US Officials Investigating Hacker Attack Against Illinois Water Supply

On November 8th, foreign hackers were reportedly able to infiltrate a central Illinois utility and remotely reset the system and damage a water pump. If confirmed, would will be the first foreign cyber attack against a US utility.

The attackers were able to access the Supervisory Control and Data Acquisition (SCADA) systems—specialized computer systems for controlling critical US infrastructures—in a rural community West of Springfield, Il using credentials from the company that provides the system's control software, according to Joe Weiss, managing partner at Applied Control Systems LLC. The vendor maintains a database of these credentials for service calls, system upgrades and technical support. There's no word yet on if other customers of the vendor have been targeted.

While no specific motive has been established, the attack did cause damage to the utility's systems. During the hack, the SCADA system was powered off and on, which burned out one of the plant's water pumps. "It came through a software system that's used to remotely access the pumps," said Don Craven, a lawyer and a trustee for the Curran-Gardner Township Public Water District. "A pump is burned out." The blown pump, however, did not affect service to the district's 2,200 customers.

The IP address of the attacker has been traced back to Russia. "An information technology services and computer repair company checked the computer logs of the system and determined the computer had been hacked into from a computer located in Russia," Weiss told Reuter, quoting a report by the Illinois Statewide Terrorism and Intelligence Center (ISTIC).

The Department of Homeland Security and the FBI are both investigating the matter. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," said DHS spokesman Peter Boogaard. However, the ISTIC report also states that operators were noticing glitches in the system up to three months before the attack but had dismissed them as "part of the normal instability of the system," said Weiss. "But it wasn't until the SCADA system actually turned on and off that they realized something was wrong."

This alleged attack only further highlights the vulnerabilities of US industrial centers—especially now that Stuxnet is freely available on the net. Beyond the reasoning to connect critical infrastructure like this to the Internet in the first place, Lani Kass, a former senior cyber policy adviser to the U.S. Joint Chiefs of Staff asserts that future attacks could do more than burn out an pump. "Many (SCADA systems) are old and vulnerable," said Kass. "There are no financial incentives for the utility owners to replace and secure these systems and the costs would be high."

Sean McGurk, former director of the National Cybersecurity and Communications Integration Center, disagrees—explaining to CNN that these events occur "almost on a weekly basis." He continued, "While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance." [MSNBC - PG Magazine - Control Global - CNN - Image: ruigsantos / Shutterstock]


You can keep up with Andrew Tarantola, the author of this post, on Twitter or Google+.