Tag Archive for: area

Hacker allegedly tried to poison San Francisco Bay Area water supply

/in


A hacker allegedly tried to poison water being processed at a San Francisco Bay Area water treatment plant, according to an NBC News report late last week.

The attack took place on Jan. 15 and involved the person gaining access to the water treatment plant network by using a former employee’s TeamViewer account credentials. Having gained access to the plant, the person then deleted programs that the water plant uses to treat drinking water.

According to a confidential report compiled by the Northern California Regional Intelligence Center and seen by NBC, the hack was not discovered until the following day. The facility subsequently changed its passwords and reinstalled the programs. “No failures were reported as a result of this incident and no individuals in the city reported illness from water-related failures,” the report noted.

Michael Sena, the executive director of NCRIC, denied the report. “No one tried to poison any of our water. That is not accurate,” Sena told the San Franciso Chronicle, noting that tampering with computer programs would be unlikely to result in poisoning.

“It takes a lot to influence a water supply chain,” Sena explained. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…. The numbers are astronomical.”

The Bay Area’s water supply threat is not the first compromise of a treatment plant and will likely not be the last. In February, an unknown attacker accessed a water treatment plant in Oldsmar, Florida, and attempted to poison the water supply by increasing the flow of sodium hydroxide to toxic levels. In that case, the attacker was detected before the water supply could be affected.

“While it’s important to keep an eye on major events, we should also avoid oversensationalized headlines intended to spread fear,” Chris Grove, technology evangelist at critical infrastructure security specialist Nozomi Networks Inc., told SiliconANGLE. “Some headlines are taking the action of deleting code and jumping to attempted mass poisoning. There was not an attempt at poisoning the water supply.”

That said, he added, “this…

Source…

Hacker Accessed Bay Area Water Treatment Computer System

/in


(TNS) — A hacker accessed the computer system of a Bay Area water treatment plant in January and deleted programs the plant used to treat drinking water, a senior intelligence official confirmed Thursday.

NBC News first reported Thursday that the unidentified hacker used a former plant employee’s username and password to gain entry to the unidentified Bay Area water treatment facility on Jan. 15.

Michael Sena, executive director of the Northern California Regional Intelligence Center, confirmed NBC’s report about the security breach, but declined to say where it occurred or who carried it out.


Sena also declined to say whether the hacker would face criminal prosecution.

The NBC report stated that the hacker “tried to poison” the Bay Area water supply, an assertion Sena disputed.

“No one tried to poison any of our water,” he said. “That is not accurate”

Tampering with the computer programs used to treat drinking water would be unlikely to result in any widespread poisoning, Sena said.

“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…the numbers are astronomical.”

The Jan. 15 hack represented “no specific threat to public safety,” he added.

News of the breach comes as officials continue to investigate May’s Colonial Pipeline cyber attack, which shuttered gas stations from Texas to New Jersey and raised new concerns about the vulnerability of American infrastructure.

The San Francisco-based Northern California Regional Intelligence Center works with the Department of Homeland Security and the FBI to track suspicious activity, criminal activity and threats to the region’s infrastructure.

© 2021 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.

Source…

FBI Investigating Hacker Attempt To Poison Bay Area Water: Report

/in




The NBC report marked the first time this hack was brought to light.

© Shutterstock
The NBC report marked the first time this hack was brought to light.

BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.

The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.

The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.

Loading...

Load Error

NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.

The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.

Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.

The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”

These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.

Read more from NBC Bay Area and The Washington Post.

Continue Reading

Source…

Former Dallas area ADT technician gets prison time for hacking into customers’ home security video feeds

/in


Sarah Freele said she hired ADT for her family’s safety and peace of mind.



A former ADT technician from the Dallas area will spend a little more than four years in federal prison for illegally accessing customers' accounts and watching live feeds from their home security cameras that he installed.

© Ryan Michalesko/Staff Photographer
A former ADT technician from the Dallas area will spend a little more than four years in federal prison for illegally accessing customers’ accounts and watching live feeds from their home security cameras that he installed.

But the technician who worked on her home security cameras, she said, might as well have been hiding in her bedroom closet for months, peaking through a crack in the door.

Loading...

Load Error

That former ADT employee, Telesforo Aviles, was sentenced Wednesday to a little more than four years in federal prison for illegally accessing the security cameras of Freele and more than 200 other ADT customers.

“He was logged onto my bedroom camera five times a day,” Freele told U.S. District Judge Brantley Starr at the sentencing hearing in Dallas. “He saw it all… Every intimate moment.”

Aviles, 35, faced a maximum of five years in prison for computer fraud under the terms of his plea agreement, in which he admitted to accessing customer accounts over 9,600 times since 2015.

He was cuffed and taken into custody to begin serving his sentence following the hearing.

The quiet and introverted technician, a senior supervisor with 17 years at ADT, was caught last year after the company was alerted by a customer to suspicious activity, said his lawyer, Tom Pappas. Aviles, who is married with five children, turned himself in when he was asked to, Pappas said.

“He’s mortified by what he did,” Pappas said. “He sees what he did as a betrayal of himself, too.”

Of the nearly 10,000 images Aviles accessed, about 40 were “sexual in nature” and none involved children, Pappas said.

An ADT spokesman said the company had no comment.

Assistant U.S. Attorney Sid Mody had asked Starr to give Aviles the maximum sentence, saying that while 217 accounts were accessed, the total number of victims is much higher given that each household had multiple family members. That violation, he said, destroyed “in the worst way” their sense of feeling safe and secure at home.

“That’s going to affect them for the rest of their lives,” Mody told the…

Source…