14 DAY TRIAL // There's been a lot of debate lately on the hacks that targeted SCADA system and now the hacker came forward to state that what he actually did can barely be called a hack since there was not much protection to guard the infrastructure.
According to Threat Post, the hacker who calls himself pr0f claims that even a child with some Simatic knowledge could have easily passed through the barriers, since everything was protected by a simple three-character password.
“I'm sorry this ain't a tale of advanced persistent threats and stuff, but frankly most compromises I've seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint,” he said.
All this comes after he posted some screenshots of the human machine interface that's used to control the Texas water utility.
He then stated his frustration on the fact that the DHS considered the whole incident to be a mere pump failure instead of a cybercriminal activity.
“This was stupid. You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely F***** the state of national infrastructure is,” pr0f said at the time.
After the hacking operation he claimed that it's not his intention to expose any information or to cause damage to the machinery, his main goal being to prove the Department of Homeland Security wrong.
The whole debate around the security of SCADA systems began after Joe Weiss, a security expert, wrote a blog post in which he announced that a SCADA software vendor was breached and customer information was stolen.
He argued that the credentials were utilized to access the industrial control systems of a water utility.
“We don't have cyber forensics, so when they see [issues] they don't think it's a cyber problem. They just think it's a glitch in the system. Why won't we have a cyber Pearl Harbor? Because we won't know it,” Weiss said.