Hackers going after water treatments plants

  • 17 April 2017
  • NormanL
Hackers going after water treatments plants

This bulletin from the Department of Homeland Security intelligence office shows thta someone, or some group, tried to crack the security controls of a water an sewage treatment faclity's online network:

An unidentified actor or actors between November 2016 and January 2017 targeted a US water and sewage authority’s network, resulting in excessive cellular charges and unusual traffic on ports 10000 and 9600, according to an FBI source with excellent access who spoke in confidence but whose reliability cannot be determined. The FBI source indicated that four of the seven devices on the authority’s cellular data plan were impacted with high data usage, which was likely a result of compromised network devices. The November 2016–December 2016 billing cycle totaled $45,000, and the December 2016–January 2017 billing cycle totaled $53,000. A typical monthly bill averages approximately $300. The devices were Sixnet devices, which had been in place for six or seven years and provided access to the authority’s industrial control systems, according to the same FBI source.

(U//FOUO) Support to Computer Network Defense

(U//FOUO) Sixnet BT-5xxx and BT-6xxx series device versions prior to 3.8.21, as of May 2016, were vulnerable to a compromise that exploited a hard-coded factory password that could enable full access to the affected device, according to ICS-CERT Advisory ICSA-16-0147-02. The same advisory identifies vendor patches and firmware updates that address the issue.

(U//FOUO) Sixnet BT-5xxx series industrial cellular modems and BT-6xxx machine-to-machine gateways facilitate data communications connectivity in mobile or remote environments. Ports 9600 and 10000 are used for transmission control protocol and user datagram protocol (TCP/UDP) communications, according to an online report from a firm that provides industrial automation and networking solutions.

We post this to illustrate how many systems we rely upon every day are connected to the internet, and how the bad guys are constantly trying to compromise them. So do it for money. Some just for kicks. Others have much more dangerous motives.

The weakest link in any online system or wireless device is the human operator. We urge you not to ignore those messages to update your software -- it could save you a great deal of hassle and worry down the road. And it also makes it harder for the bad guys to use your devices as a gateway to do greater harm to your entire community.