Forgot your password?
typodupeerror
Security

Water Pump Destruction Not Due To SCADA Hack 90

Posted by Unknown Lamer
from the anonymous-not-affliated-with-yippies dept.
knifeyspooney writes "According to the Springfield State Journal-Register, the city's recent public water system failure was not caused by malicious activity. One water district trustee spoke this gem: 'First, they tell us that it's the first instance of cyber hacking in the entire world, and everyone goes nuts. Now, all of a sudden, they tell us it's not.'"
This discussion has been archived. No new comments can be posted.

Water Pump Destruction Not Due To SCADA Hack

Comments Filter:
  • First instance? (Score:5, Insightful)

    by Aryden (1872756) on Wednesday November 23, 2011 @12:46PM (#38149670)
    say what? first instance of cyber hacking? are you suuuuuuuure about that?
  • by unity100 (970058) on Wednesday November 23, 2011 @12:48PM (#38149694) Homepage Journal
    simple. you tell that it is due to cyberhack. everyone goes nuts, endless number of articles spread throughout internet. then you admit that it wasnt. at this point it is now impossible to change misinformation. the misinformation spreads, public opinion is shaped. you can pass your $OPA act.

    http://www.abc.net.au/science/articles/2011/07/11/3265013.htm [abc.net.au]

    http://idle.slashdot.org/article.pl?sid=10/07/14/1235220 [slashdot.org]
    • by Anonymous Coward on Wednesday November 23, 2011 @12:49PM (#38149710)

      Isn't all that tinfoil a little scratchy?

      • Re: (Score:3, Insightful)

        I'm a big fan of good evidence but if you don't read Leo Strauss and discover that a critical component of neo-conservatism is having an enemy to unite people against, then find out that an entire war launched by neo-cons that dumped billions into the pockets of neo-con friendly businesses was based on entirely fabricated evidence against the enemy, then wonder if some elements of governments might be willing to engage in extreme hoodwinking to get what they want....maybe you are in denial.

        • by Dishevel (1105119)

          Thank you.
          I like how easy it is to decide decide to completely dismiss someones statements based on a single hint.
          The "Neo-Cons" did it with the help of the "Jews".

          Please continue to use the term Neo-Con so as to warn the rest of us that you are to be ignored.

          • by unity100 (970058)
            while neo cons are using the term 'neo con' for themselves, openly and proudly in party speeches, only a moron would come up and try to deny the existence of their entire faction.
      • I posted this before, but the fight against this conspiracy is not over yet!
        Any nerd claiming to wear a tinfoil head is either a wannabe or part of the tinfoil conspiracy!!11! It is so obvious that tinfoil hats might cover you from alleged hostile brain control waves from sattelites thousands of kilometeres awas, but otoh forms a nearly parabolic antenna to the whole communication wires and infrastructure below pedestrian lanes just a couple of meters away. And coincidentally only relevant people will be af

      • by Hentes (2461350)

        Well this tactic worked in Roswell, a lot of people still believe it was an UFO.

  • by Oswald McWeany (2428506) on Wednesday November 23, 2011 @12:48PM (#38149704)

    Good morning Mr. Mayor,
    this is special agent Smith.

    Yes, we'd like you to say the water pump malfunctioned and wasn't hacked.

    No, no, I know about the truth, Mr. Mayor, but we don't want the public to be aware of the dangers they are in from exploding water towers and militarised telephone cables... or to encourage copycat hackers.

    Yes, yes... just say it was normal wear and tear.

    Oh, you're not going to comply?.. are you aware that we have an unauthorised GPS under your car and know what you do Tuesday nights? ... ahh I'm glad you see things our way.

    • by geekoid (135745)

      Too bad that makes no sense what so ever.

      • by Anonymous Coward

        It does when you realize you're only hearing what Agent Smith is saying

  • by Anonymous Coward on Wednesday November 23, 2011 @12:58PM (#38149820)

    "How can two government agencies be so at odds at what’s going on here? Did the fusion center screw up, or is the fusion center being thrown under the bus?” commented Joe Weiss, the security expert who discovered the initial Fusion Center report and reported on it. “There’s a lot of black and white stuff in that report. Either there is or there isn’t a Russian IP address in there. It’s hard to miss that."

