Feeds

FBI: No evidence of water system hack destroying pump

Probe into SCADA breach continues

Build a business case: developing custom apps

Federal officials said there's no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery.

In an email sent on Tuesday afternoon to members of the Industrial Control Systems Joint Working Group, officials with the ICS-CERT, an offshoot of the US Computer Emergency Readiness Team, said investigators from the US Department of Homeland Security and the FBI have been unable to confirm the claims, which were made in a November 10 report issued by the Illinois Statewide Terrorism and Intelligence Center, also known as the Fusion Center.

“After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois,” the email, which carries a subject of “UPDATE - Recent Incidents Impacting Two Water Utilities,” stated.

“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.”

The email went on to say the investigators “have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.”

DHS representatives didn't respond to an email seeking comment.

The statement comes five days after Joe Weiss, an ICS security expert, disclosed contents of the Illinois report claiming that attackers triggered a pump failure after accessing the supervisory control and data acquisition system used by a US-based water utility. The report, he went on to say, warned that the intruders hacked into the maker of the SCADA system used by the utility and stole passwords belonging to the manufacturer's customers. If true, that would have meant that other industrial systems might have been breached by the same actors.

A day after the report, Curran-Gardner Water District Chairman Don Craver was quoted by a local ABC News affiliate as saying: “There's some indication there was a breach of some sort into a software program – the SCADA system – that allows remote access to the wells, and the pumps, and those sorts of things.” He has yet to explain his comments in light of Tuesday's statement.

Weiss said he was surprised by the competing versions of events provided in the latest report.

“If they're right, that means what in the world is the Illinois Center doing putting out a report like that that has no verification,” he told The Register. The earlier report “was straightforward. There were no caveats in there.”

The update went on to say that officials are still investigating additional claims that a second water plant in Texas was breached by someone who gained unauthorized access to systems controlling its machinery.

The entire text of Tuesday's update is:

Sent: Tuesday, November 22, 2011 2:38 PM Subject: UPDATE - Recent Incidents Impacting Two Water Utilities

Greetings:

After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.

There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.  In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.  Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.

In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility. The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident.

ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. ICS-CERT encourages those in the industrial control systems community who suspect or detect any malicious activity against/involving control systems to contact ICS-CERT.

Regards,

ICS-CERT

E-mail: ics-cert@dhs.gov Toll Free: 1-877-776-7585 For CSSP Information and Incident Reporting: www.ics-cert.org

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?