What is the sloppy security system of a water treatment facility that was in danger of mass poisoning due to hacking?
On February 5, 2021, an incident occurred in which someone remotely accessed a water treatment facility in Oldsmer, Florida, and set the amount of sodium hydroxide contained in clean water to about 100 times the standard value. Fortunately, it was discovered early and there were no victims, but the FBI and Secret Service have begun investigating it as a national security issue. On February 11, 2021, when the investigation proceeded, it was reported that it was revealed that a hacker broke into a PC without a firewall and used the remote control software '
Hack exposes vulnerability of cash-strapped US water plants
https://apnews.com/article/water-utilities-florida-coronavirus-pandemic-utilities-882ad1f6e9f80c053ef5f88a23b840f4
Hack exposes vulnerability of cash-strapped US water plants
https://apnews.com/article/water-utilities-florida-coronavirus-pandemic-utilities-882ad1f6e9f80c053ef5f88a23b840f4
Breached water plant employees used the same TeamViewer password and no firewall | Ars Technica
https://arstechnica.com/information-technology/2021/02/breached-water-plant-employees-used-the-same-teamviewer-password-and-no-firewall/
An unauthorized access to the water treatment facility in question occurred around 1:30 pm on February 5, 2021, according to a statement from the Pinellas County, Florida Security Office. As personnel monitored the system, the on-screen cursors moved to change plant settings, increasing the sodium hydroxide concentration in the clean water up to 100 times higher than normal. However, the staff immediately restored the settings and notified the authorities, and they are getting things done.
It turns out that the water system was hacked and there was a risk of mass poisoning of citizens
According to an investigation by the Massachusetts Department of Environmental Protection, which was investigating this case, the remote control software 'Team Viewer' was installed on one of the PCs of the water treatment facility where unauthorized access was made, and staff members installed this software. It is known that the status check and system control of the water treatment plant were performed through this. However password to use the Team Viewer is the same thing in all of PC are used , further PC is connected to leave the Internet of disabled firewall, OS of all of the PC support is the end was was 'Windows 7' It is called Ta. The FBI has released similar findings, stating that 'hackers have exploited security weaknesses to access the system.'
Team Viewer has many users all over the world, but it has a long history of being used as an attack method for hackers in each country, and Team Viewer has a security measure of 'setting a secure password that is difficult to guess'. Recommended.
The developer issues a statement about the damage caused by the hijacking of TeamViewer that remotely operates the PC
According to cybersecurity company Fire Eye , attempts to hack water treatment facilities have increased over the past year, but most are by amateurs. Chris Systrunk, FireEye's technical manager, said, 'Cybersecurity issues are relatively new to American water companies, and issues such as blocked water pipes and broken pipes are more important. 'It turned out that basic security measures are necessary due to this hack, but there is no need for drastic system reforms,' he said.
A safeguard has been set up at the water treatment facility for some time, and Bob Gualtieri of the Pinellas County Sheriff's Office, who was in charge of the case, said, 'There is a grace period of more than 24 hours before water supply, and during that time. Chemical changes would have been detected. '
Related Posts:
in Security, Posted by log1p_kr