Water control stations cyber attacked

In the United States, two water pump stations have had their computer systems attacked. The attacks targeted the remote control and data acquisition systems.

Early in the month, a computer attack hit a water pumping station in Illinois, leading to its closure. The incident was investigated by the United States Department of Homeland Security and the FBI.

Computer hackers managed to penetrate the network which was installed in September. They then remotely controlled the monitoring and data acquisition systems (SCADA; Supervisory Control and Data Acquisition). These systems were spoken about a year ago when the Stuxnet work attacked Iran, infecting their nuclear treatment plants.

The hackers apparently managed to cause system breakdowns by powering up and shutting down pumps successively, with this generating an alert on the system. It has been suggested in the American press that the attack could have been done from Russia. Joseph Weiss, a CyberSecurity expert, has speculated that :"the SCADA software vendor was hacked and customer usernames and passwords stolen".

For a hacker who presents himself as pr0f, the incident appears to have been played down by authorities. He therefore decided to attack another station in Texas. To prove the intrusion took place, he published screen captures from the SCADA system (see illustration) on Pastebin.com.

He states that he performed this operation to highlight security problems, criticising some of the US’ infrastructure – although he caused no damage. When talking to Sophos, pr0f explained that he managed to connect to a VNC variant (remote control software) accessible from the Internet which allowed him to take the screen captures. He was also able to access the Web administration portal.

We can think that the connecting of SCADA systems to the network could be one of its weaknesses, along with their implementation by companies. In the case of Iran with Stuxnet, the infection came from network connected Windows machines.