Ill. water system may be cyber attack victim

November 18, 2011

Homeland Security officials are trying to figure out if other systems are at risk.

National security experts long warned of the possibility of an attack of this sort, and now comes the first known malicious cyber attack on a critical infrastructure computer. Although federal authorities say they have not confirmed any of this on their own, officials of a water system near Springfield tell the I-Team that there is evidence that foreign hackers managed to gain control of their computer system.

The cyber attack occurred on a small water system west of Springfield that serves two townships with about 2,200 water customers.

It was last Tuesday when at the main water facility, technicians noticed problems with the pump control system. The utility and other critical infrastructure are operated by computer programs known as the Supervisory Control and Data Acquisition system, or SCADA for short.

"There's some indication there was a breach of some sort into a software program-the SCADA system- that allows remote access to the wells, and the pumps, and those sorts of things," said Don Craver, chairman of the Curran-Gardner Water District.

"They checked the computer logs of the SCADA system, and determined that the system had been remotely hacked into from an internet provider address in Russia," said computer security expert Joe Weiss.

Those overseas hackers managed to remotely switch off some equipment here, burning out a water pump.

The I-Team has confirmed that an alert from Illinois' state terrorism intelligence center provided details of the downstate cyber attack.

On his computer security blog, Joe Weiss says Russian hackers stole login names and passwords from the water system's software provider and that the intruders may now have access to other critical utility computers in the U.S.

"This is the first case we know of, I know of anyways, where you've had a targeted attack against U.S. infrastructure coming from overseas that has caused damage," said Weiss. "There have been previous cases but not causing damage."

Brad Ware, a spokesman for the FBI in Springfield, told the I-Team: "We are aware of the situation. At this time, there is no credible, corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

U.S. Homeland Security agents say they too are investigating but have reached no conclusions. DHS says if it can determine that foreign hackers were indeed behind what happened, other critical service providers will be put on alert.

Copyright © 2023 WLS-TV. All Rights Reserved.