Water Pump Destruction Not Due To SCADA Hack

← Back to Stories (view on slashdot.org)

Water Pump Destruction Not Due To SCADA Hack

Posted by Unknown on Wednesday November 23, 2011 @04:44AM from the anonymous-not-affliated-with-yippies dept.

knifeyspooney writes "According to the Springfield State Journal-Register, the city's recent public water system failure was not caused by malicious activity. One water district trustee spoke this gem: 'First, they tell us that it's the first instance of cyber hacking in the entire world, and everyone goes nuts. Now, all of a sudden, they tell us it's not.'"

26 of 90 comments (clear)

Min score:

Reason:

Sort:

First instance? by Aryden · 2011-11-23 04:46 · Score: 4, Insightful

say what? first instance of cyber hacking? are you suuuuuuuure about that?
1. Re:First instance? by md65536 · 2011-11-23 04:56 · Score: 3, Funny
  
  Yes.
  There have been hacking instances somewhere in the world, in the past, probably. But this is the first one that's cyber.
2. Re:First instance? by cribb · 2011-11-23 05:06 · Score: 5, Funny
  
  They trendsourced it.
  As MrEricSir once wrote: (http://tech.slashdot.org/comments.pl?sid=1174265&cid=27321897)
  
  Def. trendsource
  -verb: to solve problems using popular buzzwords
  ("The water utility trendsourced the cyberhack by integrating crowdsourcing with Agile methodologies automated with a SOAP communication layer.")
  
  --
  Hostes alienigieni me abduxerunt. Qui annus est?
3. Re:First instance? by 7x7 · 2011-11-23 05:27 · Score: 4, Informative
  
  Wired still seems to think it was a hack, or at least something fishy is going on. http://www.wired.com/threatlevel/2011/11/scada-hack-report-wrong/
4. Re:First instance? by mcgrew · 2011-11-23 07:31 · Score: 2
  
  I think what he meant was it was the first instance of cyber-hacking (is that phrase redundant?) against a SCADA system. Besides, that's the exact wording the media is using.
  I live in Springfield, and the media reports are pretty contradictory. The reports in the last few days were that the company that designed the system had evidence of a successful hack and they were worried that the design company hack would lead the attackers to information that would let them in the system.
  Two nights ago the local TV news (WICS 20) reported that they had uncovered evidence in the SCADA logs that indicated that they were penetrated, now they say otherwise.
  All over a burned out pump. Nobody got hurt, no services were interrupted.
  News reports are also saying it's in Springfield; it isn't. It's a water district in two tiny towns a few miles away. Here's a map.
  
  --
  Free Martian Whores!
Manipulating the stupid masses through media. by unity100 · 2011-11-23 04:48 · Score: 4, Insightful

simple. you tell that it is due to cyberhack. everyone goes nuts, endless number of articles spread throughout internet. then you admit that it wasnt. at this point it is now impossible to change misinformation. the misinformation spreads, public opinion is shaped. you can pass your $OPA act.

http://www.abc.net.au/science/articles/2011/07/11/3265013.htm

http://idle.slashdot.org/article.pl?sid=10/07/14/1235220

--
Read radical news here
1. Re:Manipulating the stupid masses through media. by Anonymous Coward · 2011-11-23 04:49 · Score: 4, Funny
  
  Isn't all that tinfoil a little scratchy?
2. Re:Manipulating the stupid masses through media. by Hijacked+Public · 2011-11-23 06:18 · Score: 2, Insightful
  
  I'm a big fan of good evidence but if you don't read Leo Strauss and discover that a critical component of neo-conservatism is having an enemy to unite people against, then find out that an entire war launched by neo-cons that dumped billions into the pockets of neo-con friendly businesses was based on entirely fabricated evidence against the enemy, then wonder if some elements of governments might be willing to engage in extreme hoodwinking to get what they want....maybe you are in denial.
  
  --
  "Sacrifice for the good of The State" - The State
3. Re:Manipulating the stupid masses through media. by mcgrew · 2011-11-23 07:37 · Score: 2
  
  Eh, it was Rority. Drunk and stoned, as usual.
  
