A hacker or group of hackers managed to infiltrate the network of a water station in Springfield, Illinois, and caused damage to a water pump, reports the Washington Post. The attack appears to be the first time a cyber attack has caused this kind of damage to a computer system in the US.
The attack was first discovered on Nov. 8, when a municipal water district employee discovered a problem with the city’s Supervisory Control and Data Acquisition System (SCADA). As Wired reports, the system repeatedly turned on and off, which caused the water pump to burnout. A technician later discovered that its system had been infiltrated, possibly as early as September.
The attack appears to have been launched from an IP address located in Russia, though it’s possible that the hacker or hackers who waged the attack are physically located elsewhere, and simply waged a proxy attack to make it appear as though Russia was the base of operations.
Access to the water plant’s system was done by hacking into the network of the software vendor that makes the SCADA system. Usernames and passwords for the water utility were stolen, and used to access the utility’s system remotely. It is possible that other SCADA systems are at risk of intrusion, or may have already been breeched.
“It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company’s database and if any additional SCADA systems have been attacked as a result of this theft,” according to a report of the incident obtained by Joe Weiss of Applied Control Solutions. Weiss read this portion of the report to Wired.
So far, the name of the software company that was hacked has not been released, but we do know that it is a vendor in the US. According to Weiss, the company that was hacked could have access to user login information, not only for utility companies, but also for the systems that control US nuclear weapons.
Officially, the Department of Homeland Security is keeping its lips tight on the matter. They have so far refused to say that the burnout of the water pump was a direct cause of the hack. And they say there is not yet any reason to be worried about more destructive consequences resulting from the breech.
“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois,” said DHS spokesman Peter Boogaard in a statement. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
The breech of this SCADA system is the first time an industrial control system has been infiltrated in the US. The most direct comparison is the breech of a uranium enrichment plant in Iran that was carried out through the use of the infamous Stuxnet worm.
[Image via Andrey Kekyalyaynen/Shutterstock]