Hackers brought down a pump at a US water utility by attacking its SCADA (supervisory control and data acquisition) system through the Internet, according to an Illinois state government report.

While the report is not available, Joe Weiss, the managing director of Applied Control Solutions and a control systems expert, claimed to have seen the report in a blog posted last week, detailing a cyber attack on the city water station in Springfield, Illinois.

According to the report, the attack worked by simply turning one of the pumps on and off repeatedly until it burnt out. The attackers accessed the system using customer user names and passwords stolen from the SCADA software vendor, Weiss said.

In a statement, a spokesperson for the Department of Homeland Security said, “DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

In response to this statement, another hacker posted images that purported to show the inner workings of a water plant in Houston, Texas.

“No damage was done to any of the machinery; I don’t really like mindless vandalism. It’s stupid and silly,” the hacker wrote in a post accompanying the images. “On the other hand, so is connecting interfaces to your SCADA machinery to the Internet.”