After the foiled hacker attack on the drinking water supply of a city in Florida, it became clear how poor the local IT security was.
In the course of processing the foiled hacker attack on the drinking water supply in the US town of Oldsmar, some hair-raising details came to light. According to official reports, not only could all the employees’ computers access the waterworks’ control system, they were all connected directly to the Internet without any protection, shared a password for remote access – via TeamViewer – and ran the Windows operating system, which was no longer supported 7. The search for the attackers continues. The local sheriff has asked the FBI and Secret Service for assistance.
Contamination of drinking water from a distance
The sheriff of the 15,000 population The city of Oldsmar in the US state of Florida made public on Monday that a hacker attack on the water supply had been thwarted last Friday. An employee at the groundwater treatment plant observed live how his mouse pointer moved as if by magic and changed the setting for the sodium hydroxide supply. Instead of 100 parts per million, 11,100 parts per million would have been added. The amount could have caused dangerous irritation, but there are still safeguards in the system that would have prevented the contaminated water from spreading. The employee reacted before the automatic alarm went off and thwarted the attack.
Observers now see the details that have already been made public about the lax security measures in the plant as confirmation that there is still a lot to be done in this area. Cyberscoop explains that waterworks in the USA have significantly less money at their disposal than other critical infrastructure systems. In addition, there is an outdated infrastructure and very few staff who deal with IT. Vice quotes cybersecurity experts, who above all warn against the careless use of TeamViewer for remote maintenance. This even increased during the corona pandemic. However, reference is repeatedly made to the fact that there are other safeguards in waterworks and that there was probably never any real danger.
The information on the IT equipment of the attacked facility comes from a communication from the US state of Massachusetts, among other things to local waterworks. There are also recommendations for improving IT security. According to ArsTechnica, the US federal police also listed the weaknesses. The attackers would have exploited this, it is said there, without becoming more specific. But Windows 7, for example, has not been supported by Microsoft for more than a year and is therefore also insecure. The former head of the US cyber security agency CISA, Chris Krebs, told US lawmakers this week that the hacker attack was “very likely”. on a “dissatisfied employee” go back.
Update 2/12/2021, 10:40 am: There is now even a “Joint Cybersecurity Advisory” the relevant US security authorities FBI, CISA, EPA and MS-ISAC on Compromise of U.S. Water Treatment Facility, which, among other things, once again explicitly points out the dangers of continued use of Windows 7.