Hackers may have disrupted railway computers and schedules
Hackers attacked computers that controlled railway signals on a Pacific Northwest rail company's systems and disrupted the schedules of the trains on that line over two days in December. That is, according to a report on US online magazine NextGov which cites a US Transportation Security Administration (TSA) memo on the subject. The memo says that on 1 December 2011 an unnamed railway was "slowed for a short while" and trains delayed for about 15 minutes as a result of the attack. On 2 December, a "second event occurred" which did not affect schedules.
TSA investigators said they had identified three IP addresses as the source of the attacks on the unnamed railway but did not say in which country the IP addresses were located. The memo noted that “some of the possible causes lead to consideration of an overseas cyberattack". The TSA then notified railway companies and transportation agencies in the US and Canada, operating on the assumption that this was a targeted attack rather than a glitch, and possibly part of a wider threat.
On Monday though, a Department of Homeland Security spokesman told US Media that, following further analysis, it "did not appear to be a targeted attack" but more of a "random incident" which just happened to affect the railway company. The spokesman did not add further detail to the disclosure.
The overall incident is reminiscent of the November 2011 claim that hackers had destroyed water pumps which was immediately followed by denials and confusion over the validity of the report – reports of Russian IP addresses being used were actually explainable and did not involve hacking. Unfortunately though, many industrial control systems used in national infrastructure are vulnerable and attackers need nothing more than freely available software such as Metasploit to find those vulnerabilities.