It was beginning to seem like hackers had developed a fetish for water, or water systems. Earlier this week, an entire city's water control system controlling water and sewage systems was hacked into, in part because system admins saw fit to protect the system using a weak three-character password. Around the same time, it was being reported that hackers broke into an Illinois water plant and ultimately caused a water pump to burn out. Turns out it was just faulty equipment.
Joe Weiss over at ControlGlobal.com reported the supposed water district SCADA system hack and said the IP address of the person responsible was traced back to Russia. He further stated that customer usernames and passwords were likely stolen.
The Department of Homeland Security denied the report in what amounts to one of its more strongly worded statements to date involving cyber crime.
"There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said, according to krebsonsecurity.com. "In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported. Analysis of the incident is ongoing and additional relevant information will be released as it becomes available."
According to an AP report, water district officials said the water pump burned out earlier this month and is one of several pumps servicing the community.