  --
  Free Martian Whores!
This is the FBI by Oswald+McWeany · 2011-11-23 04:48 · Score: 5, Funny

Good morning Mr. Mayor,
this is special agent Smith.
Yes, we'd like you to say the water pump malfunctioned and wasn't hacked.
No, no, I know about the truth, Mr. Mayor, but we don't want the public to be aware of the dangers they are in from exploding water towers and militarised telephone cables... or to encourage copycat hackers.
Yes, yes... just say it was normal wear and tear.
Oh, you're not going to comply?.. are you aware that we have an unauthorised GPS under your car and know what you do Tuesday nights? ... ahh I'm glad you see things our way.

--
"That's the way to do it" - Punch
Re:So, the question is.... by Anonymous Coward · 2011-11-23 04:57 · Score: 2, Insightful

No. It was a revised statement based on new information. That's still allowed, right?
Y'all missed a critical paragraph in TFA by Anonymous Coward · 2011-11-23 04:58 · Score: 5, Informative

"How can two government agencies be so at odds at what’s going on here? Did the fusion center screw up, or is the fusion center being thrown under the bus?” commented Joe Weiss, the security expert who discovered the initial Fusion Center report and reported on it. “There’s a lot of black and white stuff in that report. Either there is or there isn’t a Russian IP address in there. It’s hard to miss that."
1. Re:Y'all missed a critical paragraph in TFA by Nethemas+the+Great · 2011-11-23 05:02 · Score: 2
  
  Don't worry clarification is only 20 years away.
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
2. Re:Y'all missed a critical paragraph in TFA by Bardwick · 2011-11-23 05:08 · Score: 4, Insightful
  
  Watch the attempted connections to any machine on a public IP. Probably takes about 20 minutes to get an IP from every country in the world.
3. Re:Y'all missed a critical paragraph in TFA by Vellmont · 2011-11-23 12:21 · Score: 2
  
  Who the hell does intrusion detection by (simply) analyzing network traffic and port scanning? Here's a line from a log file in a certain machine I have access to:
  
  Maybe the same idiots who put a SCADA system accessible over the internet?
  The truth is we have no idea where the alleged "russian IP address" came from. You making up an SSH log is pure bullshit. Was it an intrusion detection system, or was it a firewall log? Nobody is saying. The OP seemed to think this was very simple, with an IP address somehow being a definitive answer to whether the system was broken into, and the breaking being definitive evidence of the pump being caused by the alleged breakin.
  My advice would be to stop making things up, and rely on actual facts. There's almost none of those now, so you can say just about anything and get away with it. The facts are the the FBI has said the claims the machine was hacked is utter bullshit.
  My money is on the idiots who who thought it was a good idea to put a SCADA system for a public water supply on the internet aren't exactly the people you want conducting a security investigation. I don't exactly trust the FBI, but they're not really known to back away from high profile cases and claim there wasn't any crime. If you want evidence of the FBI being over-zealous in trying to find crimes where non occurred, just ask Steve Kurtz
  
  --
  AccountKiller
Sowing the seeds of cyberwar profiteering? by Dega704 · 2011-11-23 05:08 · Score: 2

While I don't think that threats like these are nonexistent, they are still extremely overblown, and the media jumps on them at a moment's notice. My biggest concern is that this could be the beginning of the military industrial complex evolving to exist on the internet.
1. Re:Sowing the seeds of cyberwar profiteering? by hellkyng · 2011-11-23 06:15 · Score: 2
  
  I'm not sure they are overblown at all, stuxnet being the poster child for this as it actually impacted real world nuclear reactors. Another example being the guy using the handle pr0f that hacked a SCADA system the same day as this water pump and offered conclusive evidence to the fact. If stuxnet was deployed as a method to weaken the security capabilities of a perceived enemy, then it strikes me as a tool of war. I'm pretty sure though what everyone is calling "cyber-war" is likely to evolve into "war-prep" or steps we take prior to landing boots on the ground.
2. Re:Sowing the seeds of cyberwar profiteering? by Tekfactory · 2011-11-23 06:50 · Score: 3, Insightful
  
