Foreign Hackers Targeting U.S. Utilities In Cyber Attacks

[Ryan Ruck]

Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Expert Says

November 18, 2011

Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.

Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” said DHS spokesman Peter Boogaard.

News of the incident became public after Joe Weiss, an industry security expert, obtained a report dated Nov. 10 and collected by an Illinois state intelligence center that monitors security threats. The original source of the information was unknown and impossible to immediately verify.

The report, which Weiss read to The Washington Post, describes how a series of minor glitches with a water pump gradually escalated to the point where the pump motor was being turned on and off frequently. It soon burned out, according to the report.

The report blamed the damage on the actions of somebody using a computer registered to an Internet address in Russia. “It is believed that hackers had acquired unauthorized access to the software company’s database” and used this information to penetrate the control system for the water pump.

Experts cautioned that it is difficult to trace the origin of a cyber-attack, and that false addresses often are used to confuse investigations. Yet they also agreed that the incident was a major new development in cyber-security.

“This is a big deal,” said Weiss. “It was tracked to Russia. It has been in the system for at least two to three months. It has caused damage. We don’t know how many other utilities are currently compromised.”

Dave Marcus, director of security research for McAfee Labs, said that the computers that control critical systems in the United States are vulnerable to attacks that come through the Internet, and few operators of these systems know how to detect or defeat these threats. “So many are ill-prepared for cyber-attacks,” Marcus said.

The Illinois report said that hackers broke into a software company’s database and retrieved user names and passwords of control systems that run water plant computer equipment. Using that data, they were able to hack into the plant in Illinois, Weiss said.

Senior U.S. officials have recently raised warnings about the risk of destructive cyber-attacks on critical infrastructure. One of the few documented cases of such an attack resulted from a virus, Stuxnet, that caused centrifuges in an Iranian uranium enrichment facility to spin out of control last year. Many computer security experts have speculated that Stuxnet was created by Israel — perhaps with U.S. help — as a way to check Iran’s nuclear program.

[catfish]

Maybe its time to start thinking about disconnecting vital infrastructures from the internet.

[Malsua]

Maybe its time to start thinking about disconnecting vital infrastructures from the internet.

Or at least centralize the reporting and control separate from the actual equipment. You have a computer that interacts with the equipment rather than having the equipment plugged straight to the internet. First the bad guys have to get through the firewalls, then compromise the command and control computer. You then watch one computer instead of 100s of devices.

[catfish]

Or at least centralize the reporting and control separate from the actual equipment. You have a computer that interacts with the equipment rather than having the equipment plugged straight to the internet. First the bad guys have to get through the firewalls, then compromise the command and control computer. You then watch one computer instead of 100s of devices.

I think centralizing would at least be better than what we are doing now. Current conditions leave us very vulnerability. Frontline did a story about hackers attacking power plants that was very interesting. The Frontline story dovetails nicely with this report of hackers attacking our water supply. This time its a water pump, next time it is an electrical generator being burned up.

[American Patriot]

They should have fire walls ANYWAY... and they should have protection on the switches and routers.

Russians compromising a water supply. IMAGINE THAT! This MUST be a lie cuz they are "our friends" right Obama?

[American Patriot]

Water utility hackers destroy pump, expert says




SCADA breach 'a really big deal'
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 17th November 2011 22:03 GMT


Updated Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery, a computer security expert said.


Joe Weiss, a managing partner for Applied Control Solutions, said the breach was most likely performed after the attackers hacked into the maker of the supervisory control and data acquisition software used by the utility and stole user names and passwords belonging to the manufacturer's customers. The unknown attackers used IP addresses that originated in Russia.


Weiss cited an official government report from the state where the regional water district was located. It was dated November 10, two days after the hack was discovered. The document indicates that the utility had been experiencing unexplained problems with its computerized system in the weeks leading up to the breach.



“Over a period of two to three months, minor glitches had been observed in remote access to the water district's SCADA system,” Weiss said during an interview, in which he read a verbatim portion of the document to The Register. He said that the attackers were able to burn out one of the utility's pumps by causing either the pump or the SCADA system that controlled it to turn on and off “repeatedly.”


Weiss said he obtained the report on the condition that the water utility and the state where it's located aren't disclosed. A statement issued by the US Department of Homeland Security indicated the utility was located in Springfield, Illinois. Weiss published bare-bones details of the hack on Thursday because he wanted to bring attention to an incident he said raised serious concerns about the ability of the US government to secure critical infrastructure.


