Hacker tried to poison Ca. water supply by breaking into facility, manipulating


Hacker tried to poison the water California A new report was revealed when an attempt was made to remove an employee’s login information and remove a treatment program at a facility in the Bay Area.

The suspect, unidentified or unarrested, launched an attack on an unspecified facility on January 15, but was found shortly the next day.

Later, a report from the Northern California Regional Information Center revealed how easy it was for hackers to break into the system.

According to the report, the perpetrator somehow obtained the TeamViewer login credentials of a former employee. This allows users to remotely access their computer. NBC Report.

Then I removed a computer program designed to treat drinking water in the area.

The hacker’s attack was only stopped after the facility changed all passwords before reinstalling and updating the program, but the breach is still under investigation by the FBI.

“No (system) failures have been reported as a result of this incident, and no individual in the city has reported any illness due to water-related disorders,” the report said.

This is one of many recent cyberattacks on US water infrastructure, and authorities are in trouble nationwide.

Photo: Sunol Valley Waterworks in Sunol, California. It supplies water to thousands of customers in the Bay Area.The exact facility infringed was not identified by the authorities

The cyber attacker somehow got the TeamViewer login credentials of a former employee. This allows users to remotely access their computer.

The cyber attacker somehow got the TeamViewer login credentials of a former employee. This allows users to remotely access their computer.

The cyber attacker somehow got the TeamViewer login credentials of a former employee. This allows users to remotely access their computer.

Photo: San Francisco Regional Wastewater Treatment Plant, another Bay Area water treatment plant in Pleasanton, California.

Photo: San Francisco Regional Wastewater Treatment Plant, another Bay Area water treatment plant in Pleasanton, California.

Photo: San Francisco Regional Wastewater Treatment Plant, another Bay Area water treatment plant in Pleasanton, California.

Just weeks after a cyberattack at a water facility in the Bay Area, hackers broke into Florida’s water supply, Oldsmer, and programmed the system to raise the level of underwater rye from 100 to 11,100 parts per million.

Above 10,000 can lead to dysphagia, nausea / vomiting, abdominal pain and even gastrointestinal damage, said Dr. Kelly Johnson Arbor, a medical toxicologist at the National Capital Toxicology Center. NBC I returned in February.

According to a data breach, in May the Pennsylvania State Water Warning System notified personnel of two recent hacking attempts, and ransomware was installed on the system last summer in the Camrosa Aqueduct in Southern California. report..

Nationwide cybersecurity audits are likely to protect water treatment plants from further breaches, but the federal government has stated that it has no plans to do so, NBC reports.

Similar to the Bay Area cyberattack, Florida hackers broke into the facility’s computer through TeamViewer. Once hackers have access to their accounts, they can change the content of the chemicals used to process drinking water in the area.

Employees were able to immediately undo the changes in Florida hackers and protect the drinking water of more than 15,000 Oldsmer residents, officials said, but threats to further compromise the country’s water infrastructure. Always present.

“Water services are particularly problematic,” said Sae Yamamoto, a former chief cybersecurity officer at the Obama administration’s Department of Homeland Security.

“When I first entered the DHS and began receiving sector-specific briefings, my team said:” Here’s what you need to know about water facilities. One water supply When I saw the facility, I saw one water service facility. ‘

The NBC reports that the country’s water infrastructure is particularly vulnerable to this type of cyberattack, as there is no federal or centralized governing body overseeing each of the security systems of approximately 54,000 water services in the United States. doing.

To make matters worse, most water services in the United States are non-profit organizations, unlike the national power grid. This means that more rural areas have fewer employees on hand to catch this type of breach.

“Given the different sizes, capacities and technical capacities of all water utilities, it is very difficult to apply some sort of uniform cyber hygiene assessment,” said Mike, an analyst at the National Rural Water Association.・ Keegan says.

“You don’t have a good reputation for what’s really happening,” he added.

According to the NBC, the motives for cyberattacks on water systems in the Bay Area and Florida have not been revealed, but some officials have regularly targeted US industrial and infrastructure systems in China and Russia. Pointing to government-sponsored hackers.

“They are more fragmented, like the power grid, at a lower level than what we’re talking about,” he said. “If you can imagine a community center run by two old plumbers, it’s your average aquatic plant.”

Hackers in the Bay Area have not yet been identified, and authorities have not identified possible motivations for the January cyberattack.

Hackers in the Bay Area have not yet been identified, and authorities have not identified possible motivations for the January cyberattack.

Hackers in the Bay Area have not yet been identified, and authorities have not identified possible motivations for the January cyberattack.

Photo: Water dam and filtration system to manage the South San Francisco Bay Area wetlands that are part of Sunnyvale's water pollution control plant

Photo: Water Dam and Filtration System to Manage Wetlands in South San Francisco Bay Area, Part of Sunnyvale Water Pollution Control Plant

Photo: Water dam and filtration system to manage the South San Francisco Bay Area wetlands that are part of Sunnyvale’s water pollution control plant

An internal survey conducted by a cybersecurity and infrastructure security agency earlier this year revealed that one-tenth of water and sewerage facilities are vulnerable to cybersecurity, according to the NBC.

More than 80% of these vulnerabilities were discovered before 2017, suggesting that water service employees do not update their computer systems on a regular basis, the press added.

However, despite ongoing security breaches and issues, remote computer access does not seem to go anywhere.

“Remote access eliminates the need to manage the facility 24 hours a day,” said Darin Martin, technical assistant at the Kansas Regional Water Association.

“We have many remote waters that cover hundreds of miles. A man may need to drive 30 miles to turn on the pump and turn it off in 3 hours when the tank is full. No. He can do it all remotely. It saves money. “

Hacker tried to poison Ca. water supply by breaking into facility, manipulating water treatment Source link Hacker tried to poison Ca. water supply by breaking into facility, manipulating water treatment



Read More: Hacker tried to poison Ca. water supply by breaking into facility, manipulating