Cyberattack traced to Russia damages Illinois public water facility

http://www.rawstory.com/rs/2011/11/18/cyberattack-traced-to-russia-damages-illinois-public-water-facility/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheRawStory+%28The+Raw+Story%29

By Agence France-Presse
Friday, November 18, 2011

A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.

“This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage,” Applied Control Solutions managing partner Joseph Weiss told AFP.

“That is what is so big about this,” he continued. “They could have done anything because they had access to the master station.”

The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier, Weiss said.

The network breach was exposed after cyber intruders burned out a pump.

“No one realized the hackers were in there until they started turning on and off the pump,” according to Weiss.

The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.

There are about a dozen or so firms that make SCADA software, which is used around the world to control machines in industrial facilities ranging from factories and oil rigs to nuclear power and sewage plants.

Stealing passwords and account names from a SCADA software company was, in essence, swiping keys to networks of facilities using the programs to control operations.

[...]

Word also circulated on Friday that a water supply network in Texas might have been breached in a cyber attack, according to McAfee Labs security research director David Marcus.

..