After seeing that the Department of Homeland Security(DHS) believes the pump failure incident to be nothing more than an unfortunate event instead of a hacking operation, a cyber mastermind came forward to prove that the security methods that protect SCADA systems are highly vulnerable.
The hacker who calls himself pr0f got somewhat angry after reading an article in which the DHS claimed they were investigating the pump failure but there's nothing to point to a cybercriminal activity.
“This was stupid. You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely F**** the state of national infrastructure is,” pr0f said.
“I've also seen various people doubt the possibility an attack like this could be done. So, y'know. The city of South Houston has a really insecure system. Wanna see? I know ya do.”
To prove that the security is almost zero, he posted five images that seem to represent the computer interfaces utilized to control the components of water utilities in South Houston.
More precisely, the Waste Water Treatment Plant, the Texas and Pecant Lift Station, the 11th and G Lift Station, the Virginia Water Plant and the Nevada Water Plant, all appear to be highly exposed to cybercriminal operations.
“I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly.”
However, he claims he didn't use any advanced hacking skills to break into the systems.
“On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic,” he said.
It's uncertain if the images are really taken from the South Houston water utilities but if they are, the DHS and other state authorities should be very worried.