    • Don't worry clarification is only 20 years away.
    • by Bardwick (696376) on Wednesday November 23, 2011 @01:08PM (#38149908)
      Watch the attempted connections to any machine on a public IP. Probably takes about 20 minutes to get an IP from every country in the world.
      • by Arrepiadd (688829)

        Riiiiiiiight... Correct me if I'm wrong, but a "connection attempt" won't be enough to take down any system.
        Getting a Russian IP address to attempt to connect at your SSH port is one thing, getting a Russian IP address successfully entering your machine and "doing stuff" is something totally different.

        If this was all because of an IP logged as failing access then that's one thing. Having heard earlier in the week that the password was 3 characters long, I kind of doubt that...

        • by mcgrew (92797) *

          Different attack; this was in a little town a few miles outside Illinois' capital city, the one with the three letter password was in Texas (go figure).

    • by Anonymous Coward

      Mod parent up. This is a very important point. These agencies aren't talking to each other very well.

    • "How can two government agencies be so at odds at whatâ(TM)s going on here? Did the fusion center screw up, or is the fusion center being thrown under the bus?â commented Joe Weiss, the security expert who discovered the initial Fusion Center report and reported on it. âoeThereâ(TM)s a lot of black and white stuff in that report. Either there is or there isnâ(TM)t a Russian IP address in there. Itâ(TM)s hard to miss that."

      One explanation could be their ras computer was one of millions which happened to be part of a random botnet army.

      Someone looking into what had happened incorrectly linked their problem to discovery of the botnet. Not unlike blaiming the compiler, cosmic rays, the rain...etc..it was a knee jerk by someone lacking intelligence to follow thru with a proper investigation.

      The "apparently" reference in regards to hacked vendors password lists also red flagged in my mind that the morons managing the system were

    • by Vellmont (569020)


      Either there is or there isn’t a Russian IP address in there. It’s hard to miss that.

      An ip address is some unnamed log file that someone says is Russian tells you exactly nothing about whether a system was compromised. Was that just somebody running a scan near the same time the pump broke, or did you just get 0wned? A simple log file of network traffic won't tell you that. Anyone who's ever looked at network log files knows there's scans of your IP addresses going on constantly. In any fore

      • by Arrepiadd (688829)

        Are we all just into saying crap nowadays?

        Who the hell does intrusion detection by (simply) analyzing network traffic and port scanning? Here's a line from a log file in a certain machine I have access to:

        Nov 21 18:20:46 ccc sshd[2549]: Accepted keyboard-interactive/pam for <USER> from <aaa>.<bbb>.58.34 port 64715 ssh2

        (I replaced the username and part of the IP address for security and privacy reasons)
        In this case, the user logged in successfully. If it was unsuccessful, it would also

        • by Vellmont (569020)


          Who the hell does intrusion detection by (simply) analyzing network traffic and port scanning? Here's a line from a log file in a certain machine I have access to:

          Maybe the same idiots who put a SCADA system accessible over the internet?

          The truth is we have no idea where the alleged "russian IP address" came from. You making up an SSH log is pure bullshit. Was it an intrusion detection system, or was it a firewall log? Nobody is saying. The OP seemed to think this was very simple, with an IP address som

  • While I don't think that threats like these are nonexistent, they are still extremely overblown, and the media jumps on them at a moment's notice. My biggest concern is that this could be the beginning of the military industrial complex evolving to exist on the internet.
    • by Synerg1y (2169962)

      Yep, we haven't had a good cyber war yet, I'm sure the Chinese hackers are itching for it.

    • by hellkyng (1920978)

      I'm not sure they are overblown at all, stuxnet being the poster child for this as it actually impacted real world nuclear reactors. Another example being the guy using the handle pr0f that hacked a SCADA system the same day as this water pump and offered conclusive evidence to the fact. If stuxnet was deployed as a method to weaken the security capabilities of a perceived enemy, then it strikes me as a tool of war. I'm pretty sure though what everyone is calling "cyber-war" is likely to evolve into "war-pr

      • by Tekfactory (937086) on Wednesday November 23, 2011 @02:50PM (#38150874) Homepage

        Well stuxnet affected Programmable logic controllers that affected centrifuges refining nuclear material. I was at a conference recently and half the talks were about stuxnet, duqu and PLCs, the show was not energy or utility industry related, but basically anything with a PLC is vulnerable to this sort of attack.

