Russians Seize Water Follies Attack Server

John Jay, the spokesman for the Department of Foreign Affairs, announced this morning that a foreign government had seized the server that was used in the cyberattack on the Water Follies facility in Delano, GA on Saturday, but he refused to identify the government involved. “The government concerned has made arrangements to turn over the server to the Federal Bureau of Inquiry this afternoon,” Jay explained at the press conference. Jay took no questions about the server issue. Esther Williams, the manager for Water Follies, was at this morning’s press conference at the National Critical Infrastructure Security Operations Center (CI-SOC) this morning. She confirmed that her operations staff was working with CI-SOC to remove the malware from the control system so that the facility could be opened back up to the public. “The team from Dragonfire Cyber is helping to remediate the zero-day vulnerability that the attackers used in the cyber assault on the facility,” Williams told reporters. Williams studied computer science at Georgia Tech while she competed internationally in swimming. Gen Turgidson, Director of CI-SOC, told reporters that a team from his organization would be on hand in Berlin when the server was turned over later today. “Our investigators identified the location of the server in Moscow, and we provided the location to the FBI. They contacted their law enforcement counterparts in Russia,” Turgidson explained. A technician at Dragonfire that was not authorized to talk to the press told me that while the incident response team (IRT) identified the location of the command-and-control server in Moscow, they did not believe that the operation was controlled from that country. “One of our investigators is from Israel and she identified many of the programming comments found remotely on the server as being idiomatic Arabic.” The technician said. The IRT is reportedly concerned that it was almost too easy to identify the location of the command-and-control server. Gen Turgidson confirmed that, so far, the technical investigation is not pointing at the Russians as a source of the attack. “This was not a real sophisticated attack once one gets past the 0-day vulnerability.” Turgidson explained, “The attackers had some detailed knowledge about the operations at the water park, but there were no great hacking skills in evidence.” CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More