FBI Called In After Hacker Tries To Poison Tampa-Area City's Water

littleman · February 10, 2021, 05:17:17 AM

Quote"The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million," Gualtieri said on Monday, during a briefing about the attack. "This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It's also used to control water acidity and remove metals from drinking water."

https://www.npr.org/2021/02/09/965791252/fbi-called-in-after-hacker-tries-to-poison-tampa-area-citys-water-with-lye

Torben · February 10, 2021, 09:32:43 AM

And that is why the US nuclear arsenal relied on eight-inch floppy disk from the 70's until 2019.

Critical industrial (or military) systems should never be connected directly to the internet

rcjordan · February 10, 2021, 03:36:51 PM

One of my best friends is IT admin for a large metropolitan water district. I wonder how his day is going?

>internet

Air gaps should be mandatory. Maybe this will wake us up.

>connected

"One way or the other, you pay for every convenience." ^{--my mom}

rcjordan · February 10, 2021, 08:00:05 PM

Hack of Florida town's water supply one in a growing number of attacks - U.S. - Stripes
https://www.stripes.com/news/us/hack-of-florida-town-s-water-supply-one-in-a-growing-number-of-attacks-1.661752

rcjordan · March 17, 2021, 11:21:52 PM

America's Drinking Water Is Surprisingly Easy to Poison — ProPublica
https://www.propublica.org/article/hacking-water-systems#1053129

ergophobe · March 17, 2021, 11:52:06 PM

Quote from: rcjordan on February 10, 2021, 03:36:51 PM
Air gaps should be mandatory.

This threw me, since we're talking about water supply. I was going to say that air gaps ARE mandatory now, but then I realized you were talking about wires rather than pipes.

As you may recall, I am on our local utility district advisory committee. We brought this up in our last meeting. The operator said we're safe from remote hacks - since we have crap for internet and all that, our chlorination is mechanical. Someone has to physically break into the building and turn the dial to change our chlorination levels. Of course, the building itself would be pretty easy to break into, so it could be done, but at the very least you can't do it from China or North Carolina or anywhere else nefarious hackers live.

grnidone · March 18, 2021, 07:15:07 PM

>but at the very least you can't do it from China or North Carolina or anywhere else nefarious hackers live.

LOL!!

rcjordan · March 03, 2023, 04:39:26 PM

EPA mandates states report on cyber threats to water systems | AP News

https://apnews.com/article/epa-water-cyberattacks-cybersecurity-00649f918e2d9fff9d73152bc349e644

rcjordan · May 20, 2024, 10:26:30 PM

<warp>

https://www.courthousenews.com/epa-warns-of-increasing-cyberattacks-on-water-systems-urges-utilities-to-take-immediate-action/

EPA warns of increasing cyberattacks on water systems, urges utilities to take immediate action | Courthouse News Service

Debbie is shocked! "About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent breaches or other intrusions, the agency said....

Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees."