SCADA Expert Accesses Illinois Utility from Russia, Not Hackers

As it turns out, the DHS was right when they claimed that the water pump incident was a simple failure and nothing more. The founder and owner of Navionics Research, and the one who helped set up the Illinois utility's SCADA systems was actually the one who accessed the systems from Russia, during one of his vacations.

In an interview given to Threat Level, Jim Mimlitz said that the entire situation could have been avoided if someone would have contacted him before issuing the report. Since the DHS didn’t give any details on how they concluded the incident wasn’t part of a cybercriminal operation, everyone assumed they were trying to cover something up.

Now, it turns out that Mimlitz’s company offers occasional technical support to the Springfield Illinois water utility and last June, when they needed some advice on a matter, they requested him to log-in to their systems to take a look at some data-history charts stored on the SCADA computer suspected of being hacked.

Since at the time Mimlitz was on a vacation with his family in Russia, he accessed the systems from there.

Even though he used his own log-in details and his name appeared next to the Russian IP in the data logs, everyone assumed that someone might have stolen his credentials and utilized them to access the systems in Illinois.

Since no one bothered to contact him, a report was quickly drawn up and a lot of panic was caused. For now it’s unclear who released the report as the DHS points the finger toward the water utility, but Curran Gardner representatives actually claim that a “number of agencies, including the DHS” are responsible for it.

“The system has a lot of logging capability. It logs everything. All of the logs showed that the pump failed for some electrical-mechanical reason. But it did not have anything to do with the SCADA system,” Mimlitz said.

According to a recent statement from the FBI, three US city infrastructures were breached via their SCADA systems, which means that only one of them is known by the public and the threat is still present. Hopefully, the situation will be treated more seriously and these vulnerable systems will be even better secured.