Hackers Fail To Contaminate Florida Water

Hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida and sought to add a dangerous level of additive to the water supply, the Pinellas County Sheriff saysThe criminals infiltrated a treatment plant and boosted Sodium Hydroxide to dangerous levels. The attack occurred 20 miles from the site of the Super Bowl, two days before the game was to be played.

The initial attempt was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems. The affected water treatment facility is a public utility owned by the town of Oldsmar (15,000 inhabitants) which has its own internal IT team. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant. The hackers then increased the amount of sodium hydroxide being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume. 

TeamViewer is a widely used software application that allows easy access to machines remotely from anywhere, and is often used for remote IT troubleshooting  and technical assistance. “The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up that the computer has been accessed... The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.” said the Sheriff. Team Viewer  has been installed on 2.5 billion devices worldwide, enables remote technical support among other applications.

The plant employee alerted his employer, who called the Sheriff and the water treatment facility was able to quickly reverse the command, leading to minimal impact.

The leading cybersecurity firm Fireweed attributed an increase in hacking attempts it has seen in the last year mostly to novices seeking to learn about remotely accessible industrial systems.Many victims appear to have been selected arbitrarily and no serious damage was caused in any of the cases – in part because of safety mechanisms and professional monitoring, Fireweed analyst Daniel Appellant Zara said in a statement. “While the (Oldsmar) incident does not appear to be particularly complex, it highlights the need to strengthen the cybersecurity capabilities across the water and wastewater industry,” he said.

It is not known if the hack was done from within the US and  his latest attack in Florida will do nothing to calm cyber security experts who've been warning for years that critical national infrastructure facilities are being targeted. Water, electricity, nuclear plants and transport are being probed for weaknesses all the time not just because of the potential for mass disruption but also because they are often running on obsolete and vulnerable IT systems.  

Reuters:       Al Jazeera:         CNet:      USNews:           BBC:         ITPro:        

You Might Also Read: 

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« France Responds To Cyber Attacks
Cyber Security Insights For Executives »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Firmitas Cyber Solutions

Firmitas Cyber Solutions

Firmitas’ ValidiGate is a disruptive attack-prevention solution providing operational assurance and security for industrial and mission-critical systems.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Astroscreen

Astroscreen

Astroscreen is an early warning system for detecting disinformation and information warfare on social media.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.