source: theregister.co.uk)

The hacking was discovered on November 8. The attackers used an IP address in Russia, though that does not imply that they originated in that country.

According to reports, the hackers breached defenses erected by the water company's security firm, and were able to gain user names and passwords.

The AFP news agency likened this to gaining physical keys to sensitive industrial facilities. (Source: google.com)

Pump Supposedly Burned Out Via Remote Computers

Once past the defenses, the hackers were able to gain remote control over the supervisory control and data acquisition (SCADA) system that runs machinery at one of the utility's plants. They repeatedly switched a pump on and off again until it burned out.

Strike Reminiscent of Stuxnet Worm Attack

The incident comes a year after an Iranian nuclear facility was reported to have suffered serious delays after centrifuges were repeatedly sped up and slowed down, causing many to be damaged or destroyed.

That attack appears to have been the work of the Stuxnet worm, which seemed specifically crafted to attack the centrifuges, conceivably with the aid of inside information about their design.

The new reports mark the first time claims of such an attack on American infrastructure have gone public. Previously, the main concern about infrastructure was the possibility of wireless hacking of so-called smart grids that measure local electricity use and control the output of power plants.

Feds Deny Attack was the Result of Cyber Intrusion

On Wednesday, the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) sternly claimed that according to "detailed analysis", the alleged hacking incident "found no evidence of a cyber intrusion [at the Illinois water plant]." (Source: rttnews.com)

| Tags:
Rate this article: 
No votes yet