Scada

The Department of Homeland Security and FBI today dismissed the conclusions of a report that a cyber intrusion caused a pump at an Illinois water utility to burn out. But the statement doesn't explain why an Illinois state terrorism intelligence center would say it was a hacker when it wasn't.

In the meantime, the DHS is investigating a claim by a hacker who goes by "pr0f" who claimed to have compromised a Texas water utility last week.

"After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA … Read more

A twentysomething hacker said today that he hacked into a South Houston water utility to show that it can easily be done, after U.S. officials downplayed the risks from a report yesterday of an intrusion at an Illinois water plant.

The hacker, using the alias "pr0f," said he has hacked other SCADA (supervisory control and data acquisition) systems too.

He tweeted on November 5 links to public posts with what he identified as PLC configurations for a Polish waste-water treatment plant; SCADA data from an HMI (human-machine interface) box possibly for a generator used for research purposes … Read more

Intruders compromised a water utility network last week and destroyed a pump, according to a state government report cited by a critical infrastructure security expert today.

It appears that hackers breached the network of a company that makes SCADA (supervisory control and data acquisition) and stole customer usernames and passwords, said Joe Weiss, managing partner of Applied Control Solutions. "There was damage--the SCADA system was powered on and off, burning out a water pump," he wrote in a brief blog post.

The report did not identify the water utility attacked or the SCADA software vendor compromised, Weiss said … Read more

An Italian researcher has uncovered at least a dozen security flaws in software used in utilities and other critical infrastructure systems, prompting security advisories from the U.S. government.

Luigi Auriemma released information about the previously unknown vulnerabilities and proof of concept exploit code earlier this week on his Web site. He has been prolific, releasing a whopping 34 advisories--some with multiple vulnerabilities--in March, along with a handful or more each month since then.

The holes affect different SCAA (supervisory control and data acquisition) products that are used in the energy, water, wastewater, oil-and-gas, manufacturing, and financial industries, according … Read more

LAS VEGAS--A researcher said today that he has discovered a number of vulnerabilities in programmable logic controllers (PLCs) from Siemens that are used to automate mechanical devices in utilities, power plants, and other industrial control environments and which could be remotely controlled to cause damage if connected to the Internet.

Dillon Beresford, a security researcher at NSS Labs, conducted demos of some attacks on the various Siemens Simatic Step 7 systems during his presentation at the Black Hat security conference here.

Beresford's work shows that it's possible to read and write data to a PLC memory even when … Read more

Too busy to keep up with the tech news? Here are some of the more interesting stories from CNET for Tuesday, August 2.

• Finally, President Obama signs debt limit bill after nasty fight to avert economic catastrophe Tuesday. According to CBS News, Obama said the deal to cut spending and increase the nation's $14.3 trillion debt limit marked an "important first step to ensuring that as a nation we live within our means."

• Doctor booking site ZocDoc announces $50 million funding round from DST Global, and plans to use the investment to expand its presence to … Read more

LAS VEGAS--Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status&… Read more

Software made by a Chinese company and used around the world by chemical, defense, and energy companies contains security holes that attackers could exploit to hack into critical systems.

In an advisory issued yesterday (PDF), the Department of Homeland Defense warned of two vulnerabilities in software made by Beijing-based Sunway ForceControl (Google Translate English version). The Chinese company makes SCADA (supervisory control and data acquisition) software, which is used in computer systems that control and monitor manufacturing plants and equipment used by different industries.

Discovered by security researcher Dillon Beresford of NSS Labs, the security holes could allow cybercriminals to … Read more

Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly.

"We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information."

Beresford said he and independent researcher Brian Meixell planned on … Read more