Water pump "hack" - Russian connection explained
Some of the confusing details that surrounded the report of an alleged hack destroying an Illinois water company's pump have been explained. The initial report of the alleged hacking included a claim that a Russian IP address had been used to access the SCADA systems involved in controlling the water pump.
According to Wired's Threat Level, the Russian IP address appeared in the logs because, in June, a contractor who had helped set up the systems had been asked to check some data on the SCADA systems by staff at the water utility. Wired interviewed the contractor who explained that he was on vacation at the time, but remotely logged in and performed the checks. However, he didn't mention to the utility staff that he was on vacation in Russia.
Five months later, when the water pump failed, a computer repairman examining the systems saw the Russian IP address, and the contractor's name, and reported it. It appears that no one checked with the contractor to see if he had logged in from Russia and the information then became part of the original report which claimed that the water pump had been hacked. That original report is now the subject of claim and counter-claim between the Illinois Fusion Center, FBI, Department of Homeland Security and ICS CERT as to which organisation was responsible for its release.