[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Exclusive: Comedy of Errors Led to False 'Water-Pump Hack' Report
By Kim Zetter
November 30, 2011
It was the broken water pump heard âround the world.
Cyberwar watchers took notice this month when a leaked intelligence memo
claimed Russian hackers had remotely destroyed a water pump at an Illinois
utility. The report spawned dozens of sensational stories characterizing it as
the first-ever reported destruction of U.S. infrastructure by a hacker. Some
described it as America's very own Stuxnet attack.
Except, it turns out, it wasnât. Within a week of the reportâs release, DHS
bluntly contradicted the memo, saying that it could find no evidence that a
hack occurred. In truth, the water pump simply burned out, as pumps are wont to
do, and a government-funded intelligence center incorrectly linked the failure
to an internet connection from a Russian IP address months earlier.
Now, in an exclusive interview with Threat Level, the contractor behind that
Russian IP address says a single phone call could have prevented the string of
errors that led to the dramatic false alarm.
âI could have straightened it up with just one phone call, and this would all
have been defused,â said Jim Mimlitz, founder and owner of Navionics Research,
who helped set up the utilityâs control system. âThey assumed Mimlitz would
never ever have been in Russia. They shouldnât have assumed that.â
Subscribe to InfoSec News - www.infosecnews.org