Water utility hackers destroy pump, expert says

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/11/17/water_utility_hacked/

By Dan Goodin in San Francisco
The Register
17th November 2011

Updated - Hackers destroyed a pump used by a US water utility after 
gaining unauthorized access to the industrial control system it used to 
operate its machinery, a computer security expert said.

Joe Weiss, a managing partner for Applied Control Solutions, said the 
breach was most likely performed after the attackers hacked into the 
maker of the supervisory control and data acquisition software used by 
the utility and stole user names and passwords belonging to the 
manufacturer's customers. The unknown attackers used IP addresses that 
originated in Russia.

Weiss cited an official government report from the state where the 
regional water district was located. It was dated November 10, two days 
after the hack was discovered. The document indicates that the utility 
had been experiencing unexplained problems with its computerized system 
in the weeks leading up to the breach.

“Over a period of two to three months, minor glitches had been observed 
in remote access to the water district's SCADA system,” Weiss said 
during an interview, in which he read a verbatim portion of the document 
to The Register. He said that the attackers were able to burn out one of 
the utility's pumps by causing either the pump or the SCADA system that 
controlled it to turn on and off “repeatedly.”

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn