Russian Hackers Breach Springfield, Illinois (?) Water Utility and Destroy Pump

POPSCI,
I sure hope you keep us posted on follow up articles on this subject! I sure like to be informed of future further developments.

This is a very interesting article!

.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.

ok. I may have said this before, but for computers that control important things such as this, (or nuclear missile launch and targeting computers, in more extreme circumstances) should not be connected to the internet. if you need a computer that's connected to the internet, that's fine, but don't then connect it to computers that operate machinery, such as water system pumps (or missile launching systems.)

--------------------------------------------------------------------------
why learn from your own mistakes, when you could learn from the mistakes of others?
“The most incomprehensible thing about the universe is that it is comprehensible” -Albert Ein

-my name here-

I guess you haven't heard too much about Stuxnet.

Search for it in google and read the "Is Stuxnet the 'best' malware ever? - Computerworld"

We live in a world where you can't hide.

Shows what kind of cyber terror or cyber attack could happen. Everything from medial to military to industrial to commonplace computing is at risk.

Springfield may need to up their best practices a LOT.

All infrastructures should exist on a private close network. If they need software, email or a driver off the internet, let them get off a dedicated computer attaché to the internet with virus protection.

But never put the government, military and infrastructure on the internet.

Attach a heart pace maker to the internet; obviously no.
They should not put themselves in a position to get hurt in the first place!

...............................
I am just so Qurious!

Quasi...

Please see my above comment on Stuxnet. A closed system will do nothing.

@dbacon

Stuxnet I realize was a planted virus using probably a flash drive that was switched out for an original, but that required a lot more than walking in like we owned the place and planting it. Also by the way the article is written (I know PopSci articles have been wrong before or at least been poorly written) this system appears to have been hooked up to the internet which, pardon my language, was assinine. I do agree with you however that it does not need to be connected to the internet to be infected, but based off of the info provided here it appears that it was hacked (which could include using viruses) rather than just being infected with a virus that did all the damage on its own.

Sure,

And here is a link forever one else reading too.
http://en.wikipedia.org/wiki/Stuxnet

My above opinions is still highly helpful and useful too.

Remote control progams virus can not function, if they can not get back to the source. Hence they need the internet.

...............................
I am just so Qurious!

Saying it were russians just because the IP addresses were Russian (As if IP's have any real data to them) is like saying im Chineese just because I live on China road! For all I can guess these were probably local Americans who got pissed with the company(either for loosing their job, or otherwise) Or they were just f***ing around with whatever system they found stupidly designed. DON'T CONNECT NATIONAL FACILITIES TO THE INTERNET IS THE RULE HERE!!!

Internet type of robot or bot can be good or used in evil ways. So yes in other words a person in South America could put a bot virus type program in a computer in Russia and attack computers or this facility in USA. It is one way to make it difficult to track back to the original source of the attack.

This link does a good job of describing good and malicious\evil bots.

http://en.wikipedia.org/wiki/Internet_bot

In regards to this article, I agree, "DON'T CONNECT NATIONAL FACILITIES TO THE INTERNET IS THE RULE HERE!!!"

.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.

the reason the hackers were able to burn out the pump was because the company was using poorly configured microcontrollers that didn't incorporate delays and simply passed input from the system immediately to the output being the pump.

Yeah how bout we just don't use crap pumps even a simple sump pump knows to cut itself off before it blows ever heard of safety protocols?

This is a quote I pulled of the website CNN.

"This is just one of many events that occur almost on a weekly basis," said Sean McGurk, former director of the National Cybersecurity and Communications Integration Center. "While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance," he said.

So in reality, everything is speculative.

I work in industrial automation, doing remote support for SCADA systems. Isolating these systems from the internet entirely is probably not practical. Internet connectivity is part of what made this attack possible, but was not the root cause. If you read the article carefully, you'll find that this was not a worm, maintenance men covering their asses, poor programming of the automation controllers(more on that in a minute), or bad pump design.

The attack happened because someone was able to steal the credentials of the SCADA sytem users, and information on how to connect remotely to the system. They didn't even steal this information from the facility, but from the vendor who was supporting their systems. The comment regarding poor programming is valid, but with sort of access these attackers had to the system, it would be possible to CHANGE the logic in the controllers, allowing things to happen that shouldn't.

jaosullivan,
Following your thinking then would be best to say for government agencies, companies and yes the home user, change the default password that comes with your electronics to a high level strong password.

For the home user and your wireless router, dsl or cable modem, this means YOU!
You can take a piece of paper too and tape the new password on the bottom, should you forget it.

Government and companies that do not do this by default is just begging to be messed with.

Geewillikers
They may have followed all(well, most)best practices for account management. The real problem is that someone found the list of accounts, servers, connection information etc. So yes...follow all the best practices. And if you're going to violate the one about not storing that kind of information, at least try to store it securely.

jaosullivan,
Well, I am tired of the world being abused, aren't you?
So here is a couple of links to make a strong password.
These are just suggestions.
YOU, the user can also do a search in GOOGLE or you favorite search engine and as “What is a strong password ".

http://www.microsoft.com/security/online-privacy/passwords-create.aspx

http://en.wikipedia.org/wiki/Password_strength

And yes businesses have safes or locked filing cabinets. Most home users have a locked file, where they keep important papers. It would be best to keep passwords stored in a safe locked place.

