Federal investigators are looking into a report that hackers managed to remotely shut down a utility's water pump in central Illinois last week, in what could be the first known foreign cyber attack on an industrial system on U.S. soil.
The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.
State police investigators believe the hackers broke into the water utility's network by using credentials stolen from an undisclosed U.S. company that produces software to control industrial systems, said Weiss, who read excerpts from the report to Reuters over the phone.
"An information technology services and computer repair company checked the computer logs of the system and determined the computer had been hacked into from a computer located in Russia," Weiss said, quoting the report.
Illinois State police spokeswoman Monique Bond declined to comment.
"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further.
Several media reports identified the location of the attack as Springfield, the Illinois state capital. City officials said that was inaccurate but would not say where the water pump was located. The FBI spokesman handling the matter could not be reached.
Quoting from the one-page report, Weiss said it was not yet clear whether other networks had been hacked as a result of the breach at the U.S. software maker.
He said the manufacturer of that software keeps login credentials to the networks of its customers so that its staff can help them support those systems.
Workers at the targeted utility in central Illinois on Nov. 8 noticed problems with the Supervisory Control and Data Acquisition System (SCADA), which manages the water supply system, and discovered that a water pump had been damaged, said Weiss, managing partner of Applied Control Solutions in Cupertino, California.
"It is unknown at this time the number of SCADA user names and passwords acquired from the software company's database and if any other additional SCADA systems have been attacked as a result of this theft," Weiss cited the report as saying.