The water in a Tampa Bay plant was hacked remotely, raising the lye to dangerous levels

Originally published at: The water in a Tampa Bay plant was hacked remotely, raising the lye to dangerous levels | Boing Boing

…

Nothing draws people to your cause, like mass murder…

question: why does everything need to be connected to the Internet?

Was this planned to coincide with the superbowl?

Maybe? But it does not seem like it would have had a direct impact. The attack was Friday and was in Oldsmar (pop ~15K) which is about 10 miles from the stadium.

Hm. Maybe it was low hanging fruit near a location that was going to have an influx of people and be in the news? Could also be a test run for a bigger attack on a bigger location, too?

So in the short historical term, this is for generally good reasons: remote connectivity monitoring/etc of remote sites. You’ve got fifty of these water treatments plants in a state, you have a way to know how they’re all doing at once.

However, leaving these endpoints exposed is a problem for reasons just like we’re seeing here! So, there’s been work in governments and other places to setup Airgapped environments where you have essentially a private network with a really protected egress system (as in, data can leave through really protected means - historically through paper reports/etc, but it physically cannot enter.) For a power plant/etc, this might be a much better option as you can still get periodic updates, but without the possibility of there being problems.

That being said; secure environments like this are hard to do.

Air gap (networking) - Wikipedia for some details

But for one glorious moment it was possible to make high-quality soft pretzels using regular tap water.

Believe the lye!

Totally possible, but the optimist in me hopes for something comparatively dumb, like a disgruntled local wanted “revenge” against the utility because they dug up his garden.

Someone came very close to poisoning a whole town. NBD, our infrastructure is fine, don’t worry about it.
/runs screaming

I’d argue the headline is slightly misleading (and perhaps factually incorrect) as apparently the hack was caught well before any dangerous water made it to anyone’s tap, for that matter, it was caught when the guy at the control terminal realized the terminal was comprimised when the mouse started moving on its own.

Still really scary, but not anywhere near as bad as the headline makes it sound,

EDIT

It would have taken about 24-36 hours for the chemical to reach the city’s population and prior to that, officials say automated PH testing safeguards would have sounded an alarm to operators.

One of the great advantages of the post-trump era is that we can start correcting the linguistic slide to everything meaning nothing.

Apparently the hackers used TeamViewer to remotely manipulate the systems. is it just me, or does TeamViewer have a spotty reputation?

were gift cards involved?

That’s… not encouraging. The hacker was in the system multiple times, but only was noticed because eventually someone was logged into the very system that was being remotely controlled, and happened to be looking at the screen at that moment.

Totally foolproof… unless someone got into the system and hacked those, of course. Or disabled the alarm, or…

Also, “it takes 24 hours for the chemical to reach the city’s population” probably also means “for 24 hours we sit helplessly, watching the chemical wind its way through our system, doing damage to our pipes, hoping we can contact everyone in the city and make them understand they can’t drink the water.”

TeamViewer is just a remote desktop tool with more features than RDP; it’s not inherently spotty or anything. I’ve known plenty of people in IT that have used it.

Lots of scammers use the built-in windows RDP stuff as well.

Would there ever be a reason to set the level to 11,100 ppm? Shouldn’t the system alarm or require confirmation (from a second operator) for a change so far out of the normal range? Wouldn’t that offer some protection against not only a malicious actor but also plain old operator error (like a typo)?

The FBI is following some leads, but haven’t even determined yet whether the hacker(s) is domestic or foreign.

Does it matter?

(I guess it does help determine whether the “answer” is drone strike vs no-knock warrant)

I’m thinking the bigger question is whether is was some random black hat breaking into the system and then seeing what they could do, or an organized effort whether on the part of state or non-state actors. The vulnerabilities of internet connected utilities has been a serious concern for so-called “cyber” security (I really really hate that idiotic buzzword, but I digress) strategists.