Tags: Homeland | Security | Hackers | Utility

Homeland Security: Hackers Break into Utility's Control System

Tuesday, 20 May 2014 06:42 PM

A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.

DHS did not identify the utility in a report that was issued this week by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

Urgent: Who Is Your Choice for the GOP's 2016 Nominee?

Such cyber attacks are rarely disclosed by ICS-CERT, which typically keeps details about its investigations secret to encourage businesses to share information with the government. Companies are often reluctant to go public about attacks to avoid potentially negative publicity.

ICS-CERT said in the report posted on its website that investigators had determined the utility had likely been the victim of previous intrusions. It did not elaborate.

The agency said the hackers may have launched the latest attack through an Internet portal that enabled workers to access the utility's control systems. It said the system used a simple password mechanism that could be compromised using a technique known as "brute forcing," where hackers digitally force their way in by trying various password combinations.

Justin W. Clarke, an industrial control security consultant with security firm Cylance Inc, said it is rare for such breaches to be identified by utilities and even more rare for the government to disclose them.

"In most cases, systems that are so antiquated to be susceptible to such brute forcing technologies would not have the detailed logging required to aid in an investigation like this," Clarke said.

DHS also reported another hacking incident involving a control system server connected to "a mechanical device." The agency provided few details about that case, except to say the attacker had access over an extended period of time, though no attempts were made to manipulate the system.

"Internet facing devices have become a serious concern over the past few years," the agency said in the report.

Last year ICS-CERT responded to 256 cyber incident reports, more than half of them in the energy sector. While that is nearly double the agency's 2012 case load, there was not a single incident that caused a major disruption.

Those incidents include hacking into systems through Internet portals exposed over the Web, injecting malicious software through thumb drives, and exploitation of software vulnerabilities.

Urgent: Who Is Your Choice for the GOP's 2016 Nominee?

© 2017 Thomson/Reuters. All rights reserved.

 
1Like our page
2Share
StreetTalk
A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.
Homeland, Security, Hackers, Utility
439
2014-42-20
Tuesday, 20 May 2014 06:42 PM
Newsmax Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved