The gate to the Bowman Avenue Dam facility in Rye Brook, NY is locked, but the cellular modem used for its controls wasn’t.Google
In 2013, someone gained access to the operations center for the Bowman Avenue Dam, a small flood control dam on Blind Brook in Rye Brook, New York.
The attackers were later identified in a classified Department of Homeland Security report as being the same Iranian group alleged to have been responsible for attacks on PNC Financial Services Group, SunTrust, and Capital One Financial.
The attack was first made public in December 2015 by a Wall Street Journal report. Now, according to a CNN report, the US Department of Justice is preparing to file an indictment against those believed to be behind the intrusion—individuals believed to have been operating at the direction of the Iranian government.
Calling the intrusion an “attack” may be a bit of an overstatement—the controls of the dam were not accessed, according to government officials cited anonymously by CNN, and only “back office systems” were penetrated.
The intrusion was made possible by a broadband cellular modem used to connect the small facility to the Internet, and the Bowman Avenue facility was targeted by a network scan for industrial control systems exposed to the Internet.
The National Security Agency intercepted the incoming scans from Iran, and passed a list of targeted Internet addresses to the Department of Homeland Security.
The address for the network at the Bowman Avenue Dam was among them—but DHS officials were at first concerned that the attackers were going after the Arthur R.
Bowman Dam near Prineville, Oregon (an irrigation dam with no floodgate controls, making it pretty much impossible to hack with anything short of Internet-connected dynamite).
Eventually the IP address involved was traced to the small flood control dam in Rye.
However, eager to “name and shame” state-sanctioned intrusions and attacks on US critical infrastructure, the DHS and Department of Justice have decided to move forward three years later with a case against those believed to be behind the Bowman Avenue hack. When asked about the pending case, Department of Justice spokesperson Marc Raimondi said in written statement to CNN that the DOJ takes “malicious activity in cyberspace seriously, and we will continue to use all the tools at our disposal to prevent, deter, detect, counter and mitigate such activity.”