FBI Investigating Hacker Attempt To Poison Bay Area Water: Report

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The NBC report marked the first time this hack was brought to light.

© Shutterstock
The NBC report marked the first time this hack was brought to light.

BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.

The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.

The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.


Load Error

NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.

The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.

Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.

The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”

These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.

Read more from NBC Bay Area and The Washington Post.

Continue Reading


Report: Active Directory Certificate Services a big security blindspot on enterprise networks

As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise.

“AD CS [Active Directory Certificate Services] is Microsoft’s PKI implementation that provides everything from encrypting file systems, to digital signatures, to user authentication (a large focus of our research), and more,” researchers Will Schroeder and Lee Christensen from security firm SpecterOps said in a new report. “While AD CS is not installed by default for Active Directory environments, from our experience in enterprise environments it is widely deployed, and the security ramifications of misconfigured certificate service instances are enormous.”

How AD CS works

AD CS is used to set up a private enterprise certificate authority (CA), which is then used to issue certificates that tie a user or machine identity or account to a public-private key pair, allowing that key pair to be used for different operations, such as file encryption, signing files or documents and authentication. AD CS administrators define certificate templates that serve as blueprints to how certificates are issued, to whom, for what operations, for how long and what cryptographic settings they have.

In other words, like in HTTPS, a certificate that is signed by the CA is proof that the AD infrastructure will trust a particular public-private key pair. So, to obtain a certificate from AD CS, an authenticated user or computer, generate a key pair and send the public key along with various desired settings to the CA as part of a certificate signing request (CSR). The CSR will indicate the user identity in the form of a domain account in the subject field, the template to be used to generate the certificate, and the type of actions for which the certificate is desired, which is defined in a field…


Bitglass Report Shows Enterprises Increasing Risk by Enabling BYOD

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Securing BYOD to prevent data loss/theft is a top concern.

A new Bitglass report shows that despite the surge in enterprises enabling bring your own device (BYOD), many are unprepared for the associated risks.

Bitglass’ 2021 BYOD Security Report show the rapid adoption of unmanaged personal devices connecting to work-related resources. It also highlights how organizations are ill-equipped to deal with growing security threats such as malware and data theft.

The Bitglass report is a joint venture with Cybersecurity Insiders. It surveyed hundreds of cybersecurity professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by the use of personal mobile devices.

The insights in this report are especially relevant. That’s because more enterprises are shifting to permanent remote work or hybrid work models. That means connecting more devices to corporate networks and, as a result, expanding the attack surface.

Enterprises Left Vulnerable

Anurag Kahol is CTO and co-founder of Bitglass.

Bitglass' Anurag Kahol

Bitglass’ Anurag Kahol

“Despite 82% of enterprises enabling BYOD to some capacity, many are still highly unprepared for the risks associated with unmanaged devices,” he said. “Fifty-one percent of the surveyed organizations don’t have any means of identifying vulnerabilities associated with malicious Wi-Fi on personal devices. Even more surprisingly, 49% are unsure or unable to detect whether malware has been downloaded in the last 12 months.”

Key findings from the Bitglass report:

  • BYOD is here to stay. Use of personal devices has helped businesses improve employee productivity and satisfaction, while also reducing costs. However, challenges associated with managing device access and mobile security remain.
  • Securing BYOD to prevent data loss/theft is a top concern. Respondents are most concerned about data leakage. Other apprehensions included users downloading unsafe apps or content, lost or stolen devices, and unauthorized access to company data and systems.
  • Enterprises are running blind when it comes to securing BYOD devices against modern security threats. For example, 22%  of…


Chinese Hack Targeted Verizon and Water Supplier: AP Report

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

  • China hacked into Pulse Connect Secure, which provides internet security for Verizon, among others. 
  • Sophisticated hackers were able to exploit never-before-seen vulnerabilities.
  • It’s unclear, what, if any sensitive information the hackers were able to ascertain. 
  • See more stories on Insider’s business page.

RICHMOND, Va. (AP) — A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical US entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer…