Hackers apparently based in Russia attacked a public water system in Illinois last week and damaged one of its pumps, the first cyberattack on a U.S. utility, The Washington Times said on Friday, November 18, citing a report from the state fusion center.
According to the paper, the “Public Water District Cyber Intrusion” report gives details about the attack, saying it had resulted in the “burn out of a water pump” and had been traced to an Internet address in Russia.
The report says the pump burn out was caused by the attackers repeatedly switching the pump on and off, apparently over the course of several weeks. The attackers got access using passwords stolen from a company that sells ICS systems and other systems also might be vulnerable also, the report says.
Federal officials said they were investigating the incident but played it down, implying that the report might be wrong.
The report, classified “For Official Use Only,” says the attack was discovered after technicians experienced problems with the special computerized equipment that remotely controls water pumps.
Such equipment, known as a SCADA or Industrial Control System (ICS), has increasingly been the target of hackers since a cyberattack crippled the Iranian nuclear program in 2009 – the infamous Stuxnet incident.