>Our endpoint forensic analysis revealed a linkage with the recent pattern of unauthorised crossover. Using the same credentials found on the payment app webserver, the threat actors were able to interface with the water district’s valve and flow control application, also running on the AS400 system. We also discovered four separate connections over a 60-day period, leading right up to our assessment.

>During these connections, the threat actors modified application settings with little apparent knowledge of how the flow control system worked. In at least two instances, they managed to manipulate the system to alter the amount of chemicals that went into the water supply and thus handicap water treatment and production capabilities so that the recovery time to replenish water supplies increased. Fortunately, based on alert functionality, KWC was able to quickly identify and reverse the chemical and flow changes, largely minimising the impact on customers. No clear motive for the attack was found.

>Verizon's RISK Team uncovered evidence that the hacktivists had manipulated the valves controlling the flow of chemicals twice – though fortunately to no particular effect. It seems the activists lacked either the knowledge of SCADA systems or the intent to do any harm.

>The same hack also resulted in the exposure of personal information of the utility’s 2.5 million customers. There’s no evidence that this has been monetised or used to commit fraud.

>Nonetheless, the whole incident highlights the weaknesses in securing critical infrastructure systems, which often rely on ageing or hopelessly insecure setups.
...

>Monzy Merza, Splunk’s director of cyber research and chief security evangelist, commented: “Dedicated and opportunistic attackers will continue to exploit low-hanging fruit present in outdated or unpatched systems. We continue to see infrastructure systems being targeted because they are generally under-resourced or believed to be out of band or not connected to the internet.”

>“Beyond the clear need to invest in intrusion detection, prevention, patch management and analytics-driven security measures, this breach underscores the importance of actionable intelligence. Reports like Verizon’s are important sources of insight. Organisations must leverage this information to collectively raise the bar in security to better detect, prevent and respond to advanced attacks. Working collectively is our best route to getting ahead of attackers,” he added.

>Reports that hackers have breached water treatment plants are rare but not unprecedented. For example, computer screenshots posted online back in November 2011 purported to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas by hackers who claimed to have pwned its systems. The claim followed attempts by the US Department of Homeland Security to dismiss a separate water utility hack claim days earlier.

>More recently hackers caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces, according to a German government agency. Hackers got into production systems after tricking victims with spear phishing emails, said the agency.
...

So a TLDR for all this is that some skid stole some names and addresses from a water company? That's it? You made me read all this crap just for that?

>>34657
Some points you missed:
1. It was Syrians, not skiddies
2. Verizon won't say where this happened, or the real name of the company
3. Government/Authorities are silent
4. The hackers didn't know which chemicals they were mixing into the water. If they had people would have gotten hurt.

>>34663
1. Right, so Syrian skiddies.
2. And? They just said that the only thing it did was slow production for a short while.
3. Because this is a non-story.
4. So they were INCOMPETENT syrian skiddes? This story actually just got LESS interesting.

>>34664
1. The Syrian Electronic Army aren't just skiddies much to the chagrin of US Authorities

https://en.wikipedia.org/wiki/Syrian_Electronic_Army

2. It's part of an ongoing trend and this was the first time they have accessed the SCADA systems for the way the treatment chemicals get added.

3. This is a non-story only if you don't like using tap water for anything, including showers and laundry.

4. The knowledge the hackers gain is cumulative.

>>34664
>>34657
Jesus Christ read the story next time. Why are you here if you hate news?

Why are the controls for the plant linked in any way to the customer service web page?

>>34682
Great question. Wish I had an answer. Another good one would be "How many total water plants across the country use the same web page system?"

>>34682
>Why are the controls for the plant linked in any way to the customer service web page?
They aren't

>after exploiting unpatched web vulnerabilities in its internet-facing customer payment portal
>login credentials for the AS/400 were stored on the front-end web server

I think what they're implying is someone hacked their database through their website, the passwords on the database were stored in a format that could be converted to the original password (plain text or shitty encryption), and one of the username/password combinations worked on the control systems which were linked to the web, probably so government agencies could shut it down remotely in an emergency.

>>34670
related:
https://www.fbi.gov/news/stories/2016/march/two-from-syrian-electronic-army-added-to-cybers-most-wanted/two-from-syrian-electronic-army-added-to-cybers-most-wanted

http://gizmodo.com/everything-we-know-about-the-syrian-hackers-who-hijacke-1766375347

https://defensesystems.com/articles/2016/03/23/us-charges-3-syrian-electronic-army-members.aspx

Why is this shit on the fucking internet? Why don't people use disconnected internal networks for important stuff?

>>34686

This guy knows what he is talking about.

Even having shit completely isolated from the outside world, and in no way connected to a network that an be accessed from the outside world, ,such as the internet, does not completely protect these kinds of systems from attacks.

>>34697

I was thinking the same thing

>>34697

Water plant operator chiming in. We have access to closed networks that we can access with USB keys in any computer. This allows us to fix emergency problems that happen in the night from home before going to check the plant out. Also some of our older sister systems are connected to old phone systems. You can literally call a number, enter your idea number and control different channels all by a regular phone to turn on and off pumps/open and close valves.

>>34663
Lol people would have gotten hurt? That's laughable. You can't force the chemicals in high enough quantities to honestly hurt people. But we won't get into that

>>34650
Love the image is a wastewater plant. I didn't read much of any of this. If they took control of a wastewater plant, they literally wouldn't have done any damage worse than what most plants do on occasion at some point in the year.

>>34670
The worst they could do is remove chemicals, not increase chemicals to dangerous levels or anything.
And have you ever had a boil advisory? That's all that would happen for a few days. Likely 0 people were ever at risk. Also I bet they had access to the wastewater portion and not the water, as a lot of water systems don't have much you can do from online, while wastewater plants do. So likely they would've just caused a minor fish kill.

I think an attack on an AD site would be worse especially with the amount of methane that's stored