December 14, 2011
FBI Claims More Municipal Systems Under Attack By Hackers
The Federal Bureau of Investigation (FBI) announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems - commonly known as Supervisory Control and Data Acquisition (SCADA) - are increasingly being targeted by hackers, following reports that they rely on weak security, BBC News is reporting.
Theoretically the cyber break-ins could have resulted in sewage dumped into a lake or the power could have been shut off at a nearby mall, announced Michael Welch, deputy assistant director of the FBI´s cyber division at a recent cyber security conference.
Welch did not elaborate or name the cities where these break-ins occurred.
“We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city,” Welch told delegates at the Flemings Cyber Security conference.
“Essentially it was an ego trip for the hacker because he had control of that city´s system and he could dump raw sewage into the lake, he could shut down the power plant at the mall - a wide array of things,” he added.
Welch´s announcement follows two alleged break-ins to city water supplies. The first, in Springfield, Illinois, was later dismissed when the FBI could find no evidence of cyber-intrusion.
In the city of South Houston, Texas, a hacker named pr0f claimed to have broken into a control system that supplied water to the town. Pr0f claimed the system had only been protected by a three-character password which “required almost no skill” to get around, reports Chester Wisniewski, writing for the blog Naked Security.
Security experts, such as Graham Cluley, senior security consultant at Sophos, predict there will be a rise in such attacks, “Such systems have become a target partly because of all the chatter about the lack of security. Hackers are doing it out of curiosity to see how poorly they are protected,”
Cluley continued expressing concern citing the use of easily-cracked default passwords and that information about some of these passwords was “available for download online”.
However the firms that run SCADA systems, such as Siemens, often advise against changing passwords because the threat from malware is not a big a problem as if passwords are changed. “Not changing passwords is obviously slightly crazy. Proper security needs to be in place otherwise it is laughable,” said Cluley.
On the Net: