A community of 30,000 US Transcriptionist serving Medical Transcription Industry

Bad News: Hackers Are Coming for Your Tap Water


Posted: Aug 10, 2013

From Mother Jones,

| Wed Aug. 7, 2013 3:00 AM PDT
  •  

Kyle Wilhoit, a 29-year-old Missourian working for a cybersecurity company called Trend Micro, has spent the last year building fake water plant control systems that mimic the online control systems used by real American utilities. Dubbed "honeypots," these sorts of decoys are deployed to draw in the ill-mannered beasts of the internet—malicious hackers.

Wilhoit's traps appear to be working. Hackers employing a software tool used by the Chinese army—as well as hackers that appear to originate from Russia, Palestine, Germany, and other countries—have been breaking into Trend Micro's phony US water systems. In some cases, they have gone so far as to steal files so they can access the systems again. They also have gained access to imaginary pumps, which in a real scenario would allow them to modify water pressure, temperature, purification level, and even shut off the flow entirely.

"What would the Chinese army want? Do they want to contaminate US water plants?"

"Everyone has talked of [these systems] getting attacked, but I wanted true numbers to prove the attacks were occurring," says Wilhoit, who presented the report of his company's findings at the Black Hat conference in Las Vegas last week. "I was expecting typical drive-by automated attacks, but never dreamed of having a true targeted attack."

Matthew Rhoades, a cybersecurity expert and director of legislative affairs for the Truman National Security Project, told Mother Jones that he's "not totally surprised" by the report, given the past allegations of foreign entities attempting to infiltrate America's critical infrastructure. (In May, for example, the Wall Street Journal reported that Iran was hacking into our oil, gas, and power firms.) "The question is," Rhoades says, "what would the Chinese army want? Do they want to contaminate US water plants? Are they mapping it out as a contingency for some sort of future conflict? The latter seems like it's a potential, and that wouldn't surprise me either."

Since late last year, Wilhoit and Trend Micro have deployed 12 honeypots in eight countries, mimicking servers that control water pumps. (Earlier this year, a study supported by the Department of Homeland Security found that more than 7,000 industrial control systems—a broad term encompassing water, gas, and electrical systems—were connected to the internet in the United States.) The traps feature control toggles for temperature, on/off functionality, and other password-protected settings. Water systems are easy to imitate since their cybersecurity is "typically very lax," Wilhoit explains. "Attempting to mimic a nuclear plant would be very difficult."

Trend Micro set up the decoys to draw attention to the state of critical infrastructure cybersecurity. After the honeypots were deployed in November 2012, it took only 18 hours for the first hacker to visit. In December, using HACKSFASE—the same tool used by the Chinese army to attack US government agencies, according to the New York Times and a security company called Mandiant—a Chinese-based hacker infiltrated one of the US honeypots and tried to access multiple pages. The person also made a successful spearphishing attempt, sending a fake email to the owner's account in order to automatically collect login information. Richard Bejtlich, chief security officer for Mandiant, says that claiming the Chinese army is attacking water plants because a hacker is using HACKSFASE is "weak attribution." However, he wasn't aware of other countries using the tool.

Trend Micro also saw attacks of US origin targeting honeypots in Russia and China.

Trend Micro has also traced cyberattacks in the US coming from Russia, Germany, France, the United Kingdom, and Palestine—and attacks originating in the United States that targeted honeypots in Russia and China. Ten of the cyberattacks, including the Chinese attack, were deemed "critical"—meaning that, in a real-life scenario, a hacker could have altered or turned off a city's water supply. (None of the attacks originating from the United States fell into that category.)

Trend Micro also reported that some American water control systems could be found online using a simple Google search. The cities I contacted were cagey about whether their systems had online controls and what steps they took to defend them against hackers. But they all promised that their supplies were secure. For instance, Pamela Mooring, a spokeswoman for the DC Water and Sewer Authority, writes in an email: "DC Water staff attend briefings on cyberattacks and other threats to utilities, and the Authority has a Cyber Response Plan."

Alan Roberson, director of federal relations at the American Water Works Association, says most American utility companies "are aware that they need to separate their control systems from the internet…but we still don't know how many have done that, and how many vulnerabilities are left." He adds however, that if a utility company knew it was under cyberattack, it could manually take control of the system and easily block intruders.

Last week, the Senate Committee on Commerce, Science & Transportation cleared the Cybersecurity Act of 2013 (introduced in the wake of President Obama's corresponding executive order), which addresses vulnerabilities in American infrastructure by encouraging companies to follow set cybersecurity standards. If it passes, Roberson says, it will help safeguard water supplies by giving utility companies a way to justify the added cost of security to their boards and customers.

Wilhoit also supports the bill, although he'd like to see the federal government test the specific software and hardware that utility companies are using. "If my system is a realistic depiction of a real water pumping system," he says, then "compromising a real water system would be very easy."


  •  
Reporter

Dana Liebelson is a reporter in Mother Jones' Washington bureau. Her work has also appeared in The WeekTIME's BattlelandTruthoutOtherWords andYahoo! NewsRSS | 

;

The word "terrorism" is conspicuously missing. Could the - NSA have blocked some findings? Hmm. nm

[ In Reply To ..]
x

Yip - Remember the people

[ In Reply To ..]
who were found "researching" a reservoir in--I think--Rhode Island? In the dead of night, no less.

IIRC, they were from an area in the middle east not particularly fond of the USA, & here on student visas.

Similar Messages:


DHS: No Evidence Hackers Infected VermontJan 01, 2017
Federal authorities see no signs that hackers breached Vermont's electric grid using suspected Russian malware that infected a power company's laptop, the Department of Homeland Security said tonight. "While our analysis continues, we currently have no information that indicates that the power grid was penetrated in this cyber incident,” J. Todd Breasseale, DHS's assistant secretary for public affairs, told POLITICO in a statement. The discovery of the malware, first rep ...

Who Needs Chinese Hackers When We Have Hillary Clinton?Aug 17, 2015
nomsg. ...

Treading WaterNov 02, 2012
Under Obama's watch, last jobs report before election shows economy in 'virtual standstill' Unemployment rate higher than when Obama took office. The final monthly jobs report before Election Day offered a mixed bag of economic evidence that quickly became political putty for the presidential candidates, with the unemployment rate ticking up to 7.9 percent but the economy adding a better-than-expected 171,000 jobs. At the same time, the number of unemployed grew by 170, ...

Bottled Water Or Tap?Feb 18, 2014
I was wondering, just out of curiosity, why people buy bottled water? I use reusable, washable, green-type containers and tap.  I use as little plastic as possible and recycle.  In areas with bad or contaminate. Water, I get it, but when I go to the stores, I see a lot of folks loading up on bottles of water.  Like I said, just curious.   ...

Anyone Own A Berkey Water Purifier?Aug 22, 2010
We've been looking at these purifiers for over a year and still undecided. We definitely need to get something. For the past 4 years, we've been getting our water from a very reliable pure spring for drinking but we have to plan around bad weather.  We'd really like to buy a whole house system but they're out of our price range right now.  That's another question I have...who has a whole house system and what is the average yearly ...

Fox News' Poor-Shaming Is Easily Provable & Did Fox News Even Try To Research This?May 14, 2015
Do the Fox News junkie talking heads on "Fix News" ever listen to their own drivel? Let's review how Obama was correct about Fox at the link below. ...

Google News Page Changed My Local News LocationAug 05, 2017
Has this happened to anyone else?  No offense, but I could not care less what is going on Greenwich, CT (the local news location now appearing on my news page).  I tried adding my town multiple times, but it did not take.  I also added Greenwich, CT, and then deleted it, but it's still there. ...

How Well Does Cold Water Clean Dishes?Jan 13, 2010
John went to visit his 90-year-old grandfather in a very secluded, rural area of Saskatchewan   After spending a great evening chatting the night away, the next morning John's grandfather prepared breakfast of bacon, eggs and toast.  However, John noticed a film like substance on his plate, and questioned his grandfather asking, 'Are these plates clean?'  His grandfather replied, 'They're as clean as cold water can get em. Just you go ahead and fin ...

How To Drink Water - Cats - Gotta Love EmMar 20, 2010
This is so funny. http://www.youtube.com/watch?v=E6uL0WURuZ4       ...

