Hacker tried to poison Ca. water supply by breaking into facility, manipulating water treatment


Hacker tried to poison the water California A new report has come to light when an attempt was made to remove an employee’s login information and remove a treatment schedule at a Bay Area facility.

The suspect, unidentified or not arrested, launched an attack on an unspecified facility on January 15, but was found shortly the next day.

Later, a report from the Northern California Regional Information Center revealed how easy it was for hackers to break into the system.

According to the report, the attacker somehow obtained the TeamViewer login credentials of a former employee. This allows users to remotely access their computer. CNB Report.

Then I removed a computer program designed to treat the area’s drinking water.

The hacker’s attack was only stopped after the institution changed all passwords before reinstalling and updating the program, but the breach is still being investigated by the FBI.

“No outages (of the system) have been reported as a result of this incident, and no individual in the city has reported illness due to water related disturbances,” the report said.

This is one of many recent cyberattacks on U.S. water infrastructure, and authorities are struggling across the country.

Photo: Sunol Valley Waterworks in Sunol, California. It provides water to thousands of customers in the Bay Area. The exact breached facility has not been identified by authorities

The attacker somehow obtained the TeamViewer login credentials of a former employee.  This allows users to remotely access their computer.

The attacker somehow obtained the TeamViewer login credentials of a former employee. This allows users to remotely access their computer.

Photo: San Francisco Regional Wastewater Treatment Plant, another Bay Area water treatment plant in Pleasanton, California.

Photo: San Francisco Regional Wastewater Treatment Plant, another Bay Area water treatment plant in Pleasanton, California.

Just weeks after a cyberattack on a water facility in the Bay Area, hackers broke into Florida’s Oldsmer water supply and programmed the system to raise the level of underwater rye from 100 to 11,100 parts per million.

Above 10,000, it can lead to dysphagia, nausea / vomiting, abdominal pain and even gastrointestinal damage, said Dr. Kelly Johnson Arbor, medical toxicologist at the National Capital Toxicology Center. CNB I came back in February.

According to a data breach, in May, the Pennsylvania State Water Warning System notified staff of two recent hacking attempts, and ransomware was installed on the system last summer in the Camrosa aqueduct in Southern California. report..

Nationwide cybersecurity audits are likely to protect water treatment plants from further breaches, but the federal government has said it has no plans to do so, NBC reports.

Similar to the Bay Area cyberattack, hackers from Florida broke into the facility’s computer via TeamViewer. Once hackers have access to their accounts, they can change the content of chemicals used to treat drinking water in the area.

Employees were able to immediately reverse changes to Florida hackers and protect the drinking water of more than 15,000 Oldsmer residents, officials said, but threats to further compromise the nation’s water infrastructure. Always present.

“Water services are particularly problematic,” said Sae Yamamoto, former head of cybersecurity in the Obama administration’s Department of Homeland Security.

“When I first entered DHS and started receiving industry-specific briefings, my team said, ‘Here’s what you need to know about water supply facilities. A water supply When I saw the installation, I saw a water service installation. ‘

NBC reports that the country’s water infrastructure is particularly vulnerable to this type of cyber attack, as there is no federal or centralized governing body overseeing each of the security systems of around 54,000 water services. water in the United States. Make.

To make matters worse, most water utilities in the United States are non-profit organizations, unlike the national electricity grid. This means that more rural areas have fewer workers available to catch this type of breach.

“Considering the different sizes, capacities and technical capabilities of all water utilities, it is very difficult to apply some kind of uniform cyber hygiene assessment,” said Mike, analyst at the National Rural Water Association. . ・, Says Keegan.

“You don’t have a good reputation for what’s really going on,” he added.

NBC says the motives for cyber attacks on Bay Area and Florida water supply systems have not been disclosed, but some officials have routinely targeted U.S. industrial and infrastructure systems in China and Russia. . Pointing to government sponsored hackers.

“They are more fragmented, like the power grid, at a lower level than what we are talking about,” he said. “If you can imagine a community center run by two old plumbers, this is your average water plant.”

Bay Area hackers have yet to be identified and authorities have not identified possible motivations for the January cyberattack.

Bay Area hackers have yet to be identified and authorities have not identified possible motivations for the January cyberattack.

Photo: Water dam and filtration system to manage the southern San Francisco Bay Area wetlands that are part of the Sunnyvale <a class=Water Pollution Control Plant” class=”blkBorder img-share” style=”max-width:100%”/>

Photo: Water dam and filtration system to manage the southern San Francisco Bay Area wetlands that are part of the Sunnyvale Water Pollution Control Plant

An internal investigation by a cybersecurity and infrastructure security agency earlier this year found that a tenth of water and sanitation facilities are vulnerable to cybersecurity, according to NBC.

More than 80% of these vulnerabilities were discovered before 2017, suggesting that water department employees do not regularly update their computer systems, the press added.

However, despite the security holes and ongoing issues, remote access to computers doesn’t seem to be going anywhere.

“Remote access eliminates the need to manage the facility around the clock,” said Darin Martin, technical assistant at the Kansas Regional Water Association.

“We have many remote waters that cover hundreds of kilometers. A man may need to travel 30 miles to turn the pump on and turn it off in 3 hours when the tank is full. No. He can do everything remotely. It saves money. “

Hacker tried to poison Ca. water supply by breaking into facility, manipulating water treatment Hacker tried to poison Ca. water supply by breaking into facility, manipulating water treatment


About Edward Fries

Check Also

Horry-Georgetown Technical College offers pre-police academy training to newly hired officers

CONWAY SC (WBTW) – Horry-Georgetown Technical College hopes to ease the county’s shortage of police …

Leave a Reply

Your email address will not be published.