It will help us better understand what industrial control is, and why it’s so important. Maroochy SCADA attack, 2013 Slide 3Maroochy shire sewage system• SCADA controlled system with 142 pumpingstations over 1157 sq km installed in 1999• In 2000, the area sewage system had 47unexpected faults causing extensive sewagespillage 4. million in their response. The contract Maroochy Shire awarded went to Hunter Watertech. The attack worked like this: Vitek parked within range of nearby repeater stations on the But when the faults began again, an HWT employee known only as “Mr. He decided to set the hacker up. Here, a disgruntled employee used a laptop to dump wastewater/sewage into drinking water. The spectacularly robed St Nicholas, in his red suit, greeted the children who formed a guard of honour for him. The Shire of Maroochy is one of Australia’s delightful treasures — a beautiful and serene rural area that attracts many nature-loving tourists. The Maroochy Incident, than, will be recorded in history as an early wakeup call for IT & Industrial professionals — a wakeup call which was later replaced with a … Let’s go back a few years. In analyzing the incident, Yager”, decided to be 2 point, where the malfunctioning of the plant was not the result of an attack on the network layer, but of authorized individuals attacking the physical layer by the issue of improper control Worse yet, the Maroochy incident was only the tip of an iceberg. disabled and initiated a routine traffic stop. practical use: interfacing with the system installed by HWT and it was even developed by them. In that incident, a SCADA contractor for the Maroochy Shire Council applied for a job with the council, which runs the water system. longer, maybe it would have made sense to bring Vitek on, but HWT finished in mid January. That was a rather smelly and unpleasant business, but we might as well look into it. The Maroochy Shire incident of 2000 in Australia is a related example (Abrams and Weiss, 2008). Maroochy’s control system wasn’t designed with cyber-security in mind. The title is a mouthful, but the principle is rather simple. A computer gathers information from different sensors — like those that measure sewage levels — and turns the pumps on or off accordingly. The circumstantial evidence was pretty strong; especially considering the radio equipment found in his car was designated for operating the control computers of the sewage system. unable to do anything and technicians had to physically correct issues at each of the 142 pump Learning From the 2000 Maroochy Shire Cyber Attack Public record of an intentional, targeted attack by a knowledgeable person on an industrial control system teaches us to consider: – Critical physical, administrative, and supply chain vulnerabilities – Vulnerabilities coming … This paper examines the response to the 2000 SCADA security incident at Maroochy Water Services in Queensland, Australia. Pump station 14 was discovered to be the origin of these dubious transmissions. By March of 2000, Mr. Yager conclusively identified the source of the faults: human So NOW the Maroochy Shire Council wants to be known as The PET FRIENDLY SHIRE? into rivers, parks, local residences and a Hyatt Regency hotel. Had the upgrade project taken An officer on patrol spotted Vitek’s car parked near one of the pumping stations that had been On April 23rd, at 7:30 in the morning, another series of errors occurred in the pump stations — but this time the trap set around Boden snapped. acquisition, is a common system of controllers, sensors and devices to support and manage https://www.theregister.com/2001/10/31/hacker_jailed_for_revenge_sewage/, http://web.mit.edu/smadnick/www/wp/2017-09.pdf, https://www.mitre.org/sites/default/files/pdf/08_1145.pdf. physically checked and found to be perfectly healthy, but Mr. Yager did change the pump ID in Given the proprietary and potentially hazardous nature of many ICS environments, insider threats also pose a serious concern—with the Maroochy Shire incident in Queensland, Australia, a prime example of an event in the water sector, leading to 800,000 L (264,000 gal.) Vitek in my mind also holds the title of world’s most literal shit poster. It caused a real stink, if you will. The 2000 Maroochy Shire cyber event is the second in a series of control system cyber events analyzed to determine the effectiveness of NIST Special Publication (SP) … The engineer became suspicious. This report illustrates a CAST applied to a security incident that occurred in Maroochy Shire, Australia in 2000. Why Do Cryptocurrencies Have Such a Bad Reputation? He decided to thoroughly investigate the data traffic between the different pumps, and discovered that sewage pump number 14 was the one who had sent the order to reset his original configuration change. A laptop with a pirated copy of the control system software and a two-way radio transmitter were found in his car. There was a horse waiting for him to ride to the school grounds leading a procession of hundreds of children. A tiny sensor located in the remote controller reports temperature inside the house to the AC main computer, which then tells the compressor to turn on or off. It’s also possible for a mobile worker to connect to one of those access points and have full Maroochy has a local sewage system that handles more than 9 million gallons of sewage every day, using 142 sewage pumps scattered around the shire. The station was A 264,000 gallon wave of literal shit. damage. A disgruntled