Exclusive: Comedy of Errors Led to False 'Water-Pump Hack' Report

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/

By Kim Zetter
Threat Level
Wired.com
November 30, 2011

It was the broken water pump heard ’round the world.

Cyberwar watchers took notice this month when a leaked intelligence memo 
claimed Russian hackers had remotely destroyed a water pump at an Illinois 
utility. The report spawned dozens of sensational stories characterizing it as 
the first-ever reported destruction of U.S. infrastructure by a hacker. Some 
described it as America's very own Stuxnet attack.

Except, it turns out, it wasn’t. Within a week of the report’s release, DHS 
bluntly contradicted the memo, saying that it could find no evidence that a 
hack occurred. In truth, the water pump simply burned out, as pumps are wont to 
do, and a government-funded intelligence center incorrectly linked the failure 
to an internet connection from a Russian IP address months earlier.

Now, in an exclusive interview with Threat Level, the contractor behind that 
Russian IP address says a single phone call could have prevented the string of 
errors that led to the dramatic false alarm.

“I could have straightened it up with just one phone call, and this would all 
have been defused,” said Jim Mimlitz, founder and owner of Navionics Research, 
who helped set up the utility’s control system. ”They assumed Mimlitz would 
never ever have been in Russia. They shouldn’t have assumed that.”

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn