Thread: Hackers tried to poison a Florida towns water supply.

Some one tried to raise the alkalinity to a dangerous level. Fortunately redundancies would have detected it if it had not been noticed by the computer operator. But this is a scary new development . From Defense one;


Back stateside, hackers tried to poison a Florida town’s water supply. Using remote-access tools intended to allow outside contractors to operate the water system that serves the town of Oldsmar, unknown hackers released lye — a strong base normally used in small amounts to prevent mineral buildup — at more than one thousand times the usual concentration, town officials told reporters on Monday.
Plant operators saw the initial intrusion, which lasted just a few minutes, but dismissed it as a legitimate use. Some hours later — but well before the dangerous chemical left the plant and entered the public water supply — an operator sounded the alert and stopped the flow, the New York Times reported.
The Feb. 5 event joins a growing list of network-enabled attacks on infrastructure, including:

• 2016: Iranian hackers took control of a small dam in Rye Brook, New York.
• 2017: Russian hackers gained access to critical control systems at U.S. and European power plants.
• 2019: U.S. CYBERCOM implanted malware in Russia’s power grid.
• April 24, 2020: Malware traced to Iran stops a municipal water pump in Israel.
• May 9, 2020: Israel disrupted operations at Iran’s Shahid Rajaee port. More, here.

Treatment Plant Intrusion Press Conference - YouTube

Originally Posted by BradC

So I have a 1920's house with a warded lock on the front door than can be opened by any bent coathanger. I fastidiously lock my door when I leave, but everyone knows the lock can be opened with a coathanger.
One of the local louts uses said coathanger to unlock the door and do the place over. He still "broke in" and would be treated as such.

Entering a property / system without permission is still an illegal entry. Were they muppets for setting it up the way they set it up? Sure.

Now consider the fallout from the Solarwinds hack. There is an organisation somewhere that has credentials to a lot of sensitive networks. Some of those networks won't be aware their credentials were stolen, or will stubbornly refuse to change them, or will miss one. The organisation in question uses an "inappropriately acquired" credential to enter a system and turn the hydroxide level up. Is it the same thing? Yeah, it is.

I don't really agree on a few points. If your 1920 unlocked door is responsible for the security and well being of a whole town or more, then it's your fault for leaving that door there. No insurance company will cover you without being able to lock the door and the police are going to question why you left this insecure when you knew about it. Not to mention you'll possibly be charged for endangering people and god forbid no one got killed if you knowingly leave your door in a state that's so easy to access, especially when you know it is.

Using the argument that people shouldn't do bad things just because they can is not going to fix the fact that people will do bad things. That's why you have insurance, because there are things that are going to possibly happen that you can't control and there's such a high possibility of it happening you're willing to pay each year.

This is a very basic exampleof a high risk security system that was installed with zero care towards security. The passwords were default. If you left a bag of money on the street and someone steals it, sorry but that's your fault. You know there's bad people in the world, don't blame them for doing what they naturally do when you know they do it. It's like getting angry at a dog for being a dog. You can try all you want but it's not going to meow