“This is really a big deal, and what's just as big a deal is what isn't being said or isn't being done,” Weiss said. “What the hell is going on with DHS? Why aren't people being notified?”


He said he's unaware of any water utilities or other SCADA operators who know about the attack.


In an email sent several hours after this article was first published, DHS spokesman Peter Boogaard wrote: "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."


The Register was unable to verify the claims in the report. A security researcher with no affiliation to Weiss said there was no obvious reason to doubt the attack took place as described.


“It's not surprising,” said Rick Moy, President and CEO of NSS Labs. “These things are connected to the internet in ways they shouldn't be. It's very plausible.”


Over the past few years, the vulnerability of the control systems used to operate power plants, gas refineries, and other industrial systems has been underscored by a variety of events. Chief among them was the Stuxnet computer worm that infiltrated SCADA systems in Iran and disrupted that country's nuclear program. Earlier this year, security researcher Dillon Beresford disclosed bugs in widely used control systems that he said were “far reaching and affect every industrialized nation across the globe.”


More recently, researchers discovered highly sophisticated malware dubbed Duqu had infiltrated at least eight industrial facilities throughout the world by exploiting a previously unknown vulnerability in Microsoft Windows. Some researchers say it was created by people with close ties to Stuxnet.


Weiss said the possibility that attackers of the water utility obtained passwords for multiple customers of the SCADA manufacturer left open the possibility that other industrial facilities are also susceptible or may already have been breached. Many industrial control systems rely on passwords that are hard-coded, making it difficult to change stolen passcodes without causing serious problems.


Weiss said the objectives and identities of the attackers remain a mystery. Possibilities could include a nation state doing reconnaissance, recreational hackers looking for laughs, or a criminal gang setting up an elaborate extortion scheme.


“Until you find who did it, there's no way to know what the motive is,” he said. ®
This article was updated to add comment from DHS.
Follow @dangoodin001 on Twitter.

[American Patriot]

DHS says they are "investigating". They have to get all the facts of course....

Weiss said the objectives and identities of the attackers remain a mystery. Possibilities could include a nation state doing reconnaissance, recreational hackers looking for laughs, or a criminal gang setting up an elaborate extortion scheme.

Let's say for shits and giggles this isn't anything to do with Russia. The IP address was proxied out of the USA. Let's just say for shits and giggles this is a "false flag".

The issue I have here is that water supplies are a natural resource and technically an attack on our resources is an attack on our country, and an act of war. It has always been considered so in the past. Suddenly, though, we let China play with our servers and routers, Russia foul up water pumps and North Korea screw with GPS signals.

When the fuck are we going to stop letting the boys play with their toys?


If I had more time to do something, I'd take down the fucking Kremlin, but my OWN government would probably come after me.

Assholes

[catfish]

DHS says they are "investigating". They have to get all the facts of course....



Let's say for shits and giggles this isn't anything to do with Russia. The IP address was proxied out of the USA. Let's just say for shits and giggles this is a "false flag".

The issue I have here is that water supplies are a natural resource and technically an attack on our resources is an attack on our country, and an act of war. It has always been considered so in the past. Suddenly, though, we let China play with our servers and routers, Russia foul up water pumps and North Korea screw with GPS signals.

When the fuck are we going to stop letting the boys play with their toys?


Interesting that you would say attacking our resources is an act of war. I've read several articles this week where the pentagon says they could retaliate with force in the event of a cyber attack. Even more interesting is your idea of a false flag attack. What if the Russians or Chinese cyber attacked us and made it look like another country did it? This is a can of worms.

If I had more time to do something, I'd take down the fucking Kremlin, but my OWN government would probably come after me.

Assholes

[American Patriot]

On a side note... I just saw an artcile posted with the "Top 25 WORST passwords of 2011". I suspect they are the same as 2010, 2009 and 1985....

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passwOrd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

[American Patriot]

Foreign cyber attack hits US infrastructure: expert

November 19, 2011 Enlarge
A man uses a laptop computer at a wireless cafe. A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.


A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.


"This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage," Applied Control Solutions managing partner Joseph Weiss told AFP.


"That is what is so big about this," he continued. "They could have done anything because they had access to the master station."


The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier, Weiss said.


