Fears that digital ne'er-do-wells could gain illicit access to a nation's electricity, gas or water infrastructure via the internet have proven well-founded as a hacker known as 'pr0f' posts proof of an attack on South Houston's water supply.
The attack was born when 'pr0f' read a quote from Department of Homeland Security's Peter Boogaard made in response to an article on The Register (opens in new tab) claiming that an electronic attack had damaged water pump in Illinois. "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois," Boogaard stated. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."
"This was stupid," 'pr0f' writes in a missive posted to hacker hangout Pastebin. "You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely F****D the state of national infrastructure is. I've also seen various people doubt the possibility an attack like this could be done."
To prove the naysayers wrong, 'pr0f' has posted a series of images demonstrating access to the SCADA - Supervisory Control And Data Acquisition - system responsible for the water supply in the city of South Houston.
"I'm not going to expose the details of the box," 'pr0f' writes. "No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly.On the other hand, so is connecting interfaces to your SCADA machinery to the internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic."
The quick turnaround - just one day after the article went live - and apparent ease of the breach will come as an embarrassment to US security authorities, who have long played down fears that a concerted attack on the nation's SCADA infrastructure could result in real-world damage.
The full posting, plus associated images, can be found over on Pastebin (opens in new tab).