Oldsmer, population 13,000, is a typical city on the west coast of Florida. On Friday, February 5, at 8 am, a hacker will access a computer system that allows you to remotely manage the purification of drinking water. No one realized it. At 1:30 pm, he comes back and opens the files here and there, walking around for about 5 minutes in total.
The operator in front of his screen, suddenly sees his mouse cursor escaping him, goes alone towards the administration of sodium hydroxide, in other words caustic soda. A dangerous chemical that can cause severe skin burns and eye damage … in unlimited quantities, however, it helps prevent corrosion of the tubes and manages the pH of the water.
Other than having fun raising the pirate counter. He gives a hundred times more than he expected. Before leaving.
The operator comes to his senses, adjusts the figures and warns his superiors.
If this – or these – (not yet identified) pirates were too skilled or too clever, the Oldsmar people might have been poisoned by tap water.
In fact everything was stopped at the right time and no one was in danger. The attack was not very subtle and its author had no knowledge of the system and was scheduled to shut down automatically in the event of an overdose.
– Dominic (op Tubix) February 11, 2021
However, this cyber attack is taken very seriously because at least the target software Team Viewer is used in the whole companies to remotely control the machines. Including a few tens of thousands of water stations in the United States. From whom does the fantasy of a large-scale bio-terrorism come from … the FBI and the Secret Service are on the spot.
Cyber security experts are also concerned: due to the corona virus infection, industrial machines and systems are remotely managed and connected to the Internet, making them vulnerable. Always recognizes their flaws and invests to protect themselves from cybercriminals.
Our security expert Kevin Morley weighs in on the importance of cybersecurity in light of the recent incident in Oldsmar, Florida. https://t.co/xvuDNcWVPL AWWA’s cyber security resources are available here https://t.co/TiTcaBlo42. #AWWAinDC pic.twitter.com/dXektGuXp0
– American Water Works Association (wawwa) February 9, 2021
A special US site, According to Oldsmer, the hacker may well have infiltrated a device unrelated to this case, i.e. the personal tablet is plugged into the same WiFi network used by the engineer to manage the remote factory. This “Just like the front door of the bank opened securely directly“.
Large public utility networks, such as water, energy, transportation, and financial flows, are being hacked – even for recovery demands (the United States has recorded waves of attacks on hospitals in the fall, with several agencies, including the state judiciary, being recently targeted). They still have a way to go.