Hacker destroys pump in US water utility
A hacker has allegedly remotely intruded into the industrial control systems of a hydroelectric power plant in the US state of Illinois. Reports in the US media say that the hacker managed to repeatedly switch the pump on and off, destroying it in the process. This would be the first time that parts of a country's critical infrastructure have been successfully attacked and crippled via the internet.
Although the FBI and DHS started to investigate the incident, they initially downplayed the risk – this provoked the alleged hacker, "prof", who proceeded to intrude into a second water utility in Houston, Texas. To prove his intrusion, he released five screenshots of the utility's SCADA (Supervisory Control And Data Acquisition) system. In a manifesto on pastebin, the hacker said that he wanted to highlight SCADA system security issues to demonstrate how easy it is to access such systems and criticised the condition of security within the US infrastructure.
It remains unclear how the hacker accessed the system. Experts speculate that the SCADA software vendor's database could have been compromised and that harvested access data could have been used to launch the attacks. This would explain, in part, why the hacker has only targeted water utilities.