Cyber attack targets Illinois water station, damages water pump

By Andrew Couts November 18, 2011

water plant shutterstock

A hacker or group of hackers managed to infiltrate the network of a water station in Springfield, Illinois, and caused damage to a water pump, reports the Washington Post. The attack appears to be the first time a cyber attack has caused this kind of damage to a computer system in the US.

The attack was first discovered on Nov. 8, when a municipal water district employee discovered a problem with the city’s Supervisory Control and Data Acquisition System (SCADA). As Wired reports, the system repeatedly turned on and off, which caused the water pump to burnout. A technician later discovered that its system had been infiltrated, possibly as early as September.

Related Videos

The attack appears to have been launched from an IP address located in Russia, though it’s possible that the hacker or hackers who waged the attack are physically located elsewhere, and simply waged a proxy attack to make it appear as though Russia was the base of operations.

Access to the water plant’s system was done by hacking into the network of the software vendor that makes the SCADA system. Usernames and passwords for the water utility were stolen, and used to access the utility’s system remotely. It is possible that other SCADA systems are at risk of intrusion, or may have already been breeched.

“It is unknown, at this time, the number of SCADA usernames and passwords acquired from the software company’s database and if any additional SCADA systems have been attacked as a result of this theft,” according to a report of the incident obtained by Joe Weiss of Applied Control Solutions. Weiss read this portion of the report to Wired.

So far, the name of the software company that was hacked has not been released, but we do know that it is a vendor in the US. According to Weiss, the company that was hacked could have access to user login information, not only for utility companies, but also for the systems that control US nuclear weapons.

Officially, the Department of Homeland Security is keeping its lips tight on the matter. They have so far refused to say that the burnout of the water pump was a direct cause of the hack. And they say there is not yet any reason to be worried about more destructive consequences resulting from the breech.

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois,” said DHS spokesman Peter Boogaard in a statement. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

The breech of this SCADA system is the first time an industrial control system has been infiltrated in the US. The most direct comparison is the breech of a uranium enrichment plant in Iran that was carried out through the use of the infamous Stuxnet worm.

[Image via Andrey Kekyalyaynen/Shutterstock]

Editors' Recommendations

Topics

Computing

Hackers’ Cyber Monday deals will be unbelievably good

An Illustration shows a programmer busy with a laptop and several monitors.

Cyber Monday is one of the biggest shopping days of the year, following Black Friday, and since the reason for the sale day is to push online shopping, you should be particularly wary about hackers creating fake deals that seem unbelievably good. If it sounds too good to be true, it probably is.

Despite our best instincts, it's hard to pass up a huge discount on an exciting present and as the year starts winding down to the end, the pressure is on to find a nice gift to give your loved ones for the holidays. This adds up to a perfect recipe for hackers to take advantage of eager shoppers with an enticing bargain.

Computing

Hackers sink to new low by stealing Discord accounts in ransomware attacks

a faceless hacker in a black hoodie in front of a computer screen with lines of code on it

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Computing

Hackers target your holiday shopping with new phishing scam

Woman using a laptop next to a latte.

It's easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.