Water pump hack attack 'false alarm' linked to holiday
- 8 March 2012
- From the section Technology
Reports that foreigners hacked into the US water system and destroyed a pump have been dismissed as a false alarm.
A water district contractor, Jim Mimlitz, has said he logged into the Illinois utility's control system while on holiday in Russia in June.
Months later, after a water pump burned out, a repairman highlighted the login from the Russian IP address.
Mr Mimlitz said no-one had contacted him before a report was published blaming hackers.
The Illinois Statewide Terrorism and Intelligence Center (ISTIC) claimed cyber attackers had obtained access using stolen login names and passwords.
It claimed that a pump used to pipe water to thousands of homes was damaged after being repeatedly powered on and off.
The information was then leaked to a security blogger who published the information on the web, from where it was picked up by news agencies.
The incident was described as potentially the first successful attack on US infrastructure.
However, the FBI and the US Department of Homeland Security (DHS) later played down the story saying: "There is no evidence to support claims made in the initial... report - which was based on raw, unconfirmed data."
Mr Mimlitz said he met the FBI and DHS last week to explain that he had taken a call on his mobile phone while on holiday and had been asked to check data held by a water district in central Illinois.
He said he did not mention the fact that he was in Russia at the time, and it appeared that those involved in the original investigation had assumed that he would not have been abroad.
"A quick and simple phone call to me right away would have defused the whole thing immediately," he said.
A writer for the Control Global blog, which published the leaked report, warned that the affair still raised security issues.
"Nobody checked with anybody. Lots of people assumed things they shouldn't have assumed, and now it's somebody else's fault and we're into a finger-pointing marathon," wrote Nancy Bartels.
"If the public can be distracted from the issue of how DHS and ISTIC fumbled notification so badly, then nobody will be to blame, which is what's really important after all.
"Meanwhile, one of these days, there's going to be a really serious infrastructure attack, and nobody's going to pay attention because everyone is going to assume that it's another DHS screw-up."