Cyber-Attack on U.S. Water Facility Committed by Hacker Group With Ties to ISIS

The UK Register reported that a “hacktivist” group with ties to Syria and ISIS infiltrated an American water utility’s control system and was temporarily able to change the levels of chemicals used to treat tap water. However, it appears that little to no damage occurred and the water treatment was corrected. The Register reports:

The cyber-attack is documented in this month’s IT security breach report (available here, registration required) from Verizon Security Solutions. The utility in question is refered to using a pseudonym, Kemuri Water Company (KWC), and its location is not revealed.

The hacktivists compromised KWC’s computers “by exploiting unpatched web vulnerabilities in its internet-facing customer payment portal,” Verizon’s RISK report states. It also reports that this isn’t the first time hacktivists have attacked targeted utilities.

take our poll - story continues below

Will the Democrats try to impeach President Trump now that they control the House?

  • Will the Democrats try to impeach President Trump now that they control the House?  

  • This field is for validation purposes and should be left unchanged.
Completing this poll grants you access to The Constitution updates free of charge. You may opt out at anytime. You also agree to this site's Privacy Policy and Terms of Use.

Trending: The Bill of Rights: Amendments 1-10 to the U.S. Constitution

Reports that hackers have breached water treatment plants are rare but not unprecedented. For example, computer screenshots posted online back in November 2011 purported to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas by hackers who claimed to control its systems. The claim followed attempts by the US Department of Homeland Security to dismiss a separate water utility hack claim days earlier.

More recently hackers caused “serious damage” after breaching a German steel mill and wrecking one of its blast furnaces, according to a German government agency. Hackers got into production systems after tricking victims with spear phishing emails, said the agency.

Spear phishing also seems to have played a role in attacks lining the BlackEnergy malware against power utilities in the Ukraine and other targets last December. The malware was used to steal user credentials as part of a complex attack that resulted in power outages that ultimately left more than 200,000 people temporarily without power on 23 December.

Fortunately, this time, the hacktivists unsuccessfully manipulated the valves that control the flow of chemicals– twice– because they didn’t know how to correctly use the SCADA systems, or they didn’t intend to cause any harm.

The UK Register also reported, in depth, of a similar security breach that occurred in Illinois based on disclosed contents of a November 10 report provided by an industrial control systems security expert, Joe Weiss, from the Illinois Statewide Terrorism and Intelligence Center. The report indicates that “attackers destroyed a pump belonging to a regional water utility in that state by hackers who gained access to supervisory control and data acquisition systems that manage the utility’s machinery. That report remains unconfirmed, although the DHS spokesman said officials from his agency and the FBI are investigating.”

However, if they didn’t mean to cause any harm, why did they have a need to “hack” the system?

And how has the Department of Homeland Security been unable to prevent these types of attacks?

Tags 🇺🇸

I am the supreme law of the United States. Originally comprising seven articles, I delineate the national frame of government. My first three articles entrench the doctrine of the separation of powers, whereby the federal government is divided into three branches: the legislative, consisting of the bicameral Congress; the executive, consisting of the President; and the judicial, consisting of the Supreme Court and other federal courts. Articles Four, Five and Six entrench concepts of federalism, describing the rights and responsibilities of state governments and of the states in relationship to the federal government. Article Seven establishes the procedure subsequently used by the thirteen States to ratify it. I am regarded as the oldest written and codified constitution in force of the world.

Please leave your comments below

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.