A hacker tried to poison the water supply in another major US city

0
Loading...

To the average person, most cybersecurity news might only sound relevant in the abstract. Network penetrations, stolen passwords, leaked files, and the like aren’t exactly the kind of things that create a headache for most of us. But like the nasty, sharp-edged expansiveness of the iceberg below the surface that you don’t see, so too are the frightening implications of so many of the security and hack-related news items that you’re not aware of — or that you don’t hear about until much later. Like, for example, the way a hacker nearly poisoned the water supply of another major US city, this time San Francisco, earlier this year.

NBC News revealed details of the heretofore unreported incident a few days ago, as part of a larger deep-dive into the disastrously porous state of the security associated with water supply systems around the US. In brief: On January 15, the week after the insurrection at the US Capitol that was still dominating national news headlines, a hacker embarked on this mission. Armed with a password and username for an employee’s TeamViewer account, this hacker logged into the San Francisco water system’s computer network remotely and started deleting programs associated with the treatment of drinking water.

NBC News credits these details to a private report prepared by the Northern California Regional Intelligence Center. The scary part was that the coast seemed to be pretty clear, with few if any impediments stopping the hacker from bringing the worst to fruition. However, the report only offers this vague denouement to the whole affair, noting that the hack was discovered the following day, the facility changed the login credentials, and that was that.

Based on the few details provided, in other words, it sounds like San Francisco got super lucky. “No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures,” the report reads.

If this all sounds a little familiar, it should. That San Francisco Bay-area attack that no one heard about until now was followed by one that actually did end up making headlines around the US — and it, too, involved a hacker using TeamViewer credentials to try and poison the water supply of Oldsmar, Florida, by raising the levels of lye in the drinking water there. Luck played a part once again in stopping this, because an employee watched the hacker’s remote actions in real-time — watched, literally, as the hacker remotely moved the computer mouse around the employee’s computer screen, and was able to shut down the hacker’s attempted changes.

“If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant,” industrial cybersecurity consultant Bryson Bort told NBC News, regarding the nature of security connected to these types of systems.

Along these same lines, cybersecurity journalist Brian Krebs reported a related and very sobering finding this week: That most of the 52,000 individual drinking water systems in the US “still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.” Per the Water Sector Coordinating Council, a survey of around 600 employees of water and wastewater treatment facilities around the country revealed that only 37.9% of utilities “have identified all IT-networked assets.”

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

Loading...

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Loading...
Denial of responsibility! TechAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More