Chloroform IS Found In Swimming Pool Water.Jul 03, 2011
Check this out. Found it on Wikipedia. Chloroform was discovered by three researchers independently of one another. Chloroform was reported in 1831 by the French chemist Eugène Soubeiran, who prepared it from acetone (2-propanone) as well as ethanol through the action of chlorine bleach powder (calcium hypochlorite). Calcium hypochlorite is a yellow white solid which has a strong smell of chlorine. Calcium hypochlorite is used for the disinfection of drinking water or swi ...

The Real Reason Kansas Is Running Out Of WaterSep 04, 2013
This same dynamic is playing out in most states. There are moves to get Congress to, first of all, stop subsidizing these practices with taxpayer dollars, but agribusiness, which never intended to get taxpayer money off its back, just our ability to control what's done with it, has its paid agents, our congressmen, fighting anything that will interfere with profits. Second, of course, is nasty old government "interference" to encourage agribusiness's transition to proven means of growi ...

Can Someone Tell Me How To Just Stop Caring? Just Turn It Off Like A Water Faucet?Jun 17, 2016
I was married for 20 years to the most selfish man.  He was active duty Army when I met him.  After being married for five or so years, he was discharged from active duty and basically hasn't worked since.  He would go to school for this or that.  He would get a job and get fired.  He is an alcoholic and diagnosed bipolar.  I quickly realized that I had become his mother and not his wife.  I was taking care of him like I took care of my children.  So ...

My Daughter Spilled A Cup Of Water My Nice New Ergo Keyboard.Apr 13, 2011
I yelled to my DH "Quick get the blow drier" thinking I would blow it dry.  My DH, AKA Tim the Tool Man, comes in with his hot air gun and said "This is will dry it faster."  Long story short, he melted my caps lock, A, Q, and W keys.  When I plugged it back in, it just continually types WWWWWWWWWWWWWWWWWWW. Now I'm stuck with a regular keyboard until I can get to Office Depot to buy a new ergo keyboard. MEN!!!  I can't be mad at him cause he was trying to he ...

Any Tips On Using Cold Water To Defrost A 17-pound Turkey?Nov 17, 2011
I usually buy fresh birds, but opted for the more budget-friendly 39-cents-per-pound rock-solid frozen version this time  This turkey will be cooked before Sunday (hving an erly get-together), so I don't quite have enough time to defrost it in the fridge.  The instructions suggest submersion in "cool" water in the sink for 30 minutes per pound, with frequent water changes.  It has air-tight vacuum sealed packaging.  I'm thinking that changing the wat ...

Hillary Spits Mysterious Substance Into Water GlassSep 08, 2016
http://www.eutimes.net/2016/09/disgusting-hillary-spits-green-mucus-in-water-glass-continues-to-drink-from-same-glass/ This is pretty gross. If you are queasy or eating, do not watch. ...

HS Teachers Toss Holy Water On Atheist ColleagueMay 27, 2010
HOLY CRAP!!!!HS Teachers Toss Holy Water on Atheist ColleagueBy Adam WeinsteinSouth Florida: pristine beaches, liberal amounts of liquor, vacationing coeds, flamingoes, drug dealers. Growing up there, though, I knew the region wasn't all Miami Vice, CSI, or even Dave Barry columns. As in every part of the union, South Florida has its traditional nooks, where mainly minority working-class folks with old-time discipline and old-time religion reign supreme. Western Pompano Beach, on the wrong ...

Bottle Water Company Wanted My Social To Sign Up!Apr 21, 2014
Buyer beware for sure. ...

Fox News Makes News (and Cuts The Interview!Nov 26, 2012
http://www.huffingtonpost.com/2012/11/26/fox-news-interview-guest-network-wing-republican-party_n_2192506.html This is a link to an actual Fox News clip of an interview that they cut off after 90 seconds.  Now there is that good ol' freedom of speech.  ...

Tea Partiers Protest Clean Water Rules Meant To Prevent Bladder CancerNov 12, 2010
These goofy, goofy tea baggers. Let them get bladder cancer. WASHINGTON -- An attempt by a Kentucky water district to raise rates in order to meet clean water regulations has become political, with a local Tea Party organization stepping in and arguing that the county should simply ignore federal rules. The Northern Kentucky Water District is seeking a 25 percent rate increase by January 2012, and according to The Kentucky Enquirer, a major reason for the raise is to comply with U.S. Enviro ...

