A story of SCADA, radio, and sewage

Computerworld (June 30, 2004):

When an employee from an Australian company that makes manufacturing software got fired in early 2000, he applied for a job with the local government, but was turned down. In retaliation, he got a radio transmitter, went to a nearby hotel where there was a sewage valve, and used the radio to hack into the local government’s computerized waste management system.

Using software from his former employer, he released millions of gallons of raw sewage near the hotel grounds and into rivers and parks.

“He did this 46 times before he was caught,” notes Joe Weiss, a process-control cybersecurity expert and consultant at the Cupertino, Calif., office of Kema Consulting. “The first 20 [times], they didn’t even know it was cyber,” meaning an external attack launched using a computer, he says. “From 20 to 45, they finally figured it was cyber, but they didn’t catch him until 46.” Though this person never worked for the wastewater utility, he was still able to break into its supervisory control and data acquisition system, which was designed with a big security assumption in mind — that only insiders would want to access it.

More links to the same incident: The Register October 2001, ComputerWorld February 2006

One Comment

  1. Tim Canestro says:

    Do you mind if I quote a few of your posts as long as I provide credit and sources back to your website? My website is in the exact same niche as yours and my visitors would really benefit from a lot of the information you present here. Please let me know if this alright with you. Many thanks!

Leave a Reply