A water pump at a Springfield, Ill. utility failed Nov. 8. Usually this would be considered a technical difficulty, but this failure has raised eyebrows of the federal government.
Joe Weiss, a cybersecurity expert, disclosed the incident on his blog Thursday and pointed the finger at foreign cyber attackers. Now the U.S. Department of Homeland Security and the FBI are investigating the pump failure as a possible attack, according to a Reuters report.
“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois,” according to a statement from DHS spokesman Peter Boogaard. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
The breach was discovered when a water district employee noticed that the system kept turning on and off, resulting in the water pump burning out, according to Wired.
The hackers stole credentials from a company that makes software used to control industrial systems, Weiss said. They also stole usernames and passwords from the company to gain remote access to the utility.
In fact, the hackers may have had access to the utility in September, according to the “Public Water District Cyber Intrusion” report, released by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10.
The report does not describe what the glitches were, Weiss told Wired, but could reference problems legitimate users experienced when trying to access the system remotely.
“They just figured it’s part of the normal instability of the system,” Weiss said to Wired. “But it wasn’t until the SCADA system actually turned on and off that they realized something was wrong.”