The Coming Ice AgeDec 08, 2009
EnvironmentThe Fiction Of Climate ScienceGary Sutton, 12.04.09, 10:00 AM EST Why the climatologists get it wrong.http://www.forbes.com/2009/12/03/cli...gy-sutton.html Many of you are too young to remember, but in 1975 our government pushed "the coming ice age."Random House dutifully printed "THE WEATHER CONSPIRACY … coming of the New Ice Age." This may be the only book ever written by 18 authors. All 18 lived just a short sled ride from Washington, D.C. Newsweek fell in line and did a cov ...

Saw It Coming:Aug 17, 2012
All that taxpayer money down the tubes. "Obama’s GM ‘Success Story’ Headed for Bankruptcy" http://frontpagemag.com/2012/arnold-ahlert/obamas-gm-success-story-headed-for-bankruptcy/ ...

What I See As ComingNov 04, 2016
Whether you like the author or the paper it is from, this story is what I fear is happening to our country. I have had a sick feeling for the last few months as the election gets more and more aggressive and I know that our country will not be better for it after it is all said and done - no matter who wins on Tuesday. Just read it through without thinking about who you support or why.  Try to recognize that our country is being torn apart from threats that are being made about what will ha ...

This Is What I See Coming For WisconsinMar 17, 2011
I have copied and pasted something someone wrote that pretty much sums up Scott (slime) Walker's intentions.   Diane Ravitch has it in a nutshell. Of Scott Walker, she writes: He expects that over time, most public workers will stop paying dues, especially now that they have to pay more for their healthcare and pension benefits. And thus will he cripple, perhaps permanently, a perennial political opponent. If Gov. Walker succeeds, there will be no organized voice to oppose hi ...

It Just Keeps On Coming--Fox Spin--This Is How They Do ItDec 15, 2010
A top Fox News editor sent an email to staffers and journalists questioning the science behind global warming and directing them to always point out on air that the theory has its skeptics. ...

And The Hate Just Keeps Coming . . . How Sad SmMar 22, 2010
Blogger Urges 'Bullet for Obama' on Twitter Secret Service investigating (Newser) – Secret Service authorities are investigating tweets by a conservative blogger apparently urging "a bullet" to President Obama's "head." Solomon Forell, upset by the impending passage of the health reform bill, noted yesterday that because the nation survived the killings of Lincoln and Kennedy, "we'll surely get over a bullet 2 Barack Obama's head!" reports Jezebel. He later a ...

Jesus Is ComingMar 28, 2010
  Prophecies in those generations had not yet come to pass. As of this time, we have seen every prophecy come to pass except the very next event, which is Jesus removing the Church. This is the church age. The time span between the prophecies being written and then being fulfilled is remarkable and speaks mountains.  Genesis 49:10 was written in 1440 B.C. and fulfilled in 5 B.C. Isaiah 53 was written in 700 B.C., fulfilled in A.D. 33. Daniel 2 and 7 were written in 530 B.C., which b ...

What Is The World Coming To?Jun 05, 2010
Ran some errands today.  On the way home, I noticed a sign in front of someone's house with balloons that said "LAYOFF PARTY" Go figure . . .   ...

Just Coming To This Realization...Sep 28, 2012
Something just struck me today.  I have a feeling that the truth about the two major candidates for president lies somewhere around the facts that Mitt Romney isn't as bad as his gaffes and appearances might indicate, and Barack Obama deserves a lot more credit than his opponents give him.   Disagreement has always been part of political discussion in this country, but I hate where our political climate has taken us--no one DARES to say anything good about "the other side."   ...

Coming Soon To A Theater Near You - (sm)Nov 12, 2012
That's it for me.  I've had it with all you liberals who make this idiocy possible.  I'm sure it will be no time at all before Mr. Global President makes this the law of our land.  Link   ...

Coming To Their SensesJan 18, 2013
WHITE PLAINS, N.Y. (TheBlaze/AP) – A suburban New York City newspaper has removed the names and addresses of residents with pistol permits from its website. Publication of the permit data following last month’s school shooting massacre in Newtown, Conn. produced a storm of outrage from gun owners. It also quickly resulted in a new state measure meant to protect permit holders’ privacy. The president and publisher of The Journal News Media Group announced the move Friday. Janet Hasso ...