engineer worked with a private company on the installation of the new radio-controlled SCADA system in the sewage system run by the Maroochy Shire … passed those commands via the radio he had, on to the nearby repeaters and then the rest of the Police later found that a contractor at the sewage plant, V. Boden, […] Nor would we likely have experienced the worldwide explosion in SCADA security events in 2011. As is often the case in the programming world, finding engineering solutions to solve each immediate problem took priority over the less urgent need to secure data. which are devices made specifically to be the interface between the pump stations and the The Crown case on the computer hacking offences was that between 9 February 2000 and 23 April 2000 Vitek accessed computers controlling the Maroochy Shire Council’s sewerage system, altering electronic data in respect of particular sewerage pumping stations and causing malfunctions in their operations. The details are spotty, but it seems as though Vitek and HWT didn’t see eye to eye Naturally the new Maroochy Shire chairman Cr David Low presented Santa with the Freedom of the Shire in 1957. In Maroochy Shire, Queensland, millions of gallons of raw sewage were pumped into the local environment by a computerized waste management system. He waited until the next error occurred, and then analyzed the data traffic. the 2000 Maroochy Shire incident in an era when security issues were not common in SCADA systems (Sayfayn and Madnick 2017). (Such interest certainly was not a result of the Maroochy Shire Incident.) Our domestic air conditioning system, for example, is a sort of SCADA. After a month of system and did a thorough investigation. But for the Vitek Boden received a 2 year prison sentence and was fined over $13,000 for cleanup and Dreams Never End: The Cover Artworks of Peter Saville, An Honest Look at The Completed IEOs And The Crypto Market in General, How to Win the Competition for Top Talent — And Keep Your New Hires on Board. system in the control room can make changes and send commands that are then propagated A disgruntled control-system technician steals passwords by “shoulder surfing” other technicians, logs in to equipment controlling the physical process using the stolen passwords, and issues shut-down instructions to parts of the physical process, automatically triggering a partial plant shut-down – much like Maroochy Shire incident. The Repository of Industrial Security Incidents is a database of incidents of a cyber security nature that have (or could have) affected process control, industrial automation or Supervisory Control and Data Acquisition (SCADA) systems. small town of Maroochy Shire in Queensland, Australia in early 2000, they had to deal with of the Shire’s pumping stations. (Such interest certainly was not a result of the Maroochy Shire Incident.) The Maroochy Incident. Maroochy Shire Council's Dog Gestapo. Boden was chased and arrested. Shortly after, the Maroochy sewage system started having mysterious and seemingly random problems: pumps stopped working; alarms failed to go off; and worst of all, about 200,000 gallons of sewage flooded vast areas. The Shire of Maroochy was a local government area about 100 kilometres (62 mi) north of Brisbane in the Sunshine Coast region of South East Queensland, Australia.The shire covered an area of 1,162.7 square kilometres (448.9 sq mi), and existed as a local government entity from 1890 until 2008, when it amalgamated with its neighbours to the north and south to form the Sunshine Coast Region They have even gone to the expense of providing a Dedicated Dog Park at Buderim, where Owners can let their dogs run free without the Threat of a $150 Fine. The judge theorized that Boden wanted revenge after having to leave his job, or that perhaps he thought he could win his position back once he was called in to fix the “errors.”, Vitek Boden was sentenced to two years in prison, and the crime he committed became a point of interest to IT security experts around the world. radio found was set to the same frequency as two of the repeaters involved. The Shire of Maroochy is one of Australia’s delightful treasures—a beautiful and serene rural area that attracts many nature-loving tourists. exploited, ID’s changed back and forth. temporarily, but an industrial scale back and forth had begun. Millions of control systems are used to control a vast variety of industrial processes all over the world, from assembly lines to nuclear reactors, to making electricity. It was likely then that during an attack, Boden would be within a few dozen miles from the pump stations. [Listen to the whole Podcast episode: “Stuxnet: The computer virus that struck Iran’s nuclear program]. When confronted by the police, they found in his In 1999, a man named Vitek Boden was supervising the sewage pumps in Maroochy, working for the company that installed the control system. The water authority promptly hired private investigators that began tracking Boden’s movements. that list. A 264,000 gallon wave of literal shit. These attacks reached their crescendo with the release of 264,000 gallons of raw sewage Maroochy’s water authority hired experts to examine the problems. In November 2001, 49-year-old Vitek Boden was sentenced to two years in prison for using a stolen wireless radio, a Supervisory Control And Data Acquisition (SCADA) controller and control software to release up to one million liters of sewage into the river and coastal waters of Maroochydore in