First off, I’d like to offer my condolences to Joe Weiss, the SCADA ‘cyber war expert’ who made an ass of himself over the water pump incident last month.
Basically the scare story about Russian hackers compromising a US water facility was based entirely on an IP address, not that any of us were told what it was. An IP address on its own is never reliable indication of where an attack originated.
So a report, which wasn’t open to scrutiny, investigation or analysis by any of us, found its way to Weiss who called ‘cyber war’. I called bullshit, because it had the signs of a hoax. There was no investigation, no reliable evidence, and my money was on the simplest and therefore most likely explaination – hardware failure. The only worrying thing here was the apparent lack of fault finding, incident handling and reporting procedures.
The facts have just been revealed by Wired’s Threat Level blog after an interview with the engineer (Jim Mimlitz) who set up the Curran Gardner Public Water District’s control system.
It turns out the engineer logged into the system while on holiday in Russia. After the water pump’s failure five months later, someone noticed the address in the logs and notified the Statewide Terrorism and Intelligence Center without the engineer being contacted, even though his username was listed next to that address. It was just assumed hacker(s) spent five months messing about with the system.
Cryptonomicon 