Every IT specialist worth his salt wouldn’t connect a critical SCADA system to the Internet without the strictest of precautions. It seems that people like that don’t work for critical US infrastructure facilities.
Although the FBI and the Department of Homeland Security DHS started to investigate the incident, they initially downplayed the risk – this provoked another hacker, »pr0f«, who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system.
In a manifesto on pastebin, the hacker said that he wanted to highlight SCADA system security issues to demonstrate how easy it is to access such systems and criticised the condition of security within the US infrastructure.
Until now it remains unclear how the hacker accessed the system. Experts speculate that the SCADA software vendor's database could have been compromised and that harvested access data could have been used to launch the attacks. This would explain, in part, why the hackers have only targeted water utilities.