Posted at 12:44 PM ET, 11/18/2011
Foreign hackers targeted U.S. water plant in apparent malicious cyber
attack, expert says
By Ellen Nakashima
Foreign hackers caused a pump at an Illinois water plant to fail last
week, according to a preliminary state report. Experts said the
cyber-attack, if confirmed, would be the first known to have damaged one
of the systems that supply Americans with water, electricity and other
essentials of modern life.
Companies and government agencies that rely on the Internet have for
years been routine targets of hackers, but most incidents have resulted
from attempts to steal information or interrupt the functioning of Web
sites. The incident in Springfield, Ill., would mark a departure because
it apparently caused physical destruction.
Federal officials confirmed that the FBI and the Department of Homeland
Security were investigating damage to the water plant but cautioned
against concluding that it was necessarily a cyber-attack before all the
facts could be learned. “At this time there is no credible corroborated
data that indicates a risk to critical infrastructure entities or a
threat to public safety,” said DHS spokesman Peter Boogaard.
News of the incident became public after Joe Weiss, an industry security
expert, obtained a report dated Nov. 10 and collected by an Illinois
state intelligence center that monitors security threats. The original
source of the information was unknown and impossible to immediately
verify.
The report, which Weiss read to The Washington Post, describes how a
series of minor glitches with a water pump gradually escalated to the
point where the pump motor was being turned on and off frequently. It
soon burned out, according to the report.
The report blamed the damage on the actions of somebody using a computer
registered to an Internet address in Russia. “It is believed that
hackers had acquired unauthorized access to the software company’s
database” and used this information to penetrate the control system for
the water pump.
Experts cautioned that it is difficult to trace the origin of a
cyber-attack, and that false addresses often are used to confuse
investigations. Yet they also agreed that the incident was a major new
development in cyber-security.
“This is a big deal,” said Weiss. “It was tracked to Russia. It has been
in the system for at least two to three months. It has caused damage. We
don’t know how many other utilities are currently compromised.”
Dave Marcus, director of security research for McAfee Labs, said that
the computers that control critical systems in the United States are
vulnerable to attacks that come through the Internet, and few operators
of these systems know how to detect or defeat these threats. “So many
are ill-prepared for cyber-attacks,” Marcus said.
The Illinois report said that hackers broke into a software company’s
database and retrieved user names and passwords of control systems that
run water plant computer equipment. Using that data, they were able to
hack into the plant in Illinois, Weiss said.
Senior U.S. officials have recently raised warnings about the risk of
destructive cyber-attacks on critical infrastructure. One of the few
documented cases of such an attack resulted from a virus, Stuxnet, that
caused centrifuges in an Iranian uranium enrichment facility to spin out
of control last year. Many computer security experts have speculated
that Stuxnet was created by Israel — perhaps with U.S. help — as a way
to check Iran’s nuclear program.