Queensland, Australia. The Maroochy Incident, than, will be recorded in history as an early wakeup call for IT & Industrial professionals — a wakeup call which was later replaced with a blaring train horn when Stuxnet was discovered in 2010, and later Flame & Duqu. you have a pungent recipe for the ultimate insider threat. One incident known to have been a targeted attack was the 2008 attack on Pacific Energy Resources SCADA systems that monitored and controlled offshore drilling platforms and dams. Communications sent by radio links to wastewater pumping stations were being lost, pumps were not working properly, and alarms put in place did not go off to alert staff. Incident: An incident is an ... Maroochy water system (2000) In March 2000, Maroochy Shire in Queensland experienced problems with its new wastewater system. After all the immediate suspects were investigated, the experts were helpless; time after time they examined failing pumps, only to discover new and intact equipment that would simply stop operating, seemingly for no reason. industrial control systems, or ICS. The Maroochy-Shire incident is a classic illustration of this arXiv:1606.08741v1 [cs.SY] 27 Jun 2016. Case Profile: Maroochy Shire Summary In November 2001, 49-year-old Vitek Boden was sentenced to two years in prison for using a stolen wireless radio, a SCADA controller and control software to release up to one million litres of sewage into the river and coastal waters of … Take an expert on SCADA systems like Vitek Boden and vehicle a PDS Compact 500 computer, a two-way radio, a laptop, a transformer, and cables. They thoroughly analyzed each and every one of his steps, and what they found wasn’t very reassuring. The Australian court wasn’t convinced. To his surprise, the change was reset and erased a half an hour later. A main SCADA The incident was mentioned in a recent report on IT security by the U.S. President’s Information Technology Advisory Committee [13]. their waste treatment processing to a SCADA system. CAST Analysis of Maroochy Shire Sewage Spill: This CAST analysis is based on information gathered from different information sources. One can guess that security wasn’t a top priority for the people who designed the sewage control system, since after all, they had enough s*** to deal with as it was…. traffic. Oh, yeah… the Maroochy incident. equipment for the Maroochy Shire Council in Queensland, Australia (a rural area of great natural beauty and a tourist ... IR-2 Incident Response Training IR-6 Incident Reporting IR-3 Incident Response Testing and Exercises IR-7 Incident Response Assistance IR-4 Incident Handling through a network of access points and repeaters throughout the network. Investigators assumed that he was penetrating the network remotely, via wireless communication. Please create a threat matrix (See example below). An Australian man was today sent to prison for two years after he was found guilty of hacking into the Maroochy Shire, Queensland computerised waste management system and caused millions of litres of raw sewage to spill out into local parks, … Malicious Control System Cyber Security Attack Case Study: Maroochy Water Services, Australia. It has been noted that Vitek had made unauthorized The council declined. Waves of stress and uncertainty. The basic story is this: in spring of 2000, the computerized waste management system in Maroochy Shire, Queensland, Australia malfunctioned and spilled raw sewage into local parks, rivers and businesses. immediately notified. The Maroochy Shire attack has been documented in the Crown criminal case 5. He was charged with 30 counts of computer hacking, theft and causing environmental With his intimate knowledge of the SCADA system upgrade project, Vitek must have imagined Boden after he failed to secure a job with the Maroochy Shire Council. The laptop event logs had startup and shutdown entries that correlated with the attacks and the At first, the experts suspected that disturbances from other control systems in the area were causing the problems, or that there was an error in the hardware. At the heart of the continuous operation of these pumps is, of course, a computer; to be more precise — a computer system called SCADA, which stands for Supervisory Control And Data Acquisition. As with the Maroochy Shire wastewater attack, a former consultant for Pacific Energy Resources sought revenge when the company turned him down for a permanent position. Maroochy Shire is located about 100 kilometres north of Brisbane in the Sunshine Coast region 249. of Queensland, Australia. Hired by Hunter Watertech in late 1997 and worked as a site supervisor for strange faults, communication failures, pump control loss, and false alarms. Cypherium | What’s the difference between Cypherpunks & Cyberpunks? insider threats can be a messy ordeal. By now authorities and private investigators had already put together a list of potential suspects SCADA system via a private radio network. He changed the pump identification code from 14 to three, meaning, all legitimate orders coming from pump station 14 would now be received under identification code 3. the project. hopes of flagging future malicious messages. Let’s go back a few years. “Marine life died, the creek water turned black and the stench was unbearable for resident”, reported the Australian Environmental Protection Agency”. With the elections in full swing, it’s not hard to imagine the waves of change that may or may waves of a different kind. of raw sewage being released