Every IT specialist worth his salt wouldn’t connect a critical SCADA system to the Internet without the strictest of precautions. It seems that people like that don’t work for critical US infrastructure facilities.
According to reports in various US media, a hacker has allegedly remotely intruded into the industrial control systems of a hydroelectric power plant in the US state of Illinois. The hacker managed to repeatedly switch the pump on and off, destroying it in the process. US security agencies are rather tight-lipped about the incident, but this seems to be the first time that parts of a country's critical infrastructure have been successfully attacked and crippled via the internet.
Although the FBI and the Department of Homeland Security DHS started to investigate the incident, they initially downplayed the risk – this provoked another hacker, »pr0f«, who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system.
Although the FBI and the Department of Homeland Security DHS started to investigate the incident, they initially downplayed the risk – this provoked another hacker, »pr0f«, who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system.
In a manifesto on pastebin, the hacker said that he wanted to highlight SCADA system security issues to demonstrate how easy it is to access such systems and criticised the condition of security within the US infrastructure.
Until now it remains unclear how the hacker accessed the system. Experts speculate that the SCADA software vendor's database could have been compromised and that harvested access data could have been used to launch the attacks. This would explain, in part, why the hackers have only targeted water utilities.
Comments