The network breach was exposed after cyber intruders burned out a pump.
"No one realized the hackers were in there until they started turning on and off the pump," according to Weiss.


The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.
There are about a dozen or so firms that make SCADA software, which is used around the world to control machines in industrial facilities ranging from factories and oil rigs to nuclear power and sewage plants.


Stealing passwords and account names from a SCADA software company was, in essence, swiping keys to networks of facilities using the programs to control operations.


"We don't know how many other SCADA systems have been compromised because they don't really have cyber forensics," said Weiss, who is based in California.


The US Department of Homeland Security has downplayed the Illinois cyber attack in public reports, stating that it had seen no evidence indicating a threat to public safety but was investigating the situation.


Word also circulated on Friday that a water supply network in Texas might have been breached in a cyber attack, according to McAfee Labs security research director David Marcus.


"My gut tells me that there is greater targeting and wider compromise than we know about," Marcus said in a blog post.


"Does this mean that I think it is cyber-Armageddon time?" Marcus continued. "No, but it is certainly prudent to evaluate our systems and ask some questions."

[American Patriot]

Well... I use strong passwords too Peterle, even here (especially here on this site). I am, after all an administrator and need to protect the system here from anyone who might grab my password.

Even my home computer has a 99% strong password. No one in the family can log into my machine. They all have their own stuff (and believe me this has been a source of martial strife at times)... but on the other hand, if even my wife hasn't the ability to log in there is nothing anyone can do about it.

[American Patriot]

Yeah. I have tight ones, internet as well. I have several anti-root kits and anti-key logger programs, and keep something running all the time.

Browser does NOT know anything. I turned it all off. There are no master passwords, no stored password, no stored history. I have been using pgp encryption of late with emails as well.

[American Patriot]

/chuckles. I have what I have and don't tell people. LOL!

[American Patriot]

I think... catfish, you put your text inside the quote.

It's not actually all that interesting though. the internet is part of the infrastructure. So are trains, planes, shipping, water supplies and factories, electrical grid and I'm sure I am missing a couple of things. Oh, communications.

Long, long ago, in a galaxy far, far away - ok, well, wasn't that long ago actually, I used to have to sit through training in the military on what was and wasn't a "target", what is and isn't a "policy" and what as the "enforcement arm" of the US Government me, as a lowly Airman was responsible for protecting - AND WHY.

The internet fits into that part of infrastructure containing communications.

Water is a resource.

Attacking our resources (prevention of humans getting water for instance, or poisoning it) is grounds for a military response. Attacking it through the internet is worse.

Attacking the internet to disable communications (or shooting down a satellite) are also grounds for a military response.

I wish I had copies of the slides or some of the training material I've seen over the years. I suspect other military members here have seen similar stuff.

I remember more recently having to take a class (online at work) about this sort of thing.

So, you can rest assured that what I've said is not a stupid response or unwarranted.

While some folks might think it dumb to bomb the shit out of the Chinese for doing a little, perhaps unsuccessful cyber attack on some electrical substation in Peoria, Illinois - it's not beyond the pale to eventually expect some kind of a US military response to some cyber attack.

It will happen eventually.

Again, this is the "frog in the pot of water" scenario though. They do little pokes and prods to see our response. We have, thus far, done little but strengthen our Internet defenses.

Eventually the attack will be something we can no longer ignore, or sweep under the carpet (as they are really trying to do with this at the DHS... investigate it my ass) and there will be a REAL, and brutal military response for doing it.

[vector7]

Russian' hackers seize control of U.S. public water system by remotely destroying pump

• Attacks on critical infrastructure set worrying precedent for security officials
• Hacked SCADA software also used in nuclear power stations and on oil rigs
• Officials trace attack to computer in Russia

By Graham Smith

Last updated at 6:03 PM on 21st November 2011

• Comments (74)
• Add to My Stories
• Share

Russian cyber criminals have destroyed a pump used to supply water to thousands of homes in Illinois, according to an infrastructure control systems expert.

Hackers accessed the public water facility in the city of Springfield and are believed to have then broken the pump by remotely turning it on and off in quick succession.

The incident, which took place on November 8, sets a worrying precedent for security officials - particularly after another hacker has since claimed to have taken control of a second U.S. facility.


Hackers using a computer in Russia have accessed an Illinois public water facility and are believed to have then broken the pump by remotely turning it on and off quickly

Joe Weiss, who advises utilities on how to protect themselves against hackers, told the AFP news agency: 'This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage.

