Jim Mimlitz, founder and owner of Navionics Research, told Threat Level that he had logged into the water utility’s supervisory control and data acquisition (SCADA) system, which his firm helped set up, to do some troubleshooting while he was on vacation in Russia. He remotely accessed the SCADA system using his cellphone, which routed the call through a Russian IP address.
Five months later, when a water pump failed at the facility, a computer contractor called in to examine the system reported the Russian IP address in the SCADA logs to the Environmental Protection Agency (EPA), according to the Threat Level report. From the EPA, the report made its way to the Illinois Statewide Terrorism and Intelligence Center.
The Russian IP address had Mumlitz’s user name next to it in the SCADA log, but no one from the center bothered to call him. “I could have straightened it out with just one phone call, and this would all have been defused,” Mimlitz told Threat Report.
Instead, on Nov. 10 the center released a report that connected the broken water pump to the log-in to the SCADA system from a Russian IP address. The author of the report surmised that Russian hackers had gained access to Mimlitz’s cellphone and stole his credentials.
Following the media storm created by the report, the FBI and the Department of Homeland Security sent investigators to the water plant. After examining the logs and speaking with Mimlitz, they realized that the state center was wrong.
Following the investigation, the DHS Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) issued a bulletin on Nov. 23, which concluded: “After detailed analysis of all available data, ICS-CERT and the FBI found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.”
So much for the first shot in a US-Russia cyberwar.