Water Plant Hack Shuts Down Illinois Plant: SCADA Holes Show Security Flaws

Water Plant Hacked In IllinoisAlthough a hack attack on an Illinois based water plant has not caused serious damage, it’s the underlying ramifications that are alarming. The hack is reported to be from Russia, based on the Russian based IP addresses that the hack was traced back to, but it’s possible the hacker used a proxy.

The hack involved taking control of the SCADA (supervisory control and data acquisition) controller and once that had been accomplished, it took over the water plants systems. The water pump was turned off and on again rapidly from the hacker’s internet location, which then caused the pump to fail.

Glitches had been reported with the system for awhile but no one thought it was anything other than the instability of the system causing some problems. When the system was turned off and on, that tipped them off that something else was wrong.

It’s not known exactly what they were after, nor if they stole only one customer’s information or a master password that gave them access to multiple customer’s accounts. There’s a possibility, due to the theft of these credentials, that there are other targets in the works to other companies using the vendor’s SCADA systems.

Joe Weiss, managing partner of Applied Control Solutions, stated that it’s not known yet how many usernames and passwords had been taken from the SCADA database. This information was obtained by a report released on November 10th, 2011 by the Illinois Statewide Terrorism and Intelligence Center. There is evidence to support that the hackers have had access to the system since early September.

This case is being investigated by the Department of Homeland Security and The FBI. Peter Boogaard, a spokesperson for The Department of Homeland Security, stated that as of this time, there doesn’t seem to be any threat to public safety or to the critical infrastructure entities. They are downplaying the severity of the problem.

However, this doesn’t seem to be a one time and one plant attack. A hacker using the handle “pr0f” is claiming to have inside access to another plant in Houston Texas, and has posted screenshots of numerous links of the internal control systems and has made scathing comments on the Pastebin website about the ease in which these systems are hacked. The hacker comments seemed to be results of the comments from the FBI and DHS.

Former advisor to the US Joint Chiefs of Staff on security issues, Lani Kass said that the United States needs to do more work on understanding attacks on critical infrastructure. The common thought is that these incidents are just individual in nature and more than likely coincidence.

She states “if every incident is seen in isolation, it’s hard – if not impossible – to discern a pattern or connect the dots. Failure to connect the dots led us to be surprised on 9/11.”
From the sound of the comments posted on Pastebin, the hacker is trying to prove something in regards to the ease of breaking into these security systems, and the foolishness of the slack security measures used to begin with, but what the purpose is, or what the hacker is after, remains to be seen.


1 Comment on "Water Plant Hack Shuts Down Illinois Plant: SCADA Holes Show Security Flaws"

  1. Instead of concentrating the cost prohibitive approach of trying to secure from the SCADA standpoint, more interest should be put into analyzing why these systems are accessible over the internet. Does each system really need to be accessed externally? If you put effective firewalls, password management, quotas and access controls on the web portal you won’t have to worry about all of the internal workings. If you lock the front door to your home, there is no need to lock every interior door.

    Systems such as these shouldn’t be easier to hack than a facebook page.

Leave a comment

Your email address will not be published.