"The city of South Houston has a really insecure system. Wanna see? I know ya do," a hacker using the handle "pr0f" said in a post on Pastebin that links to the five images. In a separate email interview, the hacker added that he considers himself part of the Anonymous movement but separate from AnonOps.While he may not have had control over much of the water system, he likely could have turned pumps on and off, if he wanted, the hacker said.
"I wouldn't even call this a hack, either," he added. "This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic [control software]."
The inadvertent identification of the victim's location in the first attack may make utilities less forthcoming with information about security incidents at the same time that industrial-control specialists are calling for more details. In the alleged City Water, Power & Light incident, for example, the attackers got the usernames and passwords for the system from a third-party supplier, raising the specter that other utilities could already have been breached, ACS's Weiss says.
"This is our version of the RSA attack," Weiss said. "What we don't know is what other SCADA systems are compromised as we speak."
This story was updated on Nov. 18, 2011.
This story, "U.S. water plants reportedly hit by cyber attacks," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.