Skip to comments.Infrastructure Cyber Attack: “We Don’t Know How Many Other Utilities Are Compromised”
Posted on 11/20/2011 12:20:47 PM PST by Kartographer
Foreign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what appears to be the first reported case of a malicious cyber attack damaging a critical computer system in the United States, according to an industry expert.
Dave Marcus, director of security research for McAfee Labs, said that the computers that control critical systems in the United States are vulnerable to attacks that come through the Internet, and few operators of these systems know how to detect them. So many are ill-prepared for cyber attacks, Marcus said.
Problems with the system in Springfield had been observed for two to three months and recently the system would power on and off, resulting in the burnout of a water pump, the Nov. 10 report from the statewide terrorism and intelligence center stated, according to Weiss, who read the report to The Washington Post.
According to the report, hackers apparently broke into a software companys database and retrieved user names and passwords of various control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.
(Excerpt) Read more at shtfplan.com ...
Why any physical system is hooked up to the Internet is beyond me.
Mostly because they thought it was cool & high tech.
They better be disconnecting as soon as possible.
From a 2002 article:
U.S. Fears Al Qaeda Cyber Attacks
Barton Gellman, Washington Post 2002-06-26
“Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI’s San Francisco computer intrusion squad.
Working with experts at the Lawrence Livermore National Laboratory, the FBI traced back trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found “multiple casings of sites” nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.
Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser’s path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids.
The devices are called distributed control systems, or DCS, and supervisory control and data acquisition, or SCADA, systems. The simplest ones collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.
What is new and dangerous is that most of these devices are now being connected to the Internet — some of them, according to classified “Red Team” intrusion exercises, in ways that their owners do not suspect.”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.