Hacker Tried To Poison Entire Florida Town By Raising Chemical Levels In Water Supply
Tyler Durden's Photo
BY TYLER DURDEN
MONDAY, FEB 08, 2021 - 21:20
A town in Florida has been target of a hack which briefly altered chemicals in its water supply to "potentially damaging levels" according to local media reports. Federal and local authorities are currently investigating the computer network intrusion which happened last Friday morning, the alarming details of which are emerging Monday.
Plant operators overseeing the small city of Oldsmar’s water supply began observing strange activity on their monitors. That's when technicians noticed that sodium hydroxide levels (or lye), which is used to treat the city's water in small amounts in order to control acidity while removing heavy metals, was being remotely pushed higher.
Water treatment plant file image, Getty
Technicians noticed the chemical levels being subject of unauthorized external manipulation in real time and immediately moved to restore the sodium hydroxide input to its safe, correct levels. The AP detailed based on local reporting: "A plant worker first noticed the unusual activity at around 8 a.m. Friday when someone briefly accessed the system."
"At about 1:30 p.m., someone accessed it again, took control of the mouse, directed it to the software that controls water treatment and increased the amount of sodium hydroxide," the report continued.
The hacker or hackers have yet to be uncovered and apprehended. According to details announced by the county sheriff Bob Gualtieri and featured in Tampa Bay Times:
Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday. The chemical is used in small amounts to control the acidity of water but it’s also a corrosive compound commonly found in household cleaning supplies such as liquid drain cleaners.
"This is obviously a significant and potentially dangerous increase," the Pinellas County sheriff added.
Control panel at a Miami water treatment plant, Getty Images
He further explained that the hacker's changes inside the system were detected before any damage was done that could affect the public: "The public was never in danger," Gualtieri said additionally. "Even if the plant operator had not quickly reversed the increased amount of sodium hydroxide, it would’ve taken between 24 and 36 hours for that water to hit the water supply system."
The Oldsmar water treatment plant is responsible for supplying water to an estimated 15,000 residents along with dozens of businesses. It essentially appears the hacker was attempting to poison the drinking water for an entire town.
Police press conference revealing the hack and its extent to the public on Monday:
Currently the FBI and Secret Service have joined county sheriff efforts at attempting to trace the hack.
The alarming incident comes following federal officials and cybersecurity experts over the past several years expressing anxiety over the vulnerability of vital US infrastructure to potentially devastating hacks, particularly from foreign entities, which could in some cases actually threaten lives.
1 week ago
Hint for newbs: If you don't want stuff to be hacked then you probably shouldn't connect it to the internet.
play_arrow
56
play_arrow
1 week ago
Or believe the fake MS employee when they call you up to "fix your pc"
play_arrow
14
play_arrow
1 week ago
I changed my password from "mypassword" to "yourpassword" throws them off every time.
play_arrow
45
play_arrow
1 week ago
You should have quite the collection in your log files.
play_arrow
2
play_arrow
1 week ago
This is probably a false flag attack.
play_arrow
4
play_arrow
1 week ago
I think you are right. Probably a type of "propaganda trial balloon" for the future internet ID coming up.
play_arrow
4
play_arrow
1 week ago
John Podesta told me he’s used “p@ssword” with good success.
play_arrow
8
play_arrow
1 week ago
White hats locking scammers out of their own computers is entertaining.
https://www.bitchute.com/video/yWksPXZtYDsE/
play_arrow
5
play_arrow
1 week ago
I was just thinking that. Imagine a busy drug store where an intruder could switch medications on the fly. There should always be a human eye in the middle before delivery. Two separate servers. One connected and another offline to verify last transaction. Basic security.
play_arrow
1
play_arrow
1 week ago
A "hacker" in an operative from some espionage department, like the NSA, MOSSAD.
play_arrow
play_arrow
1 week ago
"Oh no. My internet things keep getting hacked."
