Hacktivists Show the Danger of Leaving IBM i Unprotected

August 11, 2016

Even with its sophisticated security capabilities, your IBM i is only as secure as you make it. IBM i security experts have been saying this for years, but at least one organization learned the hard way.

Verizon’s recent Data Breach Digest proves once and for all that the system we know by many different names—AS/400, iSeries, System i—is securable, but not inherently secure.

Verizon’s publication analyzes real-world data breach incidents investigated by its team of cybersecurity professionals. The report is published annually and, for the first time, a breach of an AS/400 server is included.

What can we learn from an IBM i breach? Watch the on-demand webinar ›

This echoes what the State of IBM i Security Study has shown repeatedly: default settings and inattention to security leave the system vulnerable to cybercriminals, malicious insiders, and hacktivists.

Could a Data Breach Contaminate Tap Water?

Data breaches happen every day and typically only the biggest, most scandalous incidents make headlines. The scenario described by Verizon was no Sony hack or Anthem breach—and that’s the very reason IT professionals might feel beads of sweat trickling down their necks.

Verizon does not share the name and location of the breach victim in the report, revealing only that the organization is a water district. Like most breach victims, leadership at this organization probably never imagined unknown threat actors exploiting security vulnerabilities to steal data and compromise its operations.

Personally identifiable information (PII) and customer data were stolen from the system, but those records may not have been the primary goal of this attack.

The hacktivists, linked to Syria, gained access to operational technology systems to manipulate water flow rate as well as the chemicals used to treat water and make it safe to drink.

Business was disrupted—slightly. Water customers were affected—slightly. But the outcome could have been disastrous if the security vulnerabilities had gone unnoticed for much longer.

Answer the Wake-Up Call

This data breach could have had a tragic outcome, and the water district’s customers are fortunate that only their PII, not their health, was compromised.

Although this breach only involved one organization, the vulnerabilities affecting the water district are not unique. Many other businesses are vulnerable to intrusion, and many other security incidents go undetected for months or even years.

HelpSystems highlights these risks every year with the State of IBM i Security Study, helping IBM i shops understand where and how they can improve cybersecurity. The water district investigated by Verizon is a perfect example of the organizations included in the study.

The results of the State of IBM i Security Study are in, and once again, one of the most surprising take-aways is how vulnerable so many systems are. If ever there was a moment to take action on IBM i security, this is it.

Take the Next Step

IBM i security expert Robin Tatam analyzes the AS/400 breach, what this news means for the IBM i community, and what lessons businesses can learn. Watch this on-demand webinar for insight into how you can help your organization protect business-critical data and avoid becoming the next breach victim.


Find Out If Your IBM i Is Vulnerable

Identify and prioritize the vulnerabilities on your system with a free IBM i Security Scan.

Stay up to date on what matters.