Earlier this year, Hackers breached the Industrial Control System (ICS) network of a New Jersey air conditioning company by exploiting a backdoor vulnerability in the system, according to an FBI memo(info.publicintelligence.net/FBI-AntisecICS.pdf).
The hackers first breached the company’s ICS network by exploiting the vulnerabilities in Tridium Niagara ICS system , that allowed access to the main control mechanism for the company's internal heating, ventilation, and air conditioning (HVAC) units.
According to the memo, the security breach occurred in February and March 2012 , few weeks after @ntisec posted a tweet indicating that hackers were targeting SCADA, and something had to be done to address SCADA vulnerabilities.
The company used the Niagara system not only for its own HVAC system, but also installed it for customers, which included banking institutions and other commercial entities.
Although the controller for the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. The link posted by the hacktivist provided the same level of access to the company's control system as the password-protected administrator login.
The logs from controller showed hackers has gained access to the system from multiple unauthorized international and US-based IP addresses.