        There were a lot of folks in industry talking about how uncertain they were about how tight their air-gaps were. Stuxnet got past air-gaps anyway, but at least a lot of the industrial controls folks are talking about it now. It would have been nice if someone listened when US-CERT reported researchers were able to remotely burn out an electrical generator in 2005.

    • by mcgrew (92797) *

      While I don't think that threats like these are nonexistent, they are still extremely overblown, and the media jumps on them at a moment's notice.

      That's the media for you. If a system or systems were attacked on a daily basis, you wouldn't hear a peep out of the media. Dog Bites Man isn't news, Man Bites Dog is. Airline crashes are covered so often by the media because they're rare, not because they're common.

    • by couchslug (175151)

      "My biggest concern is that this could be the beginning of the military industrial complex evolving to exist on the internet."

      The military industrial complex invented the internet.

  • by Hentes (2461350) on Wednesday November 23, 2011 @01:14PM (#38149964)

    The three-letter passwords can withstand regular hackers, but noone could expect that the mighty cyberhackers were coming!

    • by Zocalo (252965)
      Your "dam[sic] cyberhackers" can't have been that mighty if they managed to confuse a water pump for the whole frickin' dam.
    • Oh god. I didn't even cyber-notice that. What is the cyberworld cyber-coming to?
  • Subject says all.

  • by FrozenFood (2515360) on Wednesday November 23, 2011 @01:34PM (#38150162)
    As an actual control systems engineer who uses the Siemens Simatic range of PLC/HMI/Servo drives, it doesnt take a two year old who knows how torrents works to download the WinCC flex HMI programming software, throw together a few screens with some built in clipart of pumps and generators and claim he has hacked a city's water supply... or uranium plant, or Area 51 air con system..
  • This reminds of a story I read in a newspaper at least 18 years ago that maybe was an excerpt from a book. Hoping someone could get me a name, or some other details.

    Here's what I remember:

    It was focused on a hacker. One of his crimes, he was able to remotely take over the operation of a dam, controlling its spillways, although I don't think he ever did any damage. When the authorities found the guy, his fingers were described as curled backwards from endless hours at a keyboard, and he was living in filth.

  • I cant help but think to myself ----- "these are not the droids you are looking for" -- Honestly too weird for me hackers, no hackers, makes no nevermind to me.
  • A cyber what?
  • Never attribute to malice that which can be attributed to stupidity. Stupidity is much more common.
    • by mcgrew (92797) *

      Hanlon's Razor (attributed to Heinlein). However, Never attribute to stupidity that which can be attributed to greedy self-interest. Somebody sold the water company a new pump, and the old one was fairly new.

      Now, if the pump was covered under warrantee, Heinlein comes into play.

  • by sl4shd0rk (755837) on Wednesday November 23, 2011 @02:34PM (#38150738)

    "...detailed analysis by DHS and the FBI has found no evidence of a cyber intrusion or any other malicious activity."

    All this means is professional spin doctors were called in as damage control.

    First off, there is a cracker out there with screen dumps from another cracked SCADA system. Coincidence? Yeah, right.

    Secondly, the compromise was originally believed to have been the result of the SCADA vendor being cracked. Also, an IP address from a Russian source was found. If there was no compromise, I would still really be interested as to why a Russian IP address was found connecting to US infrastructure.

    Thirdly, the cracker's pastebin post* sounds quite accurate of the DHS in general:
    "...the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is."

    * - http://pastebin.com/Wx90LLum [pastebin.com]

  • by fsckmnky (2505008)
    "She turned me into a newt!" ... "I got better."
  • Obi-Wan: These aren't the droids you're looking for.
    Stormtrooper: These aren't the droids we're looking for.
    Obi-Wan: He can go about his business.
    Stormtrooper: You can go about your business.
    Obi-Wan: Move along.
    Stormtrooper: Move along... move along.

  • Whether or not this is was a hack it points to incompetence (in both the original incident and the followup investigation). This is not the first case of incompetence in Springfield's "City Water, Light and Power" division. I recall two weeks in the early 80s where the entire town was ordered to boil tap water before drinking (and avoid getting water in your eyes and mouth while bathing) because of high levels of ecoli contamination. CWLP workers ran around sampling water from all over the system for se

We can predict everything, except the future.

Working...