{"id":13774,"date":"2016-03-28T16:46:04","date_gmt":"2016-03-28T21:46:04","guid":{"rendered":"http:\/\/hcstx.org\/?p=13774"},"modified":"2016-03-28T16:46:04","modified_gmt":"2016-03-28T21:46:04","slug":"crusader-corner-muslim-hackers-infiltrate-water-utility-treatment-plant","status":"publish","type":"post","link":"https:\/\/thetacticalhermit.com\/index.php\/2016\/03\/28\/crusader-corner-muslim-hackers-infiltrate-water-utility-treatment-plant\/","title":{"rendered":"Crusader Corner: Muslim Hackers Infiltrate Water Utility Treatment Plant"},"content":{"rendered":"
\n
\"OLYMPUS
OLYMPUS DIGITAL CAMERA<\/figcaption><\/figure>\n

Muslim hackers infiltrate water utility\u2019s control system, change levels of chemicals used to treat tap water<\/h1>\n<\/header>\n
\n

The location of the utility has not been revealed and its name has been changed in Verizon\u2019s report, but given the fact of Verizon\u2019s involvement, this likely happened in the U.S. \u2014 all the other incidents discussed in the report linked in The Register\u2019s article took place in America. And we know that jihadis have long wanted to poison the water supply. As far back as 2002, the feds arrested two jihadis<\/a> who were carrying plans about how to poison water supplies. In 2003, al-Qaeda threatened to poison water supplies in Western countries<\/a>. In 2011, a jihadi in Spain likewise planned to poison water supplies<\/a>.<\/p>\n

And in May 2013, seven Muslim \u201cchemical engineers\u201d were caught trespassing<\/a> at the Quabbin Reservoir, a key supply of water for Boston, after midnight. Only months later and indirectly did we hear that it was a \u201ccriminal matter.\u201d<\/a> A month later, locks were cut<\/a> at the aqueduct that supplies water to Greater Boston.<\/p>\n

Also in May 2013, jihadists were caught in Canada who had considered poisoning air and water to murder up to 100,000 people<\/a>. In October 2013, the FBI was investigating<\/a> a possible water supply threat in Wichita. In January 2014, a Muslim broke into a water treatment plant<\/a> in New Jersey.<\/p>\n

 <\/p>\n

\u201cWater treatment plant hacked, chemical mix changed for tap supplies,\u201d by John Leyden, The Register<\/a>, March 24, 2016 (thanks to Marc):<\/p>\n

Hackers infiltrated a water utility\u2019s control system and changed the levels of chemicals being used to treat tap water, we\u2019re told.<\/p>\n

The cyber-attack is documented in this month\u2019s IT security breach report (availablehere<\/a>, registration required) from Verizon Security Solutions. The utility in question is referred to using a pseudonym, Kemuri Water Company, and its location is not revealed.<\/p>\n

A \u201chacktivist\u201d group with ties to Syria compromised Kemuri Water Company\u2019s computers after exploiting unpatched web vulnerabilities in its internet-facing customer payment portal, it is reported.<\/p>\n

The hack \u2013 which involved SQL injection and phishing \u2013 exposed KWC\u2019s ageing AS\/400-based operational control system because login credentials for the AS\/400 were stored on the front-end web server. This system, which was connected to the internet, managed programmable logic controllers (PLCs) that regulated valves and ducts that controlled the flow of water and chemicals used to treat it through the system. Many critical IT and operational technology functions ran on a single AS400 system, a team of computer forensic experts from Verizon subsequently concluded.<\/p>\n

Our endpoint forensic analysis revealed a linkage with the recent pattern of unauthorised crossover. Using the same credentials found on the payment app webserver, the threat actors were able to interface with the water district\u2019s valve and flow control application, also running on the AS400 system. We also discovered four separate connections over a 60-day period, leading right up to our assessment.During these connections, the threat actors modified application settings with little apparent knowledge of how the flow control system worked. In at least two instances, they managed to manipulate the system to alter the amount of chemicals that went into the water supply and thus handicap water treatment and production capabilities so that the recovery time to replenish water supplies increased. Fortunately, based on alert functionality, KWC was able to quickly identify and reverse the chemical and flow changes, largely minimising the impact on customers. No clear motive for the attack was found.<\/p><\/blockquote>\n

Verizon\u2019s RISK Team uncovered evidence that the hacktivists had manipulated the valves controlling the flow of chemicals twice \u2013 though fortunately to no particular effect. It seems the activists lacked either the knowledge of SCADA systems or the intent to do any harm.<\/p>\n

The same hack also resulted in the exposure of personal information of the utility\u2019s 2.5 million customers. There\u2019s no evidence that this has been monetised or used to commit fraud.<\/p>\n

Nonetheless, the whole incident highlights the weaknesses in securing critical infrastructure systems, which often rely on ageing or hopelessly insecure setups\u2026.<\/p><\/blockquote>\n

<\/div>\n
<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Muslim hackers infiltrate water utility\u2019s control system, change levels of chemicals used to treat tap water The location of the utility has not been revealed and its name has been changed in Verizon\u2019s report, but given the fact of Verizon\u2019s involvement, this likely happened in the U.S. \u2014 all the other incidents discussed in the…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1704,5072,2574,74,2417,2413,2726,2990,272],"tags":[1645,10680,10681,10682],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/13774"}],"collection":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/comments?post=13774"}],"version-history":[{"count":0,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/13774\/revisions"}],"wp:attachment":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/media?parent=13774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/categories?post=13774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/tags?post=13774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}