Feeds

FBI: No evidence of water system hack destroying pump

Probe into SCADA breach continues

5 things you didn’t know about cloud backup

Federal officials said there's no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery.

In an email sent on Tuesday afternoon to members of the Industrial Control Systems Joint Working Group, officials with the ICS-CERT, an offshoot of the US Computer Emergency Readiness Team, said investigators from the US Department of Homeland Security and the FBI have been unable to confirm the claims, which were made in a November 10 report issued by the Illinois Statewide Terrorism and Intelligence Center, also known as the Fusion Center.

“After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois,” the email, which carries a subject of “UPDATE - Recent Incidents Impacting Two Water Utilities,” stated.

“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.”

The email went on to say the investigators “have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.”

DHS representatives didn't respond to an email seeking comment.

The statement comes five days after Joe Weiss, an ICS security expert, disclosed contents of the Illinois report claiming that attackers triggered a pump failure after accessing the supervisory control and data acquisition system used by a US-based water utility. The report, he went on to say, warned that the intruders hacked into the maker of the SCADA system used by the utility and stole passwords belonging to the manufacturer's customers. If true, that would have meant that other industrial systems might have been breached by the same actors.

A day after the report, Curran-Gardner Water District Chairman Don Craver was quoted by a local ABC News affiliate as saying: “There's some indication there was a breach of some sort into a software program – the SCADA system – that allows remote access to the wells, and the pumps, and those sorts of things.” He has yet to explain his comments in light of Tuesday's statement.

Weiss said he was surprised by the competing versions of events provided in the latest report.

“If they're right, that means what in the world is the Illinois Center doing putting out a report like that that has no verification,” he told The Register. The earlier report “was straightforward. There were no caveats in there.”

The update went on to say that officials are still investigating additional claims that a second water plant in Texas was breached by someone who gained unauthorized access to systems controlling its machinery.

The entire text of Tuesday's update is:

Sent: Tuesday, November 22, 2011 2:38 PM Subject: UPDATE - Recent Incidents Impacting Two Water Utilities

Greetings:

After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.

There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant.  In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.  Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.

In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility. The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident.

ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. ICS-CERT encourages those in the industrial control systems community who suspect or detect any malicious activity against/involving control systems to contact ICS-CERT.

Regards,

ICS-CERT

E-mail: ics-cert@dhs.gov Toll Free: 1-877-776-7585 For CSSP Information and Incident Reporting: www.ics-cert.org

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?