Results 1 to 5 of 5

Thread: Hackers tried to poison a Florida towns water supply.

  1. #1
    Join Date
    May 2010
    Location
    brighton, brisbane
    Posts
    30,789

    Hackers tried to poison a Florida towns water supply.

    Some one tried to raise the alkalinity to a dangerous level. Fortunately redundancies would have detected it if it had not been noticed by the computer operator. But this is a scary new development . From Defense one;


    Back stateside, hackers tried to poison a Florida town’s water supply. Using remote-access tools intended to allow outside contractors to operate the water system that serves the town of Oldsmar, unknown hackers released lye — a strong base normally used in small amounts to prevent mineral buildup — at more than one thousand times the usual concentration, town officials told reporters on Monday.
    Plant operators saw the initial intrusion, which lasted just a few minutes, but dismissed it as a legitimate use. Some hours later — but well before the dangerous chemical left the plant and entered the public water supply — an operator sounded the alert and stopped the flow, the New York Times reported.
    The Feb. 5 event joins a growing list of network-enabled attacks on infrastructure, including:


    • 2016: Iranian hackers took control of a small dam in Rye Brook, New York.
    • 2017: Russian hackers gained access to critical control systems at U.S. and European power plants.
    • 2019: U.S. CYBERCOM implanted malware in Russia’s power grid.
    • April 24, 2020: Malware traced to Iran stops a municipal water pump in Israel.
    • May 9, 2020: Israel disrupted operations at Iran’s Shahid Rajaee port. More, here.



    Treatment Plant Intrusion Press Conference - YouTube
    I’m pretty sure the dinosaurs died out when they stopped gathering food and started having meetings to discuss gathering food

    A bookshop is one of the only pieces of evidence we have that people are still thinking

  2. #2
    Join Date
    Mar 2018
    Location
    Perth
    Posts
    883
    Quote Originally Posted by bob10 View Post
    Some one tried to raise the alkalinity to a dangerous level. Fortunately redundancies would have detected it if it had not been noticed by the computer operator. But this is a scary new development
    Hardly new. This stuff has been going on for years, and it is only getting worse as people with the relevant experience retire and are replaced with muppets who think their toaster needs to be connected to the world.

    The crap I see from organisations with critical infrastructure who are being told (by said proponents of a connected toaster) everything needs to be “interconnected” because it’ll save money and promote “efficiency” would make your hair curl.

    Still, keeps me in a job.

  3. #3
    Join Date
    Mar 2018
    Location
    Sydney
    Posts
    376
    Hi all

    They took complete remote control of the system and upped the caustic soda from the normal 100 parts per million to 11,100 parts per million.
    Their SCADA control system was accessed via TeamViewer which had been installed and they left the default password in place.
    Also quoting: "Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed."
    And they were using Windows 7 which is well past any security updates.

    So you can't really say that anybody broke in :-)

    Reference here: Cybersecurity Advisory for Public Water Suppliers | Mass.gov

    Mike
    Our car: Fuji White MY13 D4 SDV6 SE 3.0 Litre, 8 spd auto.
    My car: Series 2a Workshop, 109 inch WB, ex mil., 1971. To be restored.
    Wife's car: Series 2a FFT, LWB, ex. mil., 1966. To be restored.

  4. #4
    Join Date
    Mar 2018
    Location
    Perth
    Posts
    883
    Quote Originally Posted by speleomike View Post
    So you can't really say that anybody broke in :-)
    So I have a 1920's house with a warded lock on the front door than can be opened by any bent coathanger. I fastidiously lock my door when I leave, but everyone knows the lock can be opened with a coathanger.
    One of the local louts uses said coathanger to unlock the door and do the place over. He still "broke in" and would be treated as such.

    Entering a property / system without permission is still an illegal entry. Were they muppets for setting it up the way they set it up? Sure.

    Now consider the fallout from the Solarwinds hack. There is an organisation somewhere that has credentials to a lot of sensitive networks. Some of those networks won't be aware their credentials were stolen, or will stubbornly refuse to change them, or will miss one. The organisation in question uses an "inappropriately acquired" credential to enter a system and turn the hydroxide level up. Is it the same thing? Yeah, it is.

  5. #5
    Join Date
    Feb 2021
    Location
    South Coast NSW
    Posts
    76
    Quote Originally Posted by BradC View Post
    So I have a 1920's house with a warded lock on the front door than can be opened by any bent coathanger. I fastidiously lock my door when I leave, but everyone knows the lock can be opened with a coathanger.
    One of the local louts uses said coathanger to unlock the door and do the place over. He still "broke in" and would be treated as such.

    Entering a property / system without permission is still an illegal entry. Were they muppets for setting it up the way they set it up? Sure.

    Now consider the fallout from the Solarwinds hack. There is an organisation somewhere that has credentials to a lot of sensitive networks. Some of those networks won't be aware their credentials were stolen, or will stubbornly refuse to change them, or will miss one. The organisation in question uses an "inappropriately acquired" credential to enter a system and turn the hydroxide level up. Is it the same thing? Yeah, it is.
    I don't really agree on a few points. If your 1920 unlocked door is responsible for the security and well being of a whole town or more, then it's your fault for leaving that door there. No insurance company will cover you without being able to lock the door and the police are going to question why you left this insecure when you knew about it. Not to mention you'll possibly be charged for endangering people and god forbid no one got killed if you knowingly leave your door in a state that's so easy to access, especially when you know it is.

    Using the argument that people shouldn't do bad things just because they can is not going to fix the fact that people will do bad things. That's why you have insurance, because there are things that are going to possibly happen that you can't control and there's such a high possibility of it happening you're willing to pay each year.

    This is a very basic exampleof a high risk security system that was installed with zero care towards security. The passwords were default. If you left a bag of money on the street and someone steals it, sorry but that's your fault. You know there's bad people in the world, don't blame them for doing what they naturally do when you know they do it. It's like getting angry at a dog for being a dog. You can try all you want but it's not going to meow

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Search AULRO.com ONLY!
Search All the Web!