Illinois Water Hack Causes Confusion

Dec. 5, 2011
Illinois Authorities and the DHS and FBI Disagree

Was the tiny Curran-Gardner Townships Public Water District (www.currangardner.com) in downstate Illinois the victim of a foreign-based cyber attack or not? As of press time, that seems to be the question.

What we do know is this: The Illinois Statewide Terrorism and Intelligence Center reported that "Sometime during the day of Nov. 8, 2011, a water district employee noticed problems with a SCADA system. An information technology service and repair company checked the computer logs of the SCADA system, and determined the system had been remotely hacked into from an Internet provider address located in Russia…

"Over a period of 2-3 months, minor glitches have been observed in remote access to the water district's SCADA system. Recently, the SCADA system would power on and off, resulting in the burnout of a water pump."

No motive was given for the attack.

Don Craver, chairman of the Curran-Gardner Water District reported to ABC affiliate, WLS TV, Chicago, that "There's some indication there was a breach of some sort into a software program—the SCADA system—that allows remote access to the wells, and the pumps, and those sorts of things."

According to Joe Weiss, principal at Applied Control Systems and ControlGlobal.com's "Unfettered" security blog, the attackers obtained access to the network with credentials stolen from an unnamed SCADA vendor. 

The problem is that the FBI and the DHS both have said that, after investigation, they do not believe such an attack occurred.
However, before anyone assumes that this whole issue is overblown, within days of the Curran-Gardner scare, a home-grown hacker calling himself "pr0f" or "@pr0f_srs" announced that he had hacked into the South Houston Water Utility in Texas, and he posted several screenshots of the system on the Internet.

Pr0f himself went public with the attack and explained his motives clearly—to demonstrate just how insecure such systems are. (Apparently South Houston's system was accessible via a simple, three-letter password.)

He said, "I'd like to go on record and say that the main reason I did what I did yesterday was essentially because I know I am not the only person with an interest in these systems. I also know I am not the only person who has explored them and read up on them. I don't think I am alone in suggesting that the gravity of the problem is more serious than ICS-CERT and similar [sic] are equipped to deal with. I'd love to see some real reform and discussions between the government, manufacturers of ICSs and people who use these systems happening, because there seems to be a huge disconnect between the parties involved."