Hackers hit water treatment plant

Powered by SC Magazine
 

Targeted SCADA through 'astonishing' weak point.

Hackers accessed the network of a water treatment facility in the United States, destroying a water pump, according to reports.

The attack against the water utility in Springfield, Illinois may have started as early as September, but wasn't noticed until the beginning of November.

The hackers targeted its Supervisory Control and Data Acquisition System (SCADA) - the same system under attack by Stuxnet, although there's nothing to suggest that malware is at fault.

“It is unknown, at this time, the number of SCADA usernames and passwords acquired from the [water treatment] software company’s database and if any additional SCADA systems have been attacked as a result of this theft,” Illinois state security authorities said in a report, according to Wired.

The hackers apparently accessed the system via a flaw in phpMyAdmin, which Sophos security researcher Chester Wisniewski criticised as an astonishing weak point.

"Reading about this my spidey-sense was tingling," he said in a post on the Sophos blog.

"They have SCADA control systems hooked up to the public internet? And they are running phpMyAdmin?"

Wisniewski said he stopped using phpMyAdmin to run his own personal site after the "never-ending stream of sever vulnerabilities" became too much trouble.

"Convenience and price are always desirable to those responsible for managing these systems, but this is bordering on criminally negligent when you are responsible for our water, power, gas and other sensitive utilities," he said.

The US Department for Homeland Security has warned about holes in SCADA software, while a report last year warned to expect more attacks against utilities and other infrastructure.

Copyright © PC Pro, Dennis Publishing


Hackers hit water treatment plant
 
 
 
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
 
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
 
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 4122

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1404

Vote