'That is what is so big about this. They could have done anything because they had access to the master station.'

The attack, which is being investigated by the FBI and the U.S. Department For Homeland Security (DHS), has been traced to a computer in Russia, Mr Weiss said.

More...

• Android under assault as hacker attacks on phones go up 472 per cent in four months

It first came to light after Mr Weiss, of Applied Control Solutions, posted on his blog quotations taken from a one-page report by the Illinois Statewide Terrorism and Intelligence Center.

The report said hackers obtained access using stolen login names and passwords.

These were taken during a hack on a U.S. company that makes Supervisory Control and Data Acquisition (SCADA) software, which is used around the world to control machines in critical industrial facilities.

SCADA software is in place at nuclear power stations and oil rigs; the Illinois infiltration therefore sets a frightening precedent.

Mr Weiss said: 'We don't know how many other SCADA systems have been compromised because they don't really have cyber forensics.'


Further embarrassment: A second hacker has posted this screenshot of the internal control systems for a waste water treatment plant in South Houston


A Twitter profile picture of the South Houston hacker - he claimed said that the water system was only protected by a three-character password

He claimed the report said 'glitches' in the remote access system for the pump had been notices for months before the pump was destroyed.

'No one realised the hackers were in there until they started turning on and off the pump,' he said.

Peter Boogaard, a spokeman for the DHS, said: 'At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.'

However, a hacker using the online name 'pr0f' has responded to Mr Boogaard's statement by claiming to have taken control of a second U.S. public facility, this time in South Houston, Texas.

Astonishingly, he said that SCADA system was only protected by a three-character password.

To prove his point, he then posted links - on the Pastebin website - to what he claims are screenshots of the internal control systems for the waste water treatment plant.

The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran.

Many experts said that was a major setback for Iran's nuclear weapons program and attribute the attack to the U.S. and Israel.

In 2007, researchers at the U.S. government's Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator.

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said America should take the possibility of a cyber attack seriously.

She said: 'The going in hypothesis is always that it's just an incident or coincidence. And if every incident is seen in isolation, it's hard - if not impossible - to discern a pattern or connect the dots.

'Failure to connect the dots led us to be surprised on 9/11.'

Representative Jim Lanvevin, a Democrat from Rhode Island, said that the report of the attack highlighted the need to pass legislation to improve cyber security of the U.S. critical infrastructure.

He said: 'The stakes are too high for us to fail, and our citizens will be the ones to suffer the consequences of our inaction.'

[American Patriot]

true enough... everyone thinks hackers can get to classified data at the Pentagon and dial, Cia etc... but they cant.

but someone got into a water plant didn't THEY?

[Phil Fiord]

I did a similar experiment to Peterle some time ago with my employer.. Some of the sites that we get through our intranet are available from the internet and are stated as confidential. Now, no links work to get t stuff unless you login with ones common login for the system, which I did and was able to access a ton of stuff. Now, granted, I am not about to exploit that, but I did find it interesting.

[vector7]

Why now?

[American Patriot]

Why is Panetta just warning us now? Because the current administration members are antiques, a throw back from the Soviet Era of Communism.

No, not that they are aware of things, they are JUST CATCHING UP TO CURRENT TECHNOLOGY.

If these people had a clue they would have gone forward with the "Cyber Warfare" units we were putting together in the 1990s.

If they had a CLUE that "3:00 AM Call that came in for Benghazi" last month would have been answered.

No, these folks are clueless and will destroy America if allowed to remain in office.

If Obama were anything like John Kennedy we'd not have had a hit on our embassy like that, after the lessons of 9-11.

[American Patriot]

Sometimes Vector, the news just does it all for me.

To illustrate my previous point, read this:

Cuban Missile Crisis holds lessons for presidential race

Opinion | Nicholas Burns

THIS STORY APPEARED IN


October 10, 2012

• 

Anxious people checked the Associated Press teletype machine in the Boston… (Jack O’Connell/Globe…)




Next week marks the 50th anniversary of the Cuban Missile Crisis — arguably the most dangerous moment in modern history.

During 13 harrowing days in October 1962, President John F. Kennedy and Soviet Premier Nikita Khrushchev squared off in a test of strategy and wills that nearly ended in a thermonuclear exchange. Hundreds of millions of people might have died in the United States and Soviet Union alone. At the height of the crisis, hardliners on both sides argued for war. Instead, Kennedy and Khrushchev, in a series of dramatic last-minute communications, opted for diplomacy and compromise to avoid the catastrophe of a nuclear conflagration.