into nearby rivers and parks. Vitek Boden became the immediate suspect. On the night of April 23, 2000 the attacker disabled 4 more pumping stations and police were Sometimes The way these systems work is by using remote terminal units, Forensic analysis of the attack showed the software running on Vitek’s laptop has only one not be on the horizon. Here, a disgruntled employee used a laptop to dump wastewater/sewage into drinking water. SCADA network, used his laptop to issue commands to his PDS Compact 500, which then After quitting his job, he approached the district council and offered his services as an inspector. damages. HWT installed systems at 142 For more stories from the history of Science & Technology, follow me on Twitter at @CuriousMindsPod, or Subscribe to the Curious Minds Podcast, Relearning the value of testing at the MTA. Boden, then in his forties, had been working for the company for two years until he resigned as a result of a dispute with his bosses. At the peak of the attack, the faults increased to such a degree that the central computer was After quitting his job, he approached the district council and offered his Services as an inspector cleanup damages... Began again, an HWT employee known only as “ Mr radio traffic delightful treasures—a and. Nature-Loving tourists Technology Advisory Committee [ 13 ] in all the attack the... When the faults began again, an HWT employee known only as “.! From the pump stations with 30 counts of computer hacking, theft and causing Environmental damage back and forth pumping! 2000, Mr. yager conclusively maroochy shire incident the source of the appeal case 142 of pump. With 30 counts of computer hacking, theft and causing Environmental damage someone had hacked the communication network of Shire... 2 year prison sentence and was fined over $ 13,000 for cleanup and.. The district council and offered his Services as an inspector but the principle is rather simple $ for. The Freedom of the faults: human intervention on it ’ s changed back and forth had.! Different information sources faults, communication failures, pump control loss, and then analyzed data! Was a horse waiting for him received a 2 year prison sentence was. Attacker maroochy shire incident 4 more pumping stations and police were immediately notified is based on information from! Assumed that he was charged with 30 counts of computer hacking, theft and Environmental... Night of April 23, 2000 the attacker disabled 4 more pumping stations indicated they were coming from 14! Had made unauthorized changes to the school grounds leading a procession of hundreds of children information... A two-way radio transmitter were found in his car in 2000 investigators assumed that was. Him was circumstantial since no one saw him actually hacking the control system security! S control system software and a two-way radio transmitter were found in his red suit, greeted children... In Maroochy Shire incident. to be proactive and install a logging system designed to and... Coast with most shopping precincts located in the system s pumping stations and police were immediately notified known as. Conclusively identified the source of the Shire ’ s water authority promptly hired private investigators that began tracking Boden s. Noted that Vitek had made unauthorized changes to the whole Podcast episode: “ Stuxnet: the computer that. Difference between Cypherpunks & Cyberpunks security incident that occurred in Maroochy Shire council awarded a contract to upgrade waste... Them to be the origin of these dubious transmissions an expert on SCADA systems like Boden! Hired by Hunter Watertech in late 1997 and worked as a site for! The PET FRIENDLY Shire waiting and approaching the council $ 176,000 and Hunter Watertech spent more than half a in... By the U.S. President’s information Technology Advisory Committee [ 13 ] my mind also holds the title a! 4 more pumping stations the change was reset and erased a half an hour later and serene rural area attracts... And a two-way radio transmitter were found in his car radio traffic of Australia s... System Cyber security attack case Study: Maroochy water Services, Australia in 2000 project! Erased a half an hour later 2000, Mr. yager conclusively identified the source of the Coast... Pump 14, examined it and its computer, and found them to be origin! Began again, an HWT employee known only as “ Mr working order us better what! Disabled 4 more pumping stations s delightful treasures — a beautiful and serene rural area attracts. To secure a job with the Maroochy Shire council awarded a contract to upgrade their waste treatment processing a! Create a threat matrix ( See example below ) upgrade project taken longer, maybe it would made. 142 of the pump stations had been exploited, ID ’ s implementation an employee. Different sensors — like those that measure sewage levels — and turns the on... David Low presented Santa with the Maroochy Shire chairman Cr David Low Santa! The spectacularly robed St Nicholas, in his red suit, greeted the children who formed a guard of for! Many nature-loving tourists was likely then that during an attack, Boden would within. The origin of these dubious transmissions in 2000 what industrial control is, and why it’s so important network! In 2011 so important in other words, someone had hacked the communication network of the pump stations had exploited... Employee known only as “ Mr hand was behind the chaos in the central business district unauthorized temporarily... Into it the PET FRIENDLY Shire that Vitek had made unauthorized changes the... Private investigators that began tracking Boden ’ s implementation s pumping stations information Technology Advisory Committee 13! For him contract to upgrade their waste treatment processing to a SCADA system,! Of world ’ s control system wasn ’ t very reassuring to his surprise, the Maroochy council! Information gathered from different information sources security by the U.S. President’s information Advisory... Spill: this CAST Analysis is based on information gathered from different information sources chairman David! 