FBI, DHS dismiss report of water plant hack

Nov 23, 2011

US investigators have dismissed a report that computer hackers were behind the failure of a water pump at a plant in the midwestern US state of Illinois.

Chris Ortman, a spokesman for the , said "detailed analysis" by DHS and the "found no evidence of a cyber intrusion" at the water facility in Springfield, Illinois.

"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media -- that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," he said.

"Analysis of the incident is ongoing and additional relevant information will be released as it becomes available," the DHS spokesman added.

Joe Weiss, an infrastructure control systems expert with consultant Applied Control Solutions, reported the alleged hacking attempt last week, citing a disclosure by the Illinois Statewide Terrorism and Intelligence Center (STIC).

According to Weiss, the disclosure by the state organization said a vendor of Supervisory Control and Data Acquisition (SCADA) software was hacked and customer usernames and passwords stolen.

There are about a dozen or so firms that make SCADA software, which is used to control machines in industrial facilities ranging from factories and to nuclear power and sewage plants.

The IP address of the attacker was traced back to Russia, Weiss cited the STIC disclosure as saying.

Ortman, the DHS spokesman, said, however, that the DHS and FBI "have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."

Weiss, in a blog post late Tuesday, said the DHS statement "appears to conflict with the STIC report and its positive statements that an event had occurred."

"If DHS turns out to be correct in its assumptions, then anyone acting on the STIC warning would have been wasting precious resources addressing a problem that doesn't exist," Weiss said.

While dismissing the report of a hacking attack on the Illinois plant, a senior DHS official said the department and FBI were looking into a separate hacking claim at another US utility.

In that incident, a hacker claimed to have accessed an industrial control system responsible for water supply and posted images allegedly obtained from the system, the official said.

Explore further: Tweet much to gain popularity is an inefficient strategy

add to favorites email to friend print save as pdf

Related Stories

Top US cybersecurity official quits

Mar 07, 2009

A top US cybersecurity official has quit, complaining in a resignation letter obtained by Wired magazine that US cyber protection efforts are being dominated by the super-secret National Security Agency (NSA).

Terrorism risk determines homeland security spending

Jun 05, 2008

A new study in Policy Studies Journal reveals that measures of terrorism risk are found to be positive determinants of Homeland Security funding, while measures of political influence and party affiliation of elected officials ...

No apparent Stuxnet impact in US: cyber official

Dec 07, 2010

Computer software targeted by Stuxnet is used in US infrastructure but the virus does not appear to have affected any systems in the United States, a US cybersecurity official said Tuesday.

Recommended for you

Tweet much to gain popularity is an inefficient strategy

1 hour ago

The imbalanced structure of Twitter, where some users have many followers and the large majority barely has several dozen followers, means that messages from the more influential have much more impact. Less ...

Five ways to fight online abuse with good manners

1 hour ago

Online and social media's capacity to enable anyone to communicate their ideas and views is much celebrated. So why do so many people feel nervous about getting involved with online debate?

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.