What can Barack Obama and Mitt Romney learn from this crisis 50 years later? My Harvard colleague Graham Allison, who wrote the revolutionary account of what happened in his landmark 1971 book “Essence of Decision,” hosted a conference recently at the Kennedy School to reflect on the meaning of the crisis for us today. I took away two big lessons that inform the war and peace challenges our next president could face in an increasingly dangerous international environment.


First, success in diplomacy at the highest levels sometimes requires opening exit doors for your adversary so that he can save face and avoid the conflict ahead. Kennedy did just that in offering secretly to remove American Jupiter missiles in Turkey as a trade for the removal of Soviet nuclear weapons from Cuba. Will Romney and Obama take a similarly imaginative approach to negotiations with Iran? If we are to convince Tehran to halt its nuclear efforts and avoid a war, we may have to help its leaders find a way out — a compromise that will give it a public excuse to stop well short of a nuclear weapon.


Second, Kennedy concluded after the crisis that we had to think about the Soviet people in a fundamentally different way if we wanted to avoid nuclear Armageddon. In his greatest speech, at American University eight months after the crisis, Kennedy advocated building bridges to the Soviets, as the “human interest” of avoiding world war had to eclipse the more narrow “national interest.” He warned Americans “not to see conflict as inevitable, accommodation as impossible, and communication as nothing more than an exchange of threats.” He said we should adopt a “strategy of peace” instead. Who is better placed in our time — Obama or Romney — to find a way to move beyond our many difficulties with our modern-day rival, China, and to avoid a future conflict in the Pacific?



As we look to Nov. 6, we should measure the presidential candidates not just by their ubiquitous campaign commercials but by the qualities they possess that might make the difference between success or failure, war or peace, life or death in a future crisis. Kennedy demonstrated the value of restraint, good judgment, and courage in avoiding war in 1962. Of the two candidates this year, does Obama or Romney have the better command of history, coolness under pressure, and good sense to make the right choice for all of us when the next crisis occurs?







Obama has demonstrated some of these qualities in his adept isolation of Iran, his largely skillful handling of the Arab uprisings, and his bridge-building to allies and partners that has rebuilt US credibility in Europe, especially. Romney’s big foreign policy speech Monday illuminated the challenge he has had in making an impact in foreign policy. His back-to-the-future evocation of American leadership seems right for the Cold War but not nearly sophisticated enough for our very different 21st-century world.
This election can’t be just about which candidate gives the snappiest presentation in a debate and rattles off the most memorable one-liners. We need a strong leader to preserve our power but one who can also avoid the rash rush to war that has, too often, been our reaction to global tests since 9/11. President Kennedy was far from perfect. But his leadership 50 years ago saved us from disaster. The Cuban Missile Crisis reminds us that we must prize above all the qualities of intelligence, leadership, and wisdom in our next president.


Nicholas Burns is a professor of the practice of diplomacy and international politics at Harvard’s Kennedy School of Government. His column appears regularly in the Globe.




=======================


Now, everyone seems to just want the "Soviets" to get along. Except the Soviets. The Russians are no different today than they were 50 years ago. Fifty years ago I sat as a little boy in front of the television awed by the images of nuclear bombs exploding and knowing those people were going to drop bombs on the USA. My home.

That crisis was a defining moment in my life. I was only five years old but I remember it as clearly as if it happened a month ago. I remember Kennedy on television. I remember Walter Cronkite looking worried. I remember the "Duck and Cover" drills in Kindergarten. And I remember KNOWING without a doubt having watched those massive nuclear explosions on the black and white television set that there was NO WAY my little school, my desk or the big black board was going to save me and my classmates if one of those missiles fell on Detroit.

I also know that it was at the height of this that my life changed. Dad and Mom packed up everything we owned in the back of a car and little trailer and we left at 3 AM to move to Kentucky for the next few years. I left my classmates behind and I'm sure they never knew what happened to me. I honestly believe to this day Dad thought we were all going to be vaporized in a cloud of radioactive fire. (we moved back for a short time, a year later, about 6 months and then back to Ky again until late 1968)

Either way, I think that the Cuban Missile Crisis set several things in motion in my life.