April 20, 2014

Was There a Cyber Attack at Water Plant in Illinois?

(LiveHacking.Com) - There has been lots of discussion about an alleged cyber attack on a water plant in Illinois. The story broke last week when Illinois officials said they were investigating the report of a water pump failure. Then Joe Weiss, a managing partner for Applied Control Solutions, revealed details of a cyber attack. Joe stated in his blog that the SCADA software vendor was hacked and customer usernames and passwords stolen and that during the attack the SCADA system was powered on and off repeatedly and so burned out a water pump. The golden proof, according to Joe, was that the IP address of the attacker was traced back to Russia.

Now, The FBI and the US Department of Homeland Security (DHS) are crying foul. According to an email sent to members of the Industrial Control Systems Joint Working Group, detailed analysis has found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.

Cover up? Media hype? Paranoia?

The email from the FBI and DHS slams down the rumors hard saying:

There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.  In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.  Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.

They do admit that there was an incident where a hacker claimed to have accessed an industrial control system responsible for water supply in the city of South Houston. The hacker posted a series of images allegedly obtained from the system. The FBI are still investigation this incident.

But is this the end? Probably not, according to Brian Krebs Weiss has a report, which he is refusing to publish, which states that:

“An information technology service and repair company checked the computer logs of the SCADA system and determined the system had been remotely hacked into from an Internet provider address located in Russia.”

And that

“Over a period of 2-3 months, minor glitches have been observed in remote access to the water district’s SCADA system. Recently, the SCADA system would power on and off, resulting in the burnout of a water pump.”

So the internal report says yes, definitely a cyber attack but the FBI say no… Who will you believe?