- #BREACHED WATER PLANT USED SAME TEAMVIEWER SOFTWARE#
- #BREACHED WATER PLANT USED SAME TEAMVIEWER PASSWORD#
- #BREACHED WATER PLANT USED SAME TEAMVIEWER WINDOWS 7#
- #BREACHED WATER PLANT USED SAME TEAMVIEWER WINDOWS#
The dongles were highly controlled and never, ever, left in a computer. It took a dongle to change those limits as we applied them to get them outside the set parameters. Limits can and were set in the system for us. This isn’t even talking about the lack of updating the operating system and I suspect if the OS was not updated, neither was the SCADA system. Since health and welfare of the employees as well as the facility and the environment, depended on not only computer controls through SCADA but also physical secondaries as backups, not tied to the computer, it is beyond belief that something such as this was not looked at with safety in mind from the start of the design of how the SCADA system would function at this water plant. It uses what is known as latter logic for it’s performance, or at least did in the capacity I used it in. ( ) Collapse replies (4) Reply View in chronology Everything would be perfect if we just ran everything like the farmers, there wouldn’t be any worry about water pollution as they’re all just so responsible. ( ) EPA Superfund sites? ( ) All the fault of the public sector.Īnd thank god that there’s no government control of farming, everyone knows farmers are amazingly responsible, never overusing fertiliser, pesticide or antibiotics and they’re always super careful when it comes to the handling of chemicals and waste. ( ) Private companies always run the tightest ships when it comes to safety, they never decide that paying fines is cheaper than fixing problems, even if they cost human lives ( ), and there sure aren’t any cases of corporate entities causing massive environmental disasters and used legal loopholes to walk away without suffering any consequences, having shoved the cleanup costs onto the public.
#BREACHED WATER PLANT USED SAME TEAMVIEWER WINDOWS#
In an era where there is an extreme lack of trust in government, dumb stuff like this acts as a supercharger.įiled Under: florida, scada, security, shared passwords, water plant, windows 7Īs everyone knows, the security in private companies is always flawless, this sort of thing never, ever happens when there’s a profit motive. It’s a water treatment plant for an entire city. In larger doses, the chemical is a health hazard.Ĭhristopher Krebs, the former head of the Cybersecurity and Infrastructure Security Agency, reportedly told a House of Representatives Homeland Security committee on Wednesday that the breach was “very likely” the work of “a disgruntled employee.” Lye is used in small amounts to adjust drinking water alkalinity and remove metals and other contaminants. The person on the other end changed the amount of lye added to the water from about 100 parts per million to 11,100ppm. The breach occurred around 1:30pm, when an employee watched the mouse on his city computer moving on its own as an unknown party remotely accessed an interface that controlled the water treatment process. Instead, the save in all of this came from the meatware that was fortunately sitting at the machine and actively watching. So there, again, was poor administration of the environment, with an antiquated remote access application not being removed from the production environment.
On top of the above, it appears that TeamViewer hadn’t been actively used by the staff there for nearly six months.
#BREACHED WATER PLANT USED SAME TEAMVIEWER SOFTWARE#
And to not have any client security, such as a local software firewall, on such a machine is IT malpractice. That is doubly so for any systems that are critical, or which have access to critical systems. Have your computer systems on operating systems that are under active support and are being patched. If you’re not in the IT space, this is base level stuff.
#BREACHED WATER PLANT USED SAME TEAMVIEWER PASSWORD#
What’s more, the computer had no firewall installed and used a password that was shared among employees for remotely logging in to city systems with the TeamViewer application.
#BREACHED WATER PLANT USED SAME TEAMVIEWER WINDOWS 7#
The answer, as is far too often the case, is poor security practices at the treatment plant.Īccording to an advisory from the state of Massachusetts, employees with the Oldsmar facility used a computer running Windows 7 to remotely access plant controls known as a SCADA-short for “supervisory control and data acquisition”-system. Once the dangerous part of all of this was over, attention rightfully turned to figuring out how in the world this happened. While those changes were remediated manually by onsite staff, it should be noted that this represents an outside attacker attempting to literally poison an entire city’s water supply. Fri, Feb 12th 2021 07:39pm - Timothy Geignerīy now, you have likely heard about the recent hack into a Florida water treatment plant which resulted in the attacker remotely raising the levels of sodium hydroxide to 100 times the normal level for the city’s water supply.
0 kommentar(er)
