An investigation determined that hackers — possibly from overseas — had penetrated the system from three IP addresses, according to the memo, which did not name the country from which the hack occurred.
“Some of the possible causes lead to consideration of an overseas cyberattack,” the memo said.
Information stating that a targeted attack occurred was sent out on Dec. 5, along with alerts listing the three IP addresses, to several hundred railroad firms and public transportation agencies, in addition to unnamed partners in Canada.
A DHS spokesman acknowledged the breach in a statement to Threat Level.
“On December 1, a Pacific Northwest transportation entity reported that a potential cyber incident could affect train service,” said spokesman Peter Boogard in a statement. “The Department of Homeland Security (DHS), the FBI and our federal partners remained in communication with representatives from the transportation entity in support of their mitigation activities and with state and local government officials to send alerts to notify the transportation community of the anomalous activity as it was occurring.”
A DHS official added that after more in-depth analysis of the incident, it did not appear to be a targeted attack aimed at the railway and halting service, but was more of a random incident that simply hit the transportation entity. He would not elaborate. More