BelchSpeak

I can't believe that came from your mouth!

Cyber

Pennsylvania SCADA System Hacked

It is extremely rare for SCADA systems to be attacked. SCADA systems are computers that control sensors or mechanical components that either report status back to a control center or change the mechanical status to affect a working system. Like opening valves or reporting the levels in a mixture tank.

In practically all cases, such systems are protected from Internet Access both logically and physically. Control operators must go through quite a few loops to access the system from any remote region. It is done this way deliberately to prevent accidents or attacks in which the computers begin to falsely report status or will alter valves or mechanical status without authorization.

From the WashTimes here:

Hacker hits Pennsylvania water system

The FBI in Philadelphia is investigating how a hacker bypassed security and compromised the computer of a Harrisburg, Pa., water filtration plant.

FBI Special Agent Jerri Williams told ABC News the apparent motive in the Columbus Day attack wasn’t to disrupt the plant’s operation, but rather to use its computer to covertly distribute mass e-mails or pirated software.

“The concern was high because it is a computer that controls an important infrastructure system, and if, for some reason, it caused it to fail, it would have disrupted service,” Williams said.

The hacker originally gained access by tapping into an employee’s laptop, officials said. Since the intrusion, the plant has changed all passwords to the system and eliminated home access to the system, ABC said.

So it looks like an employee neglected to update his own laptop, and he likely got hit with a drive-by download of botnet software. It was through this backdoor into the laptop that the hacker leaped across the network to compromise the SCADA host.

Philadelphia can be thankful that the hacker didn’t know what he compromised, or else the water might taste funny at this point. The SCADA host was intended to be used to distribute pirated software and act as a spam relay.

It should be noted that the excellent folks at the Water ISAC followed the plans and got the FBI involved at the proper time, as is outlined by DHS.

Dr. Jones

Do not talk about fight club. Oops.

Leave a Reply

Your email address will not be published. Required fields are marked *