Oh schedule changed you passwords periodically too. It is a nuisance, but eventually all passwords do get out with time.

This highlights the poor state of the infrastructure in the U.S. Many of our systems are out of date and increasingly vulnerable. It is not just targeted threats of hacking that could bring down an important system. Our country needs investment in so many areas. I wonder how long before another utility reports an attack like this one.

AdamWM,
Go back to the beginning of time. Who invented and made big computers, USA. Who started the internet, USA?
We are doing this to ourselves and we are giving away to the keys to our houses and our lives and businesses, money, everything. This particular technology USA is the leader and very frankly we do and have to stop it in its tracks.

I will make this suggestion clearly, since I believe it is USA that holds all the keys still.

ALL future generations of any operating system software develop and used in USA CLOSE ALL IT'S PORTS AND DOORS AND FORCE THE AMERICAN PUBILIC TO A HIGH STANDARD OF DEFENSE IN IT'S USE OF IT'S OWN COMPUTER, BUSINESS COMPUTER AND BEYOND. WE DO HAVE THE POWER TO STOP THIS HACKING, VIRUS, AND EXPOITATION OF OURSELVES. WE DO CONTROL WHAT FUTURE SOFTWARE WILL BE GENERATED AND WHAT RULES IT WILL FUNCTION. THIS IS USA, OUR COUNTRY< OUR LIFE AND OUR SOCIETY!!!!!!!!!!!!!!

WE are not at the mercy of all this software. We make the software and we make the operating systems.
WE CONTROL THE FLOOR< THE FOUNDATION< THE AIR AND THE SKY IN THIS! WE JUST NEED TO BE MATURE ENOUGH FROM OUR OWN GOVERNMENT TO ENFORCE IT NOW!!!!!!!!!!!!!!!

OUR ECONONMY IS A DISATORE; BUT THIS DESTRUCTION OF OUR USA INFRUSTRUCOR IS APOLLING> IT NEED AND CAN BE STOPPED!!!!!
HELL USA GOVERNEMENT< YOU CAN HELP NOW< JUST JUMP IN ANYTIME!!!!

WE CAN LEAD THE WORLD IN A SOLUTION!
OR we can just puddle along in obedience to our current government and business and they enjoy the carious and grow in business and we all continue to suffer.

...............................
I am just so Qurious!

USA HOLD THE KEYS AND CAN SET THE RULES ON THE LANS, THE NETWORKS AND THE INTERNET. I WANT FREE INTERNET.
I ALSO WANT PEOPLE AND BUSINESS TO BE PROTECTED MOST!

Why oh why are we allowing ourselves to be such victims in this, when we can control all of this?

...............................
I am just so Qurious!

What this proves is our vulerability to cyber-attacks. This planet cannot grow and develop with individuals bringing down progress. What needs to be done is to create a new network for industries and let the old internet do what it wants.

But my suggestion (extended off Quasiplasma) is that freeing LAN's to the people and creating a different structure for business's to be protected from attacks may be an inevitable future.

With attacks increasing 10 fold every 11 months, its bound to happen that some jackass will kill the computers that control flow of electricity eventually. Data security is at it's all time highest these days.

" Science without religion is lame, religion without science is blind." Albert Einstein

Way to misinterpret the problem. Keep trying. And in case no one mentioned it back in the 90's...stop shouting.

jaosullivan,
If typing with all caps on is shouting, I am sorry. My annoyance is not with anyone here, but our Government. Because I believe they could raise and enforce a higher typical standard of security. Their complacency allows the problem to grow and project the facade there are creating a cyber defense system and forcing more citizens to depend more on the government.

In fact it could just be made law to force electronics to a higher standard of security, computers and operating systems.

...............................
I am just so Qurious!

Could someone explain why the title says "Russian Hackers"? It's like the question mark doesn't have any purpose at all, poor question mark, used and abused.

Hey, Sean Kane, Russian IP address is not a person, individual or organization. You're not quoting the original source correctly, make an effort next time. The attack may have originated from Mexico (or the U.S. (?)) as far as anyone knows.

@Quasiplasma

"Who started the internet, USA?"
Nope, in fact it was invented by CERN, which I'm pretty sure isn't in America, I could be wrong though.

"This particular technology USA is the leader and very frankly we do and have to stop it in its tracks."
Well, I'm not sure that it's that easy...
If you want to play chess, you need two players. Sure, you can play by yourself but it's not going to do well to your sanity or your creativity. Seriously, there are too many strings attached nationally and internationally

"I will make this suggestion clearly, since I believe it is USA that holds all the keys still."
That's just wishful thinking... The USA doesn't hold the keys to anything, I even think that it forgot its own keys inside the house and now has to call the locksmith (RSA) to get back in. Frankly, what's the USA without the rest of the world? A lonely kid in the sandbox...

ner0
Your comments are about the only ones so far that show any sort understanding of the situation. Aside from mine, that is:)

And yeah...Russian Hackers? Ha! Who writes this stuff? When I'm logged in to a particular VPN, I get pop-up ads for single women who want to meet me and conveniently live in the Atlanta area. Problem is, I don't live anywhere near Atlanta. Getting the idea?

