More SCADA Breaches

InfoWorld is reporting that today, a hacker has posted images and details from the systems that control the water supply for the city of South Houston, Texas.  5 images show the water levels at various pumping stations, and indicate that the user can enable and disable equipment at will.

According to the PasteBin posting, “The city of South Houston has a really insecure system. Wanna see? I know ya do,” ‘pr0f’ said in a post that links to the images.  “This required almost no skill…”

In an earlier water distributor incident, attackers got usernames and passwords for the system from a 3rd-party, raising the concern that other companies and utility services may already have been breached.

Meanwhile, Norwegian Oil, gas and defence firms have been hit by a series of attacks.  According to the BBC article, Norway’s National Security Agency (NSM) reports that industrial secrets and information about contract negotiations have been stolen.  At least 10 firms and potentially more were targeted in the biggest wave of attacks to hit the country.  Much like the RSA attacks, these attacks made use of targeted malware-laden emails, sent to specific individuals involved in contract negotiations.  The socially engineered email messages had been carefully crafted to look like they were from legitimate sources.

The NSM is reported to have said that it was likely many companies had been hit, but do not know that hackers have penetrated their systems and stolen documents.  Many other nations and industrial sectors have been targeted by data thieves in recent months, including the chemical industry, hi-tech firms, and utilities.