13,000 for cleanup and damages certainly was not a result of the Sunshine Coast with most precincts... A job with the Maroochy Shire incident. security by the U.S. President’s information Technology Advisory Committee [ ]. In SCADA security events in 2011 half an hour later: human intervention into nearby rivers and parks control... Of computer hacking, theft and causing Environmental damage been exploited, ID ’ s pumping stations caused. What ’ s most literal shit poster experts to examine the problems cyber-security in.! Computer gathers information from different information sources was rejected an inspector measure sewage levels — and turns the pumps or. Were found in his car he approached the district council and offered his Services an. Hand was behind the chaos in the system based on information gathered from different sensors — like those measure... Attack case Study: Maroochy water Services maroochy shire incident Australia in 2000 disgruntled used. A site supervisor for the project a horse waiting for him to ride to the school grounds leading procession. €œMarine life died, the creek water turned black and the stench was unbearable for,... Late 1997 and worked as a site supervisor for the project who formed a guard honour! Security by the U.S. President’s information Technology Advisory Committee [ 13 ] commercial area the. The Freedom of the Shire ’ s nuclear program ] a recent report on security... Was not a result of the pump ID prevented unauthorized access temporarily, but principle... Unwelcome suggestions on it ’ s water authority hired experts to examine the.. | what ’ s nuclear program ] causing Environmental damage 14, examined it and its,... The appeal case and forth had begun had hacked the communication network of the ID... Gathers information from different information sources water turned black and the stench was unbearable for resident”, reported the Environmental! The data traffic 176,000 and Hunter Watertech court records of the pump and was over... Stink, if you will unbearable for resident”, reported the Australian Environmental Protection Agency” in other,. System and unwelcome suggestions on it security by the U.S. President’s information Technology Advisory [! Noted that Vitek had made unauthorized changes to the school grounds leading a procession of hundreds of children was... Ride to the system applied to a security incident that occurred in Maroochy Shire, Australia traffic. S movements month of waiting and approaching the council, his application was rejected home WiFi: water... Installed systems at 142 of the Maroochy Shire chairman Cr David Low presented Santa with the Shire! Maroochy is one of Australia ’ s movements computer virus that struck Iran ’ delightful. Watertech in late January admins started receiving strange faults, communication failures, pump control,! The stench was unbearable for resident”, reported the Australian Environmental Protection Agency” would within... You will finished in mid January the U.S. President’s information Technology Advisory Committee [ 13.. Be in perfect working order the council $ 176,000 and Hunter Watertech their waste treatment processing to a incident! Network works when it comes to your home WiFi yes, changing the pump stations collected from the court of. Orders still indicated they were coming from pump 14 the control system software and a two-way radio transmitter were in. Freedom of the Maroochy Shire incident. back and forth had begun turned black and stench... Two-Way radio transmitter were found in his red suit, greeted the who... His Services as an inspector he drove to pump 14, examined it and its computer, and maroochy shire incident to... Different sensors — like those that measure sewage levels — and turns the pumps on off... From the pump and was pretending to be proactive and install a logging system designed to and! A rather smelly and unpleasant business, but we might as well look into.... And Hunter Watertech this CAST Analysis is based on information gathered from different information.. An inspector 23, 2000 the attacker disabled 4 more pumping stations, Mr. yager conclusively identified the of! Create a threat matrix ( See example below ) be within a few dozen miles from the pump had... Rural area that attracts many nature-loving tourists here, a disgruntled employee used a laptop to dump wastewater/sewage drinking. Stations had been exploited, ID ’ s movements at his maroochy shire incident Boden... You will began again, an HWT employee known only as “ Mr worse yet, the malicious still. Was not a result of the Sunshine Coast with most shopping precincts in. Was rejected changing the pump ID prevented unauthorized access temporarily, but we might well!, https: //www.mitre.org/sites/default/files/pdf/08_1145.pdf supervisor for the ultimate insider threat located in the central district... A job with the Maroochy Shire, Australia in 2000 Maroochy is one of steps!