Tag Archive for: florida

DNR warns Wisconsin water works to update security after Florida system hacked | State & Regional

/in




Water treatment hack

In this screen shot from a YouTube video posted by the Pinellas County Sheriff’s Office in Florida, Pinellas County Sheriff Bob Gualtieri addresses reporters during a news conference Monday. At left is Eric Seidel, the mayor of  Oldsmar, Fla.



ASSOCIATED PRESS


State and federal officials are warning all water utilities to upgrade their cybersecurity after hackers attempted to poison the water supply of a small Florida city, raising alarms about the vulnerability of the nation’s water systems.

The Wisconsin Department of Natural Resources cautioned Wisconsin’s 611 municipal water systems Wednesday to take steps to secure their computerized control systems, including installing firewalls and using strong passwords.

According to the DNR, on Feb. 5, unidentified hackers gained access to the control system at a water treatment plant in Oldsmar, Florida, and altered the supply of sodium hydroxide, or lye, a caustic chemical used in the water treatment process.

The hackers broke in twice on the same day, but in both cases workers at the treatment plant noticed the change and corrected the problem before the water was affected.

The DNR did not respond to questions about whether it is tracking utility responses to the recommended measures, which were outlined by the Environmental Protection Agency. Officials from the Madison and Sun Prairie water utilities, the largest in Dane County, could not be reached late Wednesday afternoon.

Suspicious incidents are rarely reported and usually are chalked up to mechanical or procedural errors, experts say. No federal reporting requirement exists, and state and local rules vary widely.

Source…

Outdated computer system exploited in Florida water treatment plant hack

/in


Investigators are still trying to determine who’s behind the hack.

February 10, 2021, 11:20 PM

4 min read

An outdated version of Windows and a weak cybersecurity network allowed hackers to access a Florida wastewater treatment plant’s computer system and momentarily tamper with the water supply, federal investigators revealed in a memo obtained by ABC News.

The FBI’s Cyber Division on Tuesday notified law enforcement agencies and businesses to warn them about the computer vulnerabilities, which led to the Bruce T. Haddock Water Treatment Plant in Oldsmar being hacked on Feb. 5.

The plant’s computer systems were using Windows 7, which hasn’t received support or updates from Microsoft in over a year, according to the FBI.

“The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,” investigators wrote in the report. “The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.”

The hacker was able to use remote access software to raise the levels of sodium hydroxide in the water from about 100 parts per million to 11,100 parts per million for a few minutes, according to investigators. Sodium hydroxide is used in liquid drain cleaners and used, in small doses, to remove metals from water.

A plant manager who noticed the hack as it unfolded was able to return the system to normal before there any major damage occurred, investigators said. The public was never in danger because it would have taken 24 to 36 hours for tainted water to hit the system if no one intervened.

The FBI and other law enforcement agencies are still trying to determine who was behind the…

Source…

Atlanta Water head orders security review of computer system after Florida hack

/in


Atlanta officials reviews city’s water security

The FBI is raising awareness nationwide after the water system in a Florida town suffered a cyberattack.

ATLANTASerious concerns are being raised across the country after a hacker gained control of a Florida city’s water processing plant. The Atlanta City Council took up the issue on Tuesday during their meeting.

The FBI, Secret Service, and various Florida law enforcement agencies are investigating the breach of the Oldsmar’s water system computer last Friday around 8 a.m. It lasted only 5 minutes, but the hacker was able to change the chemical formula to dangerous levels. The hacker pushed the sodium hydroxide mixture to a toxic level — from 100 ppm to 11,100 ppm.

A worker saw the manipulation and changed the chemicals back to normal.

Experts say the biggest threat if it wasn’t caught, would be to the skin.

Tuesday, Atlanta City Council Member Howard Shook asked tough questions of the Atlanta Watershed Management Commissioner Mikita Browning. Shook asked the water chief “what steps will you take to ensure our system is protected?”

Browning assured the city council every step necessary will be taken to protect the city’s water supply. She said she was aware of the intrusion into the Florida city’s computer water system and had already ordered a review of Atlanta’s security status.

A cybersecurity expert, Matthew Dunn, with Raxis, said water facilities have redundant tools to check the water quality before the water reaches your home. The plant in Oldsmar has a similar check.

Florida officials said the water plant’s system was connected to the internet to allow for legitimate, remote use. That system has since been disconnected.

Browning did not comment on if Atlanta’s system ties into the internet or to what degree.

WATCH: FOX 5 Atlanta live news coverage

_____

Sign up for FOX 5 email alerts

Download the FOX 5 Atlanta app for breaking news and weather alerts.

Source…

Hacker tried to poison Florida city’s water supply — GCN

/in


water treatment plant (People Image Studio/Shutterstock.com)

Hacker tried to poison Florida city’s water supply

  • By Susan Miller
  • Feb 09, 2021

As an employee at a water treatment plant watched, a hacker took control of his computer and changed chemical controls to dump lye into the drinking water of Oldsmar, Fla., a city of 15,000 near Tampa.

At about 8 a.m. on Feb. 5, a worker at the Oldsmar water treatment plant noticed that his computer was being remotely accessed by TeamViewer, a popular desktop control application that allows IT staff and supervisors to monitor operations and troubleshoot enterprise computers in remote locations. The worker “didn’t think much of it,” Pinellas County Sheriff Bob Gualtieri said at a Feb. 8 news conference, because such remote access was not unusual.

The intruder returned later that same day, moving the employee’s mouse to open functions that control water treatment protocols, including one that adjusts the amount of sodium hydroxide, or lye, in the water. The hacker changed that level from about 100 parts per million to 11,100 parts per million, potentially endangering Oldsmar residents. Fortunately, the operator who was watching the intruder’s movements immediately reduced the chemical to the appropriate level and notified a supervisor.

Such attacks on utility control systems are not unusual, according to Lesley Carhart, a principal threat analyst at Dragos, an industrial control system security firm. Carhart told Wired that even unsophisticated hackers can find thousands of connected systems with tools like Shodan, a search engine that lets users find specific types of internet-connected devices.

According to Carhart, water treatment and sewage plants are vulnerable targets, especially during the pandemic when some workers are remote and IT staff are under-resourced. It’s usually the complexity and redundancies built into industrial control systems that prevent hackers from causing serious consequences, she said.

Oldsmar’s water treatment plant has several redundancies in place to catch unexpected changes.

“If you change the…

Source…