“There is a very slim possibility that the attacker did it when and how they did as a wakeup call to the operator,” she told TechNewsWorld. Since the intruder grabbed control of the operator’s workstation while the operator was sitting in front of it, it’s possible the threat actor wanted to be caught in the act of sabotaging the chemical mix of the water, maintained Saryu Nayyar, CEO of Gurucul, a threat intelligence company in El Segundo, Calif. “It was a pretty low-tech attack,” he added. Moy agreed that an experienced hacker would have entered the system in a more clandestine manner. “It shows in their timing - during the day when they could be seen - and the use of the tool without obfuscating what they were doing,” he told TechNewsWorld. “We can reasonably speculate this was an amateur,” noted Bryson Bort, CEO of Scythe, a computer and network security company in Arlington, Va. There are hacker tools out there to do that.” Amateur ActorĪlthough details about who mounted the attack are unknown, their modus operandi reveals something about them. “That’s not true,” he told TechNewsWorld. “It comes down to the notion that people think that as long as they have a password on something, they can secure it,” observed Rick Moy, vice president of sales and marketing at Tempered Networks, an identity-based micro-segmentation provider in Seattle. “The attacker compromised TeamViewer, perhaps by hacking the passwords, and took over the mouse to reset the chemical balance,” he told TechNewsWorld. “Even had they not caught them, there’s redundancies that have alarms in the system that would have caught the change in PH level, anyhow,” he asserted. Oldsmar Mayor Eric Seidel added that the good news is that the monitoring protocols the city’s water department have in place work. “Importantly, the public was never in danger,” he observed. “Because the operator noticed the increase and lowered it right away, at no time was there a significant adverse effect on the water being treated,” Pinellas County Sheriff Bob Gualtieri said at a news conference. The Oldsmar plant provides water to businesses and about 15,000 residents.
In the water system, it’s used in small amounts to control the acidity of the city’s drinking water. Sodium hydroxide, commonly known as lye, is the main ingredient in liquid drain cleaners.
News of the attack was made public Monday by officials of Oldsmar, who revealed the attack was foiled by an operator at the facility within minutes of its launch.Īfter gaining access to the city’s water system through software used by employees for remote network access, the intruder increased the levels of sodium hydroxide in the system from 100 parts per million to 11,000 parts per million. A cyber intruder broke into the computer network of the water treatment system of a Florida city and attempted to poison it with lye.
0 kommentar(er)
