The Russian hack never happened

An American contractor says hackers did not launch a cyber attack against a water facility in central Illinois.

Rather, Jim Mimlitz explains, the false alarm was triggered when he logged onto the system while vacationing in Russia with his wife and three daughters. 

Still, Mimlitz is uncertain why the DHS failed to contact him about the incident, which likely would have helped resolve the issue immediately.

Instead, US law enforcement officials assumed his password was stolen by hackers who accessed the system from Russia, supposedly causing a water pump to shut down five months later.

The alleged Russian-water pump link was first noted by a repairman examining the logs who saw a Russian IP address attached to a remote login by Mimlitz. 

The incident was reported to a state agency, leading to the involvement of the Illinois Statewide Terrorism and Intelligence Center and prompting reports of the first successful cyberattack on US infrastructure.

“A quick and simple phone call to me right away would have defused the whole thing immediately,” Mimlitz told the Associated Press. 

“All I did was I logged on. I tried to help. I looked at some data and gave them my advice.”

Although the DHS declined to comment on the latest developments, the department reiterated an earlier statement which said there was “no evidence to support claims made” in the initial report, as it “was based on raw, unconfirmed data and subsequently leaked to the media.”

Meanwhile, Mimlitz said the Navionics system he helped install in the Illinois water plant was “very secure,” despite recent reports claiming that Supervisory Control and Data Acquisition (SCADA) systems are vulnerable to hacking.

[“But] we’re going to keep working on it,” he added.