A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility’s operations were affected, according to the Department of Homeland Security.
DHS did not identify the utility in a report that was issued this week by the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.
The agency said the hackers may have launched the latest attack through an Internet portal that enabled workers to access the utility’s control systems. It said the system used a simple password mechanism that could be compromised using a technique known as “brute forcing,” where hackers digitally force their way in by trying various password combinations.
The evidence of such an attack proves that this type of intrusion is possible anywhere in the country, even, here, in Georgia. Interestingly, however, this isn’t the first time that an Illinois utility company has been under such scrutiny.
Christian Science Monitor (November, 2011):
A foreign cyberattack on the computer control systems of an Illinois water utility system earlier this month burned out a water pump, according to a recent state report. The attack may be the first known attempt to successfully destroy a piece of critical US infrastructure, say industrial control-system experts.
The Federal Bureau of Investigation and other agencies are investigating the Nov. 8 cyberattack, said Peter Boogaard, a spokesman for the Department of Homeland Security (DHS), in a written statement. The name of the utility was not released.
Federal Investigators would later go on to deny that the breach occured.