Sunday, November 20, 2011

Hacker 'makes a point' after DHS downplays Russian SCADA cyberattack

In the wake of the DHS response, or lack thereof, after a reported Russian cyberattack against a SCADA system at an Illinois water plant, a U.S. hacker decided he was going to make a statement. The hacker, pr0f, said on Friday that he hacked into a South Houston water utility to show how easily it could be done.

In their response to the report, the Department of Homeland Security said "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety." Well, pr0f didn't like that too much.

In a pastebin post, pr0f said, "This was stupid. You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely F*CKED the state of national infrastructure is. I've also seen various people doubt the possibility an attack like this could be done."

And then, he linked a series of screenshots of what appear to be diagrams of water and waste-water treatment facilities in South Houston, Texas (one of which is above).

At least pr0f didn't damage the system. He was just, he said, trying to make a point.

"I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic [which is Siemens ICS software]."

The superintendent of the South Houston water plant, Fred Gonzalez, told CNET, "We're still checking into the whole problem and seeing what's going on."

At the same time, a DHS spokesperson said he would look into the reported incident.

No comments: