Feeds

FBI: No evidence of water system hack destroying pump

Probe into SCADA breach continues

Security for virtualized datacentres

Federal officials said there's no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery.

In an email sent on Tuesday afternoon to members of the Industrial Control Systems Joint Working Group, officials with the ICS-CERT, an offshoot of the US Computer Emergency Readiness Team, said investigators from the US Department of Homeland Security and the FBI have been unable to confirm the claims, which were made in a November 10 report issued by the Illinois Statewide Terrorism and Intelligence Center, also known as the Fusion Center.

“After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois,” the email, which carries a subject of “UPDATE - Recent Incidents Impacting Two Water Utilities,” stated.

“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.”

The email went on to say the investigators “have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.”

DHS representatives didn't respond to an email seeking comment.

The statement comes five days after Joe Weiss, an ICS security expert, disclosed contents of the Illinois report claiming that attackers triggered a pump failure after accessing the supervisory control and data acquisition system used by a US-based water utility. The report, he went on to say, warned that the intruders hacked into the maker of the SCADA system used by the utility and stole passwords belonging to the manufacturer's customers. If true, that would have meant that other industrial systems might have been breached by the same actors.

A day after the report, Curran-Gardner Water District Chairman Don Craver was quoted by a local ABC News affiliate as saying: “There's some indication there was a breach of some sort into a software program – the SCADA system – that allows remote access to the wells, and the pumps, and those sorts of things.” He has yet to explain his comments in light of Tuesday's statement.

Weiss said he was surprised by the competing versions of events provided in the latest report.

“If they're right, that means what in the world is the Illinois Center doing putting out a report like that that has no verification,” he told The Register. The earlier report “was straightforward. There were no caveats in there.”

The update went on to say that officials are still investigating additional claims that a second water plant in Texas was breached by someone who gained unauthorized access to systems controlling its machinery.

The entire text of Tuesday's update is:

Sent: Tuesday, November 22, 2011 2:38 PM Subject: UPDATE - Recent Incidents Impacting Two Water Utilities

Greetings:

After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.

There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.  In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.  Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.

In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility. The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident.

ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. ICS-CERT encourages those in the industrial control systems community who suspect or detect any malicious activity against/involving control systems to contact ICS-CERT.

Regards,

ICS-CERT

E-mail: ics-cert@dhs.gov Toll Free: 1-877-776-7585 For CSSP Information and Incident Reporting: www.ics-cert.org

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.