Refrigerator Used to Hack Chlorine Plant

DedicatedICS
Yanac

The Federal Bureau of Inquire announced today the arrest of William
Cruikshank in connection with last month’s attack on the ChlorAlk plant in Le
Sel, LA. That attack resulted in a chlorine release at the facility that
injured twelve employees and caused overnight evacuation of the nearby Depatman
Doubs Neighborhood. Cruikshank is being charged with twelve counts of attempted
murder, unauthorized access to a sensitive computer system, and wiretapping.

Johnathan Quest, FBI spokesperson, confirmed that Cruikshank
was arrested when he tried to recover a Bluetooth device that he had placed at
the home of an unnamed control system engineer that worked at ChlorAlk. “We
were keeping an eye on the device,” Quest said; “It was a specially modified
cell phone, that Cruikshank had apparently used before, so we were pretty sure
that he wanted it back.”

The Director of the National Critical Infrastructure
Security Operations Center (CI-SOC), General Buck Turgidson, briefed reporters
on the latest information about the ChlorAlk hack. “This was a sophisticated attack
on the control systems at the facility,” Turgidson explained; “but there were
no specific control system vulnerabilities exploited. We quickly determined
that the attack was made via the engineering laptop used by one of the facility’s
control system engineers.”

Special Agent R. (Ace) Bannon told reporters at the FBI
press conference that the Bureau had initially looked at that engineer as a
potential suspect, but quickly changed the focus of their investigation when Students
for Immediate Neutralization of Chlorine Technology and Energy Reversion
(SFINCTER) announced responsibility for the attack. “We have a lengthy ongoing
investigation on this group, and a close examination of the laptop showed signs
of it being hacked by Cruikshank,” Bannon explained.

A technician working at CI-SOC who was part of the investigation
told me that it was surprising that Cruikshank was able to penetrate the well
protected laptop. “Then we learned that the engineer was using the tools on the
laptop to do some work at home on his smart refrigerator, she said; “That
refrigerator had an old Bluetooth application that had a number of
vulnerabilities that Cruikshank was able to exploit to get access to the laptop.”

Sueur Hargreaves-Bird, spokesperson for ChlorAlk that the engineer,
only identified as ‘Chris’, had been hired after the hack of the
facility’s chlorine sensors two years ago. “We specifically hired Chris
because of his hacking background and put him to work looking for
vulnerabilities in our systems,” Seuer said; “He has coordinated vulnerability
disclosures with all of our vendors. Many were not happy with Chris’ efforts,
but if they wanted to keep being suppliers for us and others in the industry,
they knew that they had to fix the vulnerabilities that Chris found.”

Bannon confirmed that Cruikshank had targeted Chris. “Chris
had a very active blog where he discussed each of the vulnerabilities that he
had uncovered, and there were numerous hints that he worked in the chlor-alkali
industry. He was an obvious target for someone like Cruikshank.”Future ICS Security NewsRead More