Hackers 'hit' US water treatment systems

Dripping taps The alleged attack was made on a system that piped clean water to homes in Illinois

Related Stories

Hackers are alleged to have destroyed a pump used to pipe water to thousands of homes in a US city in Illinois.

Hackers with access to the utility's network are thought to have broken the pump by turning it on and off quickly.

The FBI and Department for Homeland Security (DHS) are investigating the incident as details emerge of what could be a separate second attack.

Experts said the news revealed a growing interest in critical infrastructure by cyber criminals.

Information about the 8 November incident came to light via the blog of Joe Weiss who advises utilities on how to protect hardware against attack.

Mr Weiss quoted from a short report by the Illinois Statewide Terrorism and Intelligence Center which said hackers obtained access using stolen login names and passwords. These were taken from a company which writes control software for industrial systems.

The net address through which the attack was carried out was traced to Russia, according to Mr Weiss. The report said "glitches" in the remote access system for the pump had been noticed for months before the burn out, said Mr Weiss.

Iranian President Mahmoud Ahmadinejad Iran's nuclear programme has been slowed by a virus targeting industrial control systems

Peter Boogaard, A spokesman for the DHS, said it was gathering facts about the incident.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said.

Industrial action

The comments by the DHS prompted a hacker using the handle "pr0f" to claim he had access to the control systems for a second US water utility.

He posted a document to the Pastebin website which purportedly contained links to screenshots of the internal control systems for a waste water treatment plant in South Houston.

The hacker's claims about their ability to penetrate the control systems have yet to be confirmed or denied by South Houston's Water and Sewer Department.

In an interview with the Threat Post website, Pr0f said the hack of the South Houston network barely deserved the name because only a three-character password had been used to protect the system.

The attacks are the latest in a series in which different hackers and groups have targeted so called Supervisory Control And Data Acquisition (SCADA) systems. These specialised computer systems are used to control equipment used to filter water, mix chemicals, distribute power and route trains and trams.

One of the best known SCADA attacks involved the Stuxnet worm which caused problems for Iran.

There were reports that the malware crippled centrifuges used in the nation's uranium enrichment program. Iran denied the claims saying that it had caught the worm before it reached its intended target.

Earlier this year, security researchers who investigated ways to attack SCADA systems were persuaded to cancel a public talk about their findings because of the "serious physical, financial impact these issues could have on a worldwide basis".

Lani Kass, a former adviser to the US Joint Chiefs of Staff on security issues, said America had to start doing more work to understand attacks on critical infrastructure.

"The going in hypothesis is always that it's just an incident or coincidence," she said. "And if every incident is seen in isolation, it's hard - if not impossible - to discern a pattern or connect the dots."

"Failure to connect the dots led us to be surprised on 9/11," she said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

Elsewhere on the BBC

  • MoviesMovie magic

    Tech that reads your desires is helping to increase your odds of producing a hit film, says BBC Future

Programmes

  • Smart glassesClick Watch

    Smart spectacles go into battle – the prototypes looking to take on Google Glass

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.