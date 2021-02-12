A cybercriminal last week sneaked into an aqueduct in the state of Florida, United States, to alter chemicals and poisoning the water with caustic soda. This Friday, according to a report from federal authorities, it was learned that the hacker managed to enter the security system because “all” the computers in the system they accessed with the same password, among other vulnerabilities.

The intruder (or intruders) accessed on February 5 the Supervision and Data Acquisition Control System (Scada) of an aqueduct that serves 15,000 people in the town of Oldsmar, on the west coast of Florida, and increased “drastically “sodium hydroxide, known as caustic soda.

“All” computers used by plant personnel “shared the same password for the remote access and they seemed to be connected directly to the internet without any protection from firewall installed“, detailed the Government of Massachusetts as part of an alert that it made to its public companies to prevent these attacks.

The report details on its website that all these computers were connected to the Scada system and “used the 32-bit version Windows 7 operating system “.

The Government of this northern state of the United States indicates that it is based on a “joint report” by the FBI, the Department of Homeland Security (DHS), the Secret Service and Pinellas County, Florida, which are investigating the incident.

It also adds that the US Environmental Protection Agency (EPA) activated a series of recommendations for the country’s aqueducts, including restricting “all” remote connections to SCADA systems, specifically those that allow physical control Y tampering with devices within the network.

The EPA also requests, among other recommendations, to install a registered firewall hardware / software appliance and make sure it is turned on. “The firewall must be isolated and must not be allowed to communicate with unauthorized sources,” they explain.

Also ask maintain computers, devices and applications, including Scada software / Industrial Control Systems (ICS), updated. It is also urgent use two-factor authentication with strong passwords.

According to the report, cybercriminals accessed the Florida plant’s SCADA controls through remote access software, TeamViewer. Florida plant staff immediately noticed the change in dosage amounts of caustic soda and corrected the problem.

Authorities in Pinellas County, where Oldsmar is located, managed to stop the water poisoning. Mayor Bob Gualtieri said he does not know if it was an attack carried out from the United States or outside the country by one or more criminals.

Gualtieri specified that the hacker spent up to five minutes on the system and adjusted the amount of sodium hydroxide in water from 100 parts per million to 11,100.

A more common problem than you think

“Take a few minutes to search Twitter, Reddit, or any other social media site and you’ll find countless examples of researchers posting evidence that they can access calls. ‘man-machine interfaces’, basically web pages designed to remotely interact with various complex systems, such as those that monitor and / or control things like power, water, sewage and manufacturing plants, ”posted IT security specialist Brian Krebs of Krebs on Security.

“In short, a probably inexperienced intruder somehow learned the necessary credentials to remotely access Oldsmar’s water system, did little to hide its activity, and then tried to change settings by such a wide margin that alterations would be hard to miss”, He continues, in an effort to explain how what happened happened.

The specialist explained, in a series of conclusions, his perspective on the problem:

There are approximately 54,000 different drinking water systems in the United States.

The vast majority of those systems serve fewer than 50,000 residents, and many serve a few hundred or thousands.

Virtually all of them depend on some type of remote access to monitor and / or manage these facilities.

Many of these facilities are neglected, underfunded, and there is no one to monitor IT operations 24/7.

Many facilities have not separated operational technology (the bits that control switches and levers) from security systems that can detect and alert to intrusions or potentially dangerous changes.