  Well stuxnet affected Programmable logic controllers that affected centrifuges refining nuclear material. I was at a conference recently and half the talks were about stuxnet, duqu and PLCs, the show was not energy or utility industry related, but basically anything with a PLC is vulnerable to this sort of attack.
  There were a lot of folks in industry talking about how uncertain they were about how tight their air-gaps were. Stuxnet got past air-gaps anyway, but at least a lot of the industrial controls folks are talking about it now. It would have been nice if someone listened when US-CERT reported researchers were able to remotely burn out an electrical generator in 2005.
Re:So, the question is.... by Moheeheeko · 2011-11-23 05:13 · Score: 4, Insightful

Yes, but we would prefer if government agencies didn't jump to outrageous conclusions before all the information is gathered.
Dam cyberhackers by Hentes · 2011-11-23 05:14 · Score: 2

The three-letter passwords can withstand regular hackers, but noone could expect that the mighty cyberhackers were coming!
1. Re:Dam cyberhackers by Samantha+Wright · 2011-11-23 06:17 · Score: 2
  
  Oh god. I didn't even cyber-notice that. What is the cyberworld cyber-coming to?
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
screenshots prove nothing... by FrozenFood · 2011-11-23 05:34 · Score: 3, Insightful

As an actual control systems engineer who uses the Siemens Simatic range of PLC/HMI/Servo drives, it doesnt take a two year old who knows how torrents works to download the WinCC flex HMI programming software, throw together a few screens with some built in clipart of pumps and generators and claim he has hacked a city's water supply... or uranium plant, or Area 51 air con system..
Tinfoil Conspiracy by q.kontinuum · 2011-11-23 06:24 · Score: 2

I posted this before, but the fight against this conspiracy is not over yet!
Any nerd claiming to wear a tinfoil head is either a wannabe or part of the tinfoil conspiracy!!11! It is so obvious that tinfoil hats might cover you from alleged hostile brain control waves from sattelites thousands of kilometeres awas, but otoh forms a nearly parabolic antenna to the whole communication wires and infrastructure below pedestrian lanes just a couple of meters away. And coincidentally only relevant people will be affected, since only they are likely to wear - wait a minute, there is someone knocking at my door, I will write more. later.

--
Trolling is a art!
Re:Help a /.er out by fotoguzzi · 2011-11-23 06:27 · Score: 4, Informative

The book is called @Large.

http://books.simonandschuster.com/At-Large/David-H-Freedman/9780684835587 Cuckoo's Egg might be the classic popular text from that era.

http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463

--
Their they're doing there hair.
detailed analysis by DHS by sl4shd0rk · 2011-11-23 06:34 · Score: 2

"...detailed analysis by DHS and the FBI has found no evidence of a cyber intrusion or any other malicious activity."
All this means is professional spin doctors were called in as damage control.
First off, there is a cracker out there with screen dumps from another cracked SCADA system. Coincidence? Yeah, right.
Secondly, the compromise was originally believed to have been the result of the SCADA vendor being cracked. Also, an IP address from a Russian source was found. If there was no compromise, I would still really be interested as to why a Russian IP address was found connecting to US infrastructure.
Thirdly, the cracker's pastebin post* sounds quite accurate of the DHS in general:
"...the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is."
* - http://pastebin.com/Wx90LLum

--
Join the Slashcott! Feb 10 thru Feb 17!
Local government incompetence? by Bagok · 2011-11-24 05:03 · Score: 2

Whether or not this is was a hack it points to incompetence (in both the original incident and the followup investigation). This is not the first case of incompetence in Springfield's "City Water, Light and Power" division. I recall two weeks in the early 80s where the entire town was ordered to boil tap water before drinking (and avoid getting water in your eyes and mouth while bathing) because of high levels of ecoli contamination. CWLP workers ran around sampling water from all over the system for several weeks before they discovered their own lab was contaminating the samples. Springfield has a commissioner government where elected officials run various departments (Streets, CWLP, others I can't recall) with an elected mayor acting as a figure head. Commissioners are re-elected year after year as long as they *seem* competent and are generally well liked. I always thought it was strange system and I've never seen another local government run this way. I wonder if it is inherently more likely to have catastrophic failures than say, an aldermann/city council/city manager.

--
I'm not sure about faith moving mountains, but I've seen what it can do to skyscrapers.