Hacker allegedly tried to poison San Francisco Bay Area water supply

A hacker allegedly tried to poison water being processed at a San Francisco Bay Area water treatment plant, according to an NBC News report late last week.

The attack took place on Jan. 15 and involved the person gaining access to the water treatment plant network by using a former employee’s TeamViewer account credentials. Having gained access to the plant, the person then deleted programs that the water plant uses to treat drinking water.

According to a confidential report compiled by the Northern California Regional Intelligence Center and seen by NBC, the hack was not discovered until the following day. The facility subsequently changed its passwords and reinstalled the programs. “No failures were reported as a result of this incident and no individuals in the city reported illness from water-related failures,” the report noted.

Michael Sena, the executive director of NCRIC, denied the report. “No one tried to poison any of our water. That is not accurate,” Sena told the San Franciso Chronicle, noting that tampering with computer programs would be unlikely to result in poisoning.

“It takes a lot to influence a water supply chain,” Sena explained. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…. The numbers are astronomical.”

The Bay Area’s water supply threat is not the first compromise of a treatment plant and will likely not be the last. In February, an unknown attacker accessed a water treatment plant in Oldsmar, Florida, and attempted to poison the water supply by increasing the flow of sodium hydroxide to toxic levels. In that case, the attacker was detected before the water supply could be affected.

“While it’s important to keep an eye on major events, we should also avoid oversensationalized headlines intended to spread fear,” Chris Grove, technology evangelist at critical infrastructure security specialist Nozomi Networks Inc., told SiliconANGLE. “Some headlines are taking the action of deleting code and jumping to attempted mass poisoning. There was not an attempt at poisoning the water supply.”

That said, he added, “this…