Hackers try to poison water in Florida

Hackers broke into the IT systems controlling a water treatment facility in Florida on Friday the 5th of February. The hacker began to change the levels of sodium hydroxide that is released into the water. Sheriff Bob Gaultier stated “the hacker changed the concentration of sodium hydroxide from about 100 parts per million to 11,100 ppm. This is a life-threatening and dangerous increase. Sodium hydroxide is the main ingredient in liquid drain cleaners. It’s used in water treatment to control water acidity and to remove metals from drinking water. After manipulating the concentration, the intruder exited the system. By sheer luck, a vigilant operator at the plant had seen the situation and acted immediately to reduce the level back to normal.”
The hacker had maliciously attempted to poison the local water supply. As the hacker’s intrusion was swiftly detected this resulted in no tainted water being delivered to the local residents.
A shared password may be to blame for the successful hack..
On Tuesday, federal and state officials released details of how the hack succeeded—and all signs point to poor security practices as the main point of failure.
To gain access, the hacker exploited TeamViewer, software which companies and governments use to remotely view a computer’s screen over the internet, and control the computer. Today, it’s used to access a work’s computer from home.
Employees at the water treatment plant in Florida installed TeamViewer on several computers to help them manage the facility. However, all the computers shared the same password for remote access.
These same computers were connected to the internet, without a firewall, making it even easier for any hacker to breach the system. To make matters worse, the affected computers ran an obsolete version of Windows, which no longer receives security updates.
After the event it is clear that the passwords were inadequate, the operating systems were vulnerable and management – shall we say – overdue for a shake-up. These circumstances actually facilitated the attack, and the attack WAS successful.
The hacking of the water treatment facility is not the first of its kind. A similar incident occurred elsewhere in the US about 5 years ago – random changes were made in the systems. If this latest attack had not been thwarted, there would have been disastrous repercussions.
WHAT IS THE EXPOSURE OR RISK?
The TeamViewer website currently advertises more than 2.5 billion downloads of its software. While there is no root cause of entry, a TeamViewer statement says that there is no indication that their software has been compromised. Users of remote-access software are potentially at risk, especially for installations with automatic monitoring or control systems.
WHAT ARE THE RECOMMENDATIONS? (these apply to ALL businesses)
To ensure no unauthorised access occurs in an environment :
1) Ensure proper authentication and access methods are followed to properly authorise and secure users’ logins and sessions.
2) Use Multi-Factor Authentication – MFA – wherever possible. For the remote access software, the software running on the remote computer or even locally.
3) Follow good password hygiene for ALL users.
4) Periodically run vulnerability and penetration tests to detect, and patch, any potential vulnerabilities on a network.
5) Train your employees to be cyber-smart. Ongoing education strengthens the defences.
These breaches are typically aimed at larger entities. The threat is very real, and you must be aware, impinges upon smaller business, home workers and charities. If a small player false victim in these attacks, rest assured, the cyber criminals will still take any money they can.
As technology becomes increasingly interconnected, and reliance on broadband grows, we need stricter housekeeping. For you this begins with a stringent review of your data-access paths and processes. The review continues –
How you manage data-flow to your staff, to customers and to your supply chain.
If you have any questions relating to your own cyber security concerns then please contact us.