CYBER SECURITY LAW AND POLICY

Crossroads Blog | Institute National Security and Counterterrorism

cyber attack

I Broke Into A Water Plant: CBS

Posted by user on November 19, 2011 0 Comments

Read Next →

Actual Indictment

Cyber Espionage

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

CCDCOE

NATO Conference on Cyber Conflict materials now available.

It's just not a good weekend for water utilities.

On November 18th, 2011, Elinor Mills reported for CBS News on how a hacker broke into a South Houston water utility.  The hacker, who calls himself "prof", claims that he hacked the SCADA system (again, the system that controls the utility's physical infrastructure) at the Houston location.  The hacker posted diagrams displaying the inner-workings of the water treatment facility as proof of his infiltration, but did not damage any of the systems.  The hack has not yet been confirmed; Houston officials are investigating, and it's possible the hacker could have found the diagrams from other sources.

Assuming that he did do it, why did he do it?  The article quoted an email from prof which read "Basically, people have no idea what's going on in terms of industrial control, groups like ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) are too slow/don't have enough power to react to situations."  Furthermore, the hacker was unhappy with the US government's response to an attack on an Illinois water treatment facility, saying "I dislike, immensely, how the DHS tend to downplay . . . the state of national infrastructure."

Even worse was how he did it.  The article quoted the hacker as saying "I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two-year-old with a basic knowledge of Simatic . . .As for how I did it, it's usually a combination of poor configuration of services, bad password choice, and no restrictions on who can access the interfaces."

The source article can be found here.

***

Some may be wondering why, in the face of all this news, our nation's critical infrastructure is still connected to the internet.

Dan Goodin explained for the Register that connecting utility controls to the internet is just plain cheaper.  Goodin quoted Michael Assante, a SCADA security expert, as saying that SCADA systems are connected to the internet so that "many cash-strapped agencies don't have to have dedicated SCADA engineers on premises around the clock . . . they're trying to use the technology to maximize the resources they have available to them.”

user

Read Next →

Actual Indictment

Cyber Espionage

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

 Actual Indictment

Cyber Espionage

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

Leave a Reply

Categories

Archives

Bitnami