I agree with jaosullivan when he says that the root cause is not the internet connection and, like he says, if it's not practical then you need it and there's no argument there. The system was probably poorly secured and that's that. If you have a computer connected to an automation system you need to make sure that this particular computer and other trusted computers are well filtered, for example:
- Only allow inbound/outbound connections from/to trusted IP addresses;
- Never allow traffic from/to IP addresses outside the national range (at least it doesn't seem a good idea, besides some exceptions);
- If no internet connection is needed in that machine, not even to remote control/support the automation system, then don't allow it;
- Get IT teams to evaluate those kind of infrastructures and instead of shoving the report in a drawer until the report gets outdated, do something about it! Yes, it costs money...

Stuxnet is a whole different thing, that worm was actually built with the control mechanisms embedded so there was nobody controlling it from the outside, apart from some small reconnaissance mechanisms that don't necessarily influence the attack but helps the creators in compiling better stealth versions. Stuxnet was (almost) perfectly crafted with a detailed insight of what to hit, it knew the configuration arrangement to search for and how to hit it without raising eyebrows. It eventually was found (by accident) because not everything is predictable, they were so sure that it wouldn't be caught that they even created a kill date for it set to 24 June 2012, obviously they were off in their predictions, they're so optimist those guys in covert ops. Stuxnet is like a drone with GPS coordinates for a strike. And it's a well known fact that the kind of effort behind Stuxnet is at nation level, U.S. and Israel, with the help of Siemens (knowingly/willingly or not) from Germany are most certainly behind that.

What happened here at the Water utility was a bit different but anyway, poorly protected and I doubt that Russian hackers did it (even if possible). I'm most inclined to think that the attacker was someone familiar with that system (not only SCADA but the Water utility network itself). I'm not a fan of theory conspiracies nor do I want to paint it that way because all it is is speculation but a local culprit is more probable than Russian hackers that don't know how to bounce a connection off of another computer or proxy.

Why we do use IP4 and IP6 to communicate across the internet, it can also be establish that these devices only communicate to pre-assigned MAC addresses. This would prohibit and outsider to manipulate the devices from the beginning.

All nodes have 1 unique Mac address. The Mac address is secret to the owner too. So then only the administrator will allow what devices communicate.

.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.

I can totally agree with that.

ner0,
You agreed with me; a person agreed with me. What is the date and time. You write on 11/22/11 at 10:12pm. WOW! I have to remember that, gosh! ha ha, WOW!

Imagine, somebody agree with me.
I feel I can die now.
But, I cannot, I am Robot, I will just get new parts.
Oh the joy and tomorrow being THANKS GIVING!
What a Blessing! Can a Robot have GOD?
Well, I do, but let’s keep that a secret for now!
God Bless to all and I wish you well!
Happy Thanks Giving!

.............................
Science sees no further than what it can sense.
Religion sees beyond the senses.

The seeker of knowledge who seeks to reach beyond the stars to go where no mans gone before to see things no man has seen and bring these experiences back for the whole world to hear and see.

The sad thing about this is this is not the first time i have seen cyber intrusion of utilities run by the US. If i remember correctly early this year a Chinese IP was found after somebody tracked a worm left in a system used for public electric utilities. When they released the information they said their is no reason to hack the electric grid unless you plan on shutting down the electricity meaning the hackers that got into the system where not hacking the system for money but to peak on are electric infrastructure. when they left they left the worm as as a back door to get back into the system easier meaning they planned on getting back into the system. Many of you may remember when sony's PlayStation online account's where hacked and stolen it was also done by Chinese address. The sad truth is the US's ability to prohibit these things from happening seems to be failing our systems that we use are growing old and we just beginning to see what is possible when we have cyber terrorists roaming free in are critical infrastructure. In my educated opinion i believe this is the tip of the ice burg more or less the attempts are simply tests seeing so far nothing has gotten damaged or stolen but means these attempts are organized and are planned and soon i believe we will see the full force of cyber terrorism that includes a possible fire cell . For all it takes for the US to fall is for the system that's runs it to fail for insistence take out the lights and you invite panic and unrest leading to a full blown civil unrest for most Americans don't know how to survive on their own without grocery stores cell phones and computers or even tv. people would begin to panic or shut off all the water and people will riot for what little fresh water is left are system is so delicate so anything is possible when you are faced with a enemy without a face a cause or a motive i see hard times ahead for US's cyber terrorism prevention division.

Poor Springfield, as if Montgomery Burns hasn't done enough to harm it.

As an aside, one can't help but wonder, why Springfield, IL?