Cyber attacks on water systems

• Salt River Project Hack (Phoenix, Arizona) – 1994

• Theodore Roosevelt Dam Hack (Arizona, USA) – 1998
• Maroochy Sabotage (Queensland, Australia) – 2000
• Sauk Water Storage Dam (St. Louis, Missouri) – 2005
• Water System Hack (Harrisburg, Pennsylvania) – 2006
• Water Canal System Attack (Willows, California)– 2007
• Water Supply Pump Failure (Springfield, Illinois) – 2011
• Water Supply Plant Hack (South Houston, Texas) – 2011
 Salt River Project Hack
• When and where?
- From 8 July until 31 August 1994 in Phoenix, Arizona.
• What happened?
- 27-year-old Lane Jarrett Davis hacked SLP network
via a dialup modem causing losses of about 40.000$.
• Why?
- He believed that he had the right to pursue his
intellectual freedom through his hacking activities.
• How?
- He entered for at least 5 hours and took or altered:
Login, password and computer system log files.
 Maroochy Shire Sabotage
• 1999: SCADA systems are installed in 142 pumping stations.
48-year-old Vitek Boden gets dismissed by the company
and the local Council refuses twice to offer him a job.
• March-April 2000: Having made at least 46 hacking attempts
he takes control of the flood gates and
causes the release of 800k liters of raw
sewage into public waterways.
• 23 April 2000: He gets arrested by the police after radio and
computer equipment has been found in his car
and gets sentenced to 2 years in jail.
What happened?

How?
Sauk Water Storage Dam Failure
• When?
- In December 2005
• Where?
- Approx. 100 miles south of Saint Louis, Missouri (USA)
• What happened?
- A catastrophic failure, releasing accidentally a billion
gallons of water.
• Why?
- The gauges at the dam read differently than the gauges
at the dam’s remote monitoring station.
Water Treatment System Hack
• When?
- In October 2006
• Where?
- In Harrisburg, Pennsylvania (USA)
• What happened?
- A foreign hacker penetrated security of a water
filtering plant through the Internet.
• How?
- The intruder planted malicious software that was
able to affect the plant’s water treatment operations.
 Water Canal System Attack
• When?
- On 15 August 2007
• Where?
- In Willows, California (USA)
• What happened?
- Michael Keehn installed unauthorized software to a
protected computer, causing water to be diverted from the
Sacramento River and was sentenced to 10 years in prison.
• Why?
-On that day he was dismissed after 17 years of employment.
 Water Supply Pump Failure
• When and where?
- In November 2011 in Springfield, Illinois (USA).
• What was reported?
- The first foreign cyber attack on a public utility in the USA.
• Why?
- A user connected to the network from a Russian IP address.
• What happened really?
- The pump had failed due to physical and mechanical issues.
The user proved to be a contractor who legitimately accessed
the network remotely while in Russia on personal business.
Water Supply Plant Hack
• When and where?
- In November 2011 in South Houston, Texas (USA).
• What happened?
- A hacker identified as ‘pr0f’ hacked the system.
He took some screenshots and posted one online.
• How?
- In less than 10 minutes he had connected using
the default 3-digit password in the device’s manual.
• Why?
- He wanted to show that such an attack was not
only easy, but also potentially catastrophic.
 Pr0f’ s post in Pastebin
• “I don’t really like mindless vandalism. It’s
stupid and silly. On the other hand, so is
connecting interfaces to your SCADA
machinery to the internet. I wouldn’t even call
this a hack, either, just to say. This requires
almost no skill and could be reproduced by a
two year old with a basic knowledge of
Simatic. As for how I did it, it’s usually a
combination of poor configuration of
services, bad password choice, and no
restrictions on who can access the interfaces.”
Pr0f’s online posted screenshot