FBI: Hackers Hit Cities Via SCADA

Thursday, December 1, 2011 @ 06:12 PM gHale

Hackers gained access to the infrastructure of three cities through their SCADA systems, an FBI official said.

Hackers accessed the critical infrastructure of three cities by compromising their SCADA (supervisory control and data acquisition) systems, said deputy assistant director of the FBI’s Cyber Division.

Hackers can Set Printer on Fire
Feds: No Cyber Intrusion at IL Water Plant
NJ Water Plant Victim of ‘Terrorism’
Water Utilities Breached

The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall, said Michael Welch at the Flemings Cyber Security Conference in London. He would not reveal the names of the cities.

“We just had a circumstance where we had three cities, one of them a major city within the U.S., where you had several hackers that had made their way into SCADA systems within the city,” Welch said.

The attack “was sort of a tease to law enforcement and the local city administration, saying ‘I’m here, what are you going to do about it,” he said. “Essentially it was an ego trip for the hacker because he had control of that city’s systems and he could dump raw sewage into the lake, he could shut down the power plant at the mall — a wide array of things.”

Welch would not clarify whether the attacks in question related to a reported SCADA attack on a water facility in Springfield, IL. On Wednesday, the Department of Homeland Security denied there was any hacking involved in the failure of a water pump at the Springfield facility.

Cyber security is “a huge growth factor” for the FBI, Welch said. He expects the bureau’s Cyber Division to double in size during the next 12 to 18 months.

“A big part of what we do is private sector liaison,” he said. “At no time in our history have we had to stretch the definition of what constitutes crime more than we do now.”

In addition to the reported cyber incident in Illinois, there was also an incident in South Houston, TX and and also one in New Jersey.

A hacker using the name “pr0f” or “@pr0f_srs” published information of a successful penetration of the South Houston Water Utility. This attacker used an unrelated technique to gain access to the water utility and then posted several screenshots of the control system on PasteBin.

In New Jersey, West Milford’s Municipal Utility Authority (MUA) suffered a series of attacks since July in which power shut off, valves opened and a wood plank ended up in a sewage filtration system.

Leave a Reply

You must be logged in to post a comment.