Analyst's note: Absolutely must read. The impact of this report is absolutely not good people. Available evidence suggests that the Department of Homeland Security (DHS) is downplaying the incident, apparently not advising other similar activities of the threat, and indicating that “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.” Just move along .... nothing is happening here. One has to wonder what will be discovered next .... after the fact? For further insight and perspective, I recommend an internal site searchs on the term "Stuxnet" and "SCADA".
"Hackers gained remote access into the control system of the city water utility in Springfield, Illinois, last week and destroyed a pump, according to a report released by a state fusion center and obtained by a security expert.
The hackers were discovered on Nov. 8 when a water district employee noticed problems in the city’s Supervisory Control and Data Acquisition System (SCADA). The system kept turning on and off, resulting in the burnout of a water pump.
Forensic evidence indicates that the hackers may have been in the system as early as September, according to the “Public Water District Cyber Intrusion” report, released by the Illinois Statewide Terrorism and Intelligence Center on November 10.
The intruders launched their attack from IP addresses based in Russia, and gained access to the utility system by first hacking into the network of a software vendor that makes the SCADA system used by the utility. The hackers stole usernames and passwords that the vendor maintained for its customers, and thereafter used the credentials to gain remote access into the water utility’s system.
[....] The fusion report indicated that the hack into the utility system shared a similarity to a recent hack into an MIT server last June that was used to launch attacks on other systems. In both cases, the intrusions involved PHPMyAdmin, a frontend tool used to manage databases. The MIT server was used to search for systems that were using vulnerable versions of PHPMyAdmin that could then be attacked. In the case of the water utility in Illinois, the fusion report said that the company’s log files contained references to PHPMyAdmin, but didn’t elaborate.
[....] The report indicates that for two to three months prior to the discovery, operators at the utility company noticed “glitches” in the remote access for the SCADA system. The report doesn’t indicate the nature of the glitches, but could refer to problems that legitimate users experienced trying to gain remote access into the system during the time the intruders were using log-in credentials.
“They just figured it’s part of the normal instability of the system,” Weiss told Threat Level. “But it wasn’t until the SCADA system actually turned on and off that they realized something was wrong.”
[....] The hack of the SCADA system is the first breach of an industrial control system reported since the Stuxnet worm was found on systems in Iran and elsewhere last year. Stuxnet was the first known digital attack designed to target an industrial control system in order to cause physical damage. In the case of Stuxnet, the worm was designed to commandeer an industrial control system used at a uranium enrichment plant in Iran in order to periodically increase and decrease the speed of centrifuges used to enrich uranium and destroy the devices.[....]
