Accessibility links

The Pump Don't Work 'Cause The Russians Hacked The Handle (Except They Didn't)


One of the doomsday scenarios of cyberwarfare is hackers taking down critical infrastructure. The electricity grid is taken offline, points fail at railway junctions, life-saving networks at hospitals are rendered obsolete.

So when a center for information sharing under the U.S. Department of Homeland Security and the Department of Justice released a report in 2011 alleging that Russians had hacked into the control system of an Illinois water pump, people sat up and took notice.

According to Kim Zetter at "Wired," the report "sow[ed] panic in the industrial control system community":

The report, which was meant to be confidential, claimed that attackers from Russia had hacked into the network of a software vendor that made the SCADA system used by a water district in Illinois and stolen usernames and passwords that the vendor maintained for its customers. The hackers then supposedly used the credentials to gain remote access to the utility's network and cause a water pump to burn out. The report was leaked to the media by an industrial control systems expert who had gained access to it.

In reality, however, the water-pump system hadn't been hacked at all. "Wired" details what happened:
Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.

When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.

Even though the FBI ascertained that the reports of Russian hacking were baseless, according to a new Senate subcommittee investigation, the so-called fusion center and the Department of Homeland Security's Office of Intelligence and Analysis continued to spread the reports.

Fusion centers were set up after the 9/11 terrorist attacks to enable information sharing between federal and local agencies:
"Almost no part of the initial reports of the incident had been accurate -- not the fusion center report, or DHS's own intelligence report, or its intelligence briefing," write the Senate investigators in their report. "The only fact that they got right was that a water pump in a small Illinois water district had burned out."

Show comments

XS
SM
MD
LG