Wednesday, January 25, 2012

Hackers Breached Railway Network, Disrupted Service



Hackers attacked computers at an an unidentified railway 
company, disrupting railway signals for two days in 
December, according to a government memo obtained
by Nextgov.


Forbes - According to the memo, train service on the unnamed railroad located in the Pacific Northwest “was slowed for a short while” on Dec. 1, and rail schedules were delayed about 15 minutes after the interference. The next day, shortly before rush hour, a “second event occurred,” but this one did not affect schedules, NextGov reports.

An investigation determined that hackers — possibly from overseas — had penetrated the system from three IP addresses, according to the memo, which did not name the country from which the hack occurred.

“Some of the possible causes lead to consideration of an overseas cyberattack,” the memo said.

Information stating that a targeted attack occurred was sent out on Dec. 5, along with alerts listing the three IP addresses, to several hundred railroad firms and public transportation agencies, in addition to unnamed partners in Canada.

A DHS spokesman acknowledged the breach in a statement to Threat Level.

“On December 1, a Pacific Northwest transportation entity reported that a potential cyber incident could affect train service,” said spokesman Peter Boogard in a statement. “The Department of Homeland Security (DHS), the FBI and our federal partners remained in communication with representatives from the transportation entity in support of their mitigation activities and with state and local government officials to send alerts to notify the transportation community of the anomalous activity as it was occurring.”

A DHS official added that after more in-depth analysis of the incident, it did not appear to be a targeted attack aimed at the railway and halting service, but was more of a random incident that simply hit the transportation entity. He would not elaborate.               More