Hackers Fail To Contaminate Florida Water

Hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida and sought to add a dangerous level of additive to the water supply, the Pinellas County Sheriff saysThe criminals infiltrated a treatment plant and boosted Sodium Hydroxide to dangerous levels. The attack occurred 20 miles from the site of the Super Bowl, two days before the game was to be played.

The initial attempt was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems. The affected water treatment facility is a public utility owned by the town of Oldsmar (15,000 inhabitants) which has its own internal IT team. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant. The hackers then increased the amount of sodium hydroxide being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume. 

TeamViewer is a widely used software application that allows easy access to machines remotely from anywhere, and is often used for remote IT troubleshooting  and technical assistance. “The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up that the computer has been accessed... The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.” said the Sheriff. Team Viewer  has been installed on 2.5 billion devices worldwide, enables remote technical support among other applications.

The plant employee alerted his employer, who called the Sheriff and the water treatment facility was able to quickly reverse the command, leading to minimal impact.

The leading cybersecurity firm Fireweed attributed an increase in hacking attempts it has seen in the last year mostly to novices seeking to learn about remotely accessible industrial systems.Many victims appear to have been selected arbitrarily and no serious damage was caused in any of the cases – in part because of safety mechanisms and professional monitoring, Fireweed analyst Daniel Appellant Zara said in a statement. “While the (Oldsmar) incident does not appear to be particularly complex, it highlights the need to strengthen the cybersecurity capabilities across the water and wastewater industry,” he said.

It is not known if the hack was done from within the US and  his latest attack in Florida will do nothing to calm cyber security experts who've been warning for years that critical national infrastructure facilities are being targeted. Water, electricity, nuclear plants and transport are being probed for weaknesses all the time not just because of the potential for mass disruption but also because they are often running on obsolete and vulnerable IT systems.  

Reuters:       Al Jazeera:         CNet:      USNews:           BBC:         ITPro:        

You Might Also Read: 

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« France Responds To Cyber Attacks
Cyber Security Insights For Executives »

Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Information Technology Association of Canada (ITAC)

Information Technology Association of Canada (ITAC)

ITAC is the voice of the Canadian ICT industry and are dedicated to making Canada a world class, cutting-edge digital society.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

StorageCraft

StorageCraft

StorageCraft provides best-in-class backup, disaster recovery, system migration and data protection solutions for virtual and physical environments.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Inflexor Ventures

Inflexor Ventures

Inflexor Ventures is a technology focused venture capital firm that invests in early stage companies from seed to Series-A+ stages.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.