I disagree. I certainly could be terrorists. But it could also be some script kiddie. If it turns out it was an act of political violence, then I would agree it’s terrorism even if it’s an act of aggression by state-level actors. And either way, it’s long past due we start acknowledging that states (the US included and frankly especially) engage in terrorism.
5 Likes
Mmm, but that’s still a 2x2 matrix (initiated outside CONUS/initiated inside CONUS on one axis, and sightseer/hostile on the other)
edit: … and drone strike is still the ‘answer’ for two of those boxes, and no knock warrant for the other two.
3 Likes
I would say that attempting to poison the water supply of 15,000 people is pretty cut and dry terrorism. At the very least, it ain’t hacking.
8 Likes
It’s attempted mass poisoning. To me, terrorism has a peculiar meaning of using mass terror to achieve political or socioeconomic ends. If it was some dumbass breaking into the network for cred then yes, they should be held accountable. But that wouldn’t be terrorism. YMMV.
5 Likes
Ok, I can accept that. It’s just frustrating to see how much we’ve allowed discourse to slide in an attempt to seem civil while the monsters get to define entirely contrary usages.
5 Likes
Aye, but reflexively labelling everything that affects, or could affect, more than two people as ‘terrorism’ doesn’t do a lot to arrest that slide.
3 Likes
I agree. The “problem” with TeamViewer is its built-in remote connectivity feature that makes endpoints accessible from the Internet. It’s an added risk that is often improperly addressed. But it’s also what makes it a great remote support tool.
From the small tidbits of information available so far, it’s obvious that “mistakes were made” in basic operational security practices. But mostly they appear to be failures to follow the axiom of use the right tool for the job.
Update The FBI reports that the water plant’s network had no firewall, the computers were running an old unsupported version of Windows, and the employees all shared the same TeamViewer account/password. This is bad network security in the same way going on a 2 week vacation and leaving your house unlocked with a sign in the front yard reading FREE STUFF INSIDE is bad physical security.
4 Likes
I don’t agree that terrorism has to have a specific goal - to me what makes something terrorism is the disproportionate personal fear that is inspired by the act. For example - the Tylenol killer or that guy who sent anthrax in the mail. The goal was to make people afraid. I don’t think anyone is made afraid because of this, though, so I’m still on board with not calling it terrorism until we know a little more about the motive.
2 Likes
I figured that’s where you were coming from. And I agree. What happened at the US Capitol, for instance, is domestic terrorism.
5 Likes
I say no jail time them just give this person life in flint michigan while banning them from purchasing or having any access to bottled water.
1 Like
Sorry, can’t condone torture.
4 Likes
How long have we known about this kind of problem?
2 Likes
Iirc Windows home, which is perfectly suitable for most people, doesn’t have an RDP client. thus teamviewer.
Five years old, but I expect that some lessons are too expensive to implement.
3 Likes
Since at least 2005. And I seriously doubt that’s the first time it occurred to anyone.
4 Likes
It’s cheaper. DoD has “high-side” networks that are air-gapped. Not so for public infrastructure… 
4 Likes
No no that’s “shock and awe.” /s
3 Likes
Actually, we utilized Zoom today during a routine project meeting, and our executive in command was provided by the organizer with remote control of the meeting, was able to access the organizer’s desktop, including, but not limited to Windows Explorer, which, as you could image, could potentially offer access to the roots.
Thanks to President Obama’s Executive Order 13636, Supervisory Control and Data Acquisition systems (aka “SCADA” systems) for water utilities and other critical infrastructure are being moved quickly to isolated networks. SCADA systems shall have “air gaps” and shall not be connected to the internet. If anyone outside of the Central Control operator for the water utility is able to gain access to chlorine injectors, there is a non-trivial problem that requires immediate attention and action.
6 Likes
Also there were additional failsafes further downstream in the plant that would have caught the pH imbalance. These systems are engineered for robustness and are less vulnerable than people fear, but we should still protect them better, of course.
2 Likes
