[ad_1]
Around 8 o’clock On Friday morning, an employee at a water treatment plant in the city of Oldsmar, Florida, which has a population of 15,000, noticed his mouse cursor moving strangely across his computer screen, out of his control, as the local police would tell him later. Initially, he was not concerned; the plant used TeamViewer remote access software to allow staff to share screens and troubleshoot IT issues, and his boss would often log into his computer to monitor plant systems.
But a few hours later, according to police, the plant operator noticed that his mouse was once again out of his control. This time around, there would be no illusion of benign surveillance from a supervisor or computer scientist. The cursor began to click on the controls of the treatment plant. Within seconds, the intruder was attempting to change the levels of sodium hydroxide in the water supply, also known as lye or caustic soda, increasing the setting from 100 parts per million to 11,100 parts per million. At low concentrations, the corrosive chemical regulates the PH level of drinking water. At high levels, it severely damages all the human tissues it touches.
According to city officials, the operator quickly spotted the intrusion and brought the sodium hydroxide back to normal levels. Even if he hadn’t, the poisoned water would have taken 24 to 36 hours to reach the city’s population, and automated pH testing protective measures would have set off an alarm and captured the change before no one gets hurt, they say.
But if the events described by local officials are confirmed – they have yet to be corroborated firsthand by external security auditors – they could well represent a rare and publicly reported cyber intrusion aimed at actively sabotaging the systems that control the critical infrastructure of an American city. “It’s dangerous stuff,” said Bob Gualtieri, the Pinellas County, Florida sheriff, of which Oldsmar is a part, at a press conference Monday afternoon. “He is someone who is trying, it seems on the surface, to do something wrong.”
During a follow-up call with WIRED, Gualtieri said the hacker appears to have compromised the water treatment plant’s TeamViewer software to remotely access the target computer, and network logs confirm the story. of the operator taking control of the mouse. But the sheriff didn’t have much else to share about how the hacker gained access to TeamViewer or gained initial access to the plant’s computer network. It also did not provide any details on how the intruder broke into the so-called operational technology network that controls physical equipment in industrial control systems and is usually separate from the computer network connected to the Internet.
Gualteri said the city’s own forensic investigators, as well as the FBI and Secret Service, were looking for those answers. “That’s the million dollar question, and it’s a matter of concern because we don’t know where the hole is and how sophisticated these people are,” Gualteri said. “Is it from down the street or from outside the country? No idea.”
Security professionals have long advised not only to separate IT and OT networks for maximum security, but also to limit or, ideally, eliminate all connections of operational technology systems to the Internet. But Gualteri admitted that the factory’s OT systems were accessible from the outside, and all evidence points to the attacker accessing them from the internet. “There is merit to the point that critical infrastructure components do not have to be connected,” said Gualteri. “If you are logged in, you are vulnerable.”
Gualteri said the water treatment facility has uninstalled TeamViewer since the attack, but he could not otherwise comment on other security measures the plant was taking to remove intruder access or prevent an intruder. other violation. He added that officials have warned all government organizations in the Tampa Bay area to review their security protocols and make updates to protect themselves. “We want to make sure that everyone realizes that these kinds of bad actors exist. This is happening,” Oldmar Mayor Eric Seidel said at a press conference. “So really look at what you have in place.”
[ad_2]
