Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

DHS Issued False ‘Water Pump Hack’ Report; Called It a 'Success'

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 3 Oct 2012 02:19:02 -0500 (CDT)
http://www.wired.com/threatlevel/2012/10/dhs-false-water-pump-hack/

By Kim Zetter
Threat Level
Wired.com
10.02.12
When an Illinois fusion center distributed a report last year stating that hackers from Russia had broken into a water district’s SCADA system and sabotaged a water pump, the Department of Homeland Security stepped in publicly to denounce the report as false, blaming the regional fusion center for spreading unsubstantiated claims and sowing panic in the industrial control system community.
But while DHS was busy pointing a finger at the fusion center, its own Office of Intelligence and Analysis had been irresponsibly spreading the same false information privately in a report to Congress and the intelligence community, according to a Senate subcommittee investigation released late Tuesday. The DHS report was issued five days after the fusion center report was issued.
Even after the FBI and other investigators concluded a few days later that there was no merit to the hacking claims and that the reports were false, the DHS intelligence unit did not issue a correction to its report or notify Congress or the intelligence community that the information it spread was incorrect.
Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”
“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators. 

[...]


--
Certified Ethical Hacker and CISSP with ExpandingSecurity.com gives the best
training and support. Last 2012 CISSP and CEH starts Oct. 1! Take action now
and be done before 2012 ends. Best program, best price.
CISSP info signup
http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
CEH info signup
http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
Our Live Online classes will not wreck your schedule.
Previous By Date Next
Previous By Thread Next

Current thread: