Posts

Hacker allegedly tried to poison San Francisco Bay Area water supply

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


A hacker allegedly tried to poison water being processed at a San Francisco Bay Area water treatment plant, according to an NBC News report late last week.

The attack took place on Jan. 15 and involved the person gaining access to the water treatment plant network by using a former employee’s TeamViewer account credentials. Having gained access to the plant, the person then deleted programs that the water plant uses to treat drinking water.

According to a confidential report compiled by the Northern California Regional Intelligence Center and seen by NBC, the hack was not discovered until the following day. The facility subsequently changed its passwords and reinstalled the programs. “No failures were reported as a result of this incident and no individuals in the city reported illness from water-related failures,” the report noted.

Michael Sena, the executive director of NCRIC, denied the report. “No one tried to poison any of our water. That is not accurate,” Sena told the San Franciso Chronicle, noting that tampering with computer programs would be unlikely to result in poisoning.

“It takes a lot to influence a water supply chain,” Sena explained. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…. The numbers are astronomical.”

The Bay Area’s water supply threat is not the first compromise of a treatment plant and will likely not be the last. In February, an unknown attacker accessed a water treatment plant in Oldsmar, Florida, and attempted to poison the water supply by increasing the flow of sodium hydroxide to toxic levels. In that case, the attacker was detected before the water supply could be affected.

“While it’s important to keep an eye on major events, we should also avoid oversensationalized headlines intended to spread fear,” Chris Grove, technology evangelist at critical infrastructure security specialist Nozomi Networks Inc., told SiliconANGLE. “Some headlines are taking the action of deleting code and jumping to attempted mass poisoning. There was not an attempt at poisoning the water supply.”

That said, he added, “this…

Source…

Hacker Accessed Bay Area Water Treatment Computer System

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


(TNS) — A hacker accessed the computer system of a Bay Area water treatment plant in January and deleted programs the plant used to treat drinking water, a senior intelligence official confirmed Thursday.

NBC News first reported Thursday that the unidentified hacker used a former plant employee’s username and password to gain entry to the unidentified Bay Area water treatment facility on Jan. 15.

Michael Sena, executive director of the Northern California Regional Intelligence Center, confirmed NBC’s report about the security breach, but declined to say where it occurred or who carried it out.


Sena also declined to say whether the hacker would face criminal prosecution.

The NBC report stated that the hacker “tried to poison” the Bay Area water supply, an assertion Sena disputed.

“No one tried to poison any of our water,” he said. “That is not accurate”

Tampering with the computer programs used to treat drinking water would be unlikely to result in any widespread poisoning, Sena said.

“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…the numbers are astronomical.”

The Jan. 15 hack represented “no specific threat to public safety,” he added.

News of the breach comes as officials continue to investigate May’s Colonial Pipeline cyber attack, which shuttered gas stations from Texas to New Jersey and raised new concerns about the vulnerability of American infrastructure.

The San Francisco-based Northern California Regional Intelligence Center works with the Department of Homeland Security and the FBI to track suspicious activity, criminal activity and threats to the region’s infrastructure.

© 2021 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.

Source…

Sophos Discovers Malware That Blocks The Pirate Bay

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


(Photo: Getty Images)

Sophos has revealed new malware with a curious goal: preventing its victims from pirating software. The company says this digital vigilante, which is similar to a malware family discovered over a decade ago, modifies the infected system’s HOSTS file to block access to The Pirate Bay and other piracy-related sites.

“Modifying the HOSTS file is a crude but effective method to prevent a computer from being able to reach a web address,” SophosLabs Principal Researcher Andrew Brandt says in a blog post. “It’s crude because, while it works, the malware has no persistence mechanism. Anyone can remove the entries after they’ve been added to the HOSTS file, and they stay removed (unless you run the program a second time).”

The malware is said to spread via the Discord communications platform by masquerading as pirated copies of popular games. Brandt says it’s also distributed over BitTorrent in bundles “named after popular games, productivity tools, and even security products” that include other files whose sole purpose is to make the malware “appear to have originated with a well-known file sharing account on ThePirateBay.”

After the malware is downloaded it sends two HTTP GET requests to a now-inactive domain. The first request fetches a second payload called “ProcessHacker.jpg” that includes a kill-switch to prevent the malware from operating on devices containing files named “7686789678967896789678” and “412412512512512.” The files themselves can be empty; they simply have to use those names.

The second request “uses a query string to send the filename of the executable that was run to the website’s operators,” Brandt said, which would have allowed them to learn more about what kinds of files people are trying to pirate. That effort appears to have been dropped—Brandt says the server to which the HTTP GET requests were sent “no longer responds to requests, nor has a DNS record.”

Recommended by Our Editors

Sophos has updated its security products to defend against this malware. Brandt says anyone who’s already been affected by the campaign can manually restore their access to the websites it blocked by running Notepad as an administrator and “modifying the…

Source…

FBI Investigating Hacker Attempt To Poison Bay Area Water: Report

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360




The NBC report marked the first time this hack was brought to light.


© Shutterstock
The NBC report marked the first time this hack was brought to light.

BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.

The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.

The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.

Loading...

Load Error

NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.

The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.

Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.

The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”

These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.

Read more from NBC Bay Area and The Washington Post.

Continue Reading

Source…