Tag Archive for: Water

FBI Investigating Hacker Attempt To Poison Bay Area Water: Report

/in




The NBC report marked the first time this hack was brought to light.

© Shutterstock
The NBC report marked the first time this hack was brought to light.

BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.

The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.

The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.

Loading...

Load Error

NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.

The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.

Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.

The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”

These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.

Read more from NBC Bay Area and The Washington Post.

Continue Reading

Source…

Verizon, Southern California Water Supplier Among Those hit in Suspected Chinese Hack

/in


Verizon and the Metropolitan Water District of Southern California were two high-value targets hit by a suspected Chinese-backed hack that was first brought to the public’s attention in April, the Associated Press reported.



a group of people walking down the street: Pedestrians cross Herald Square in front of a Verizon Wireless store in New York on Friday, March 18, 2016. Verizon was one of the high-value targets in the Pulse cyberespionage campaign.

© Richard Levine/Corbis via Getty Images
Pedestrians cross Herald Square in front of a Verizon Wireless store in New York on Friday, March 18, 2016. Verizon was one of the high-value targets in the Pulse cyberespionage campaign.

Pulse Connect Secure networking devices are used by many companies and governments to allow secure remote access to their networks and those were the targets of the hacks. The Chinese government was suspected of backing the hacks, but China has denied any role.

Loading...

Load Error

Verizon, which has over 120 million subscribers through Verizon Wireless, said a Pulse-related compromise was found in one of its labs. The hack was quickly dealt with, and Verizon said no data or customer information had been accessed or stolen.

“We know that bad actors try to compromise our systems,” said Verizon spokesman Rich Young. “That is why internet operators, private companies and all individuals need to be vigilant in this space.”

The Metropolitan Water District of Southern California, the country’s largest water agency, provides water to 19 million people and operates some of the largest treatment plants worldwide, reported it also found a compromised device after an alert issued in April.

The device was immediately removed from service and spokeswoman Rebecca Kimitch said there was “no known data exfiltration” and no systems or processes were known to be affected.

The Associated Press reported earlier this month that the country’s largest subway system in New York City was also breached during the hack.

For more reporting from the Associated Press, see below.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss,…

Source…

Chinese Hack Targeted Verizon and Water Supplier: AP Report

/in


  • China hacked into Pulse Connect Secure, which provides internet security for Verizon, among others. 
  • Sophisticated hackers were able to exploit never-before-seen vulnerabilities.
  • It’s unclear, what, if any sensitive information the hackers were able to ascertain. 
  • See more stories on Insider’s business page.

RICHMOND, Va. (AP) — A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical US entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer…

Source…

Oldsmar water plant intrusion occurred after code exposure: firm

/in


The incident “highlights the importance of controlling access to untrusted websites,” security company Dragos wrote.

OLDSMAR, Fla. — A person on the city of Oldsmar’s computer network went to a website that had been compromised with malicious code on the same day someone accessed its water system and changed chemical levels to poisonous levels, security company Dragos said in a blog post.

Although the code likely did not lead to the actual intrusion, the company in part said the threat “does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites.”

Pinellas County Sheriff Bob Gualtieri announced Monday, Feb. 8, that on the previous Friday, an operator at Oldsmar’s water treatment plant noticed the cursor on his computer screen moving around. It was during this instance that the person on the other end was making changes to the facility’s systems and controls.

RELATED: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s city water system, sheriff says

Those adjustments, if they weren’t caught in time, could have poisoned the water supply for a city of about 15,000 people. The intruder changed levels of sodium hydroxide, or lye, from 100 parts per million to 11,100 parts per million. The chemical helps to control pH levels in the water but at such a high level, it is considered corrosive to any human tissue it touches.

Author Kent Backman with Dragos wrote the company in its investigation discovered the malicious computer code on the website of an unnamed Florida water utility contractor. The code was placed seemingly to target water utilities and, as Dragos found, had been accessed more than 1,000 times during the course of a 58-day window starting in December 2020.

Source…