Sunday, August 28, 2016

Tangled Web

The Pump Don't Work 'Cause The Russians Hacked The Handle (Except They Didn't)

One of the doomsday scenarios of cyberwarfare is hackers taking down critical infrastructure. The electricity grid is taken offline, points fail at railway junctions, life-saving networks at hospitals are rendered obsolete.

So when a center for information sharing under the U.S. Department of Homeland Security and the Department of Justice released a report in 2011 alleging that Russians had hacked into the control system of an Illinois water pump, people sat up and took notice.

According to Kim Zetter at "Wired," the report "sow[ed] panic in the industrial control system community":

The report, which was meant to be confidential, claimed that attackers from Russia had hacked into the network of a software vendor that made the SCADA system used by a water district in Illinois and stolen usernames and passwords that the vendor maintained for its customers. The hackers then supposedly used the credentials to gain remote access to the utility's network and cause a water pump to burn out. The report was leaked to the media by an industrial control systems expert who had gained access to it.

In reality, however, the water-pump system hadn't been hacked at all. "Wired" details what happened:
Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.

When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.

Even though the FBI ascertained that the reports of Russian hacking were baseless, according to a new Senate subcommittee investigation, the so-called fusion center and the Department of Homeland Security's Office of Intelligence and Analysis continued to spread the reports.
Fusion centers were set up after the 9/11 terrorist attacks to enable information sharing between federal and local agencies:
"Almost no part of the initial reports of the incident had been accurate -- not the fusion center report, or DHS's own intelligence report, or its intelligence briefing," write the Senate investigators in their report. "The only fact that they got right was that a water pump in a small Illinois water district had burned out."
This forum has been closed.
Comment Sorting
by: Ray F. from: Lawrence, KS
October 04, 2012 18:33
Just a tiny example of the hugely ineffective security system build after 9-11. The level of fraud, waste, and abuse within both the Department of Homeland Security and DoD is mind-boggling. To see some other grim details from this Senate report, see:
In Response

by: Catherine Fitzpatrick from: New York
October 05, 2012 07:18
This is a rather old story, so I have to wonder what Wired is up to recycling it again now, with an aim to show that security experts are all wet, once again. Wired so often takes the hackers' side of the story!

So yeah, I get it that sophisticated journalists are always ahead of the game, and letting us know what sheeple we are for believing scary reports about terrorists, who are really not so bad, and who really can't get into infrastructure, and it's all just the big bad war on terror that's the fault of everything, right?

But I would like a second independent opinion on this one, instead of just a paste-up from the know-it-all geek blogs that always try to close ranks and cover for their own, and some mumbling from the firm in question that maybe is anxious to show there's no problem and everyone should move along.

Re: "Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them."

1. Why are only contractors used for such critical infrastructure? Why not permanent full time credentialed staff?

2. If the guy vacations in Russia (who vacations in Russia?!) is he Russian? You're absolutely sure there's nothing wrong here? You know, like those 10 Russian contractors just found to be military spies the other day. Can we just be a tad more curious about this? If everybody there on the scene is absolutely sure this is nothing, ok, but I still think the public should ask questions.

3. Sorry, but I'm just not getting it at all why, when something critical breaks down, instead of calling your full-time staff experts and supervisors (what, you don't have them), you're calling contractors, and what's more, calling contractors who are overseas vacationing in Russia, and who then have to log on from Russia, where the Kremlin has everything under surveillance. Was this truly necessary, guys? There was no other way to do this repair job?

4. So we're absolutely sure that no one stole this guy's credentials in Russia, given the surveillance, the nastiness of the Russian intelligence and freelance nationalists and other kinds of extremists already on the record as hacking? You know, a lot of the hacking in the world does come from Russia.

So rather than slap everyone in the face for being "wrong" to suspect Russians, people in Russia, contractors who vacation in Russia, why not ask some of these questions? Why is your mission-critical job entrusted to a contractor whose loyalties are ultimately unknown?

And why *did* the pump break down? is it really run off the Internets? We were told that this can never, ever, ever, ever happen by geeks!

by: Catherine Fitzpatrick from: Feed Me Bullshitville
October 06, 2012 13:07
Catherine Fitzpatrick grow a brain and stop carrying on like a chicken with its head lopped off.
Or are you on Dick Chaney's ride?

About This Blog

Written by Luke Allnutt, Tangled Web focuses on the smart ways people in closed societies are using social media, mobile phones, and the Internet to circumvent their governments and the efforts of less-than-democratic governments to control the web. 
Partner Media

No records found for this widget:17474

Whistleblowing Survey

Griffith University and the University of Melbourne are running an international survey about attitudes to whistleblowing. The survey is anonymous and anyone can take part, not just whistleblowers. We invite you to participate in the World Online Whistleblowing Survey.