"Hey! Let's put moar things on the internet."
play_arrow
29
play_arrow
1 week ago
Because why airgap critical systems that could potentially kill thousands/millions. So fkn stupid.
play_arrow
13
play_arrow
1 week ago
Even airgaps can be broken down with some simple tools now.
play_arrow
2
play_arrow
1
1 week ago
Wires and a modem?
play_arrow
1
play_arrow
1 week ago
Cellphone, laptops and usb devices, smart devices, fitbit. Do I need to continue. Just take a look at the metasploit database for your self. Jigsaw?
play_arrow
1
play_arrow
1 week ago
Okay, I want to see you use your cell phone, lap top etc to hack an old Commodore 64.
play_arrow
7
play_arrow
1 week ago
In the 31st century they only use Commodore 64s and VIC-20s after the Android wars.
play_arrow
4
play_arrow
1 week ago
(Edited)
Yeah with old cellphones even but that requires a physical presence near the critical system. If you can't physically secure critical systems and their general vicinity you've lost anyway.
Billions in secret funding to the security state but zero for securing your drinking water. LMAO jokes on you plebs!
play_arrow
4
play_arrow
1 week ago
All of them in democrat cities
play_arrow
play_arrow
1 week ago
In the past we were able to access a premise's fire alarm control panels online.
This is no longer allowed in Florida.
play_arrow
3
play_arrow
1 week ago
Most of these systems are the running outside monitoring servers via openvpn and ipsec. Those outer domain controllers run donky servers and remote access with little to no security requirements.
Most likely the system was using chrome, with RDP plugin enabled and got sucked up and connected. Any good osi level firewall should have blocked the connection. Just dumb.
play_arrow
3
play_arrow
1 week ago
Critical infrastructure shouldn't be remotely accessible. Most of these facilities are supposed to be hardened to some extent especially post-911.
It's a security state but only on Wednesday.
play_arrow
5
play_arrow
1 week ago
Hurry MS hobbitses ! Before the Amazon , Yeugle, IBM , Adobe , Yandex cloud catches you!
play_arrow
play_arrow
1 week ago
Not to worry about that "CLOUD" --- it is in Seattle, according to ace Seattle Times reporter, Sidney Brownstone, who once assured everyone that Amazon would never leave Seattle "because The Cloud is in Seattle!"
play_arrow
play_arrow
1 week ago
why is this **** connected to the internet in the first place?
play_arrow
20
play_arrow
1 week ago
so the managers don't have to work at a water treatment plant. Every managers dream, harass the employees while watching them on remote camera and using remote desktop so they don't have to actually go to work.
I could tell you stories...
play_arrow
3
play_arrow
1 week ago
Only .gov is allowed to poison your water supply. They take competition very seriously.
play_arrow
17
play_arrow
1 week ago
Blame Russia in 3, 2,1
play_arrow
17
play_arrow
1 week ago
(Edited)
Why would they attack at 8 am and not 230 am when theres less eyes and the staff is half asleep? If they took control of the mouse thats more like a remote login isnt it?
play_arrow
16
play_arrow
1 week ago
(Edited)
Great insight. Because they were meant to be “caught”. Or that they needed someone to be actively logged in to usurp control...
play_arrow
7
play_arrow
1
1 week ago
Indeed ... "Hackers" are not awake at 8am.
play_arrow
7
play_arrow
1 week ago
https://www.youtube.com/watch?v=Fqk_VUMzY_M&ab_channel=AndyMoore
play_arrow
play_arrow
1 week ago
Or maybe they were up all night trying to crack the system and finally managed at 8AM.
We have all these important systems and utilities that affect our daily lives that are vulnerable to be attacked. Management keeps whining and crying they're trying to keep it safe from hackers blah blah blah and it's going to take time and lots of cash. How about the cheap and 100% guaranteed fix by not having them connected to the internet. All these admins and politicians want everything at their fingertips so they can avoid having to make a call or get out of their cushy office miles away from the operations and actually see what they are in charge of. They are also worried about a rare rouge employee while opening up their systems to thousands of bad guy hackers who can hide their tracks.
play_arrow
4
play_arrow
1 week ago
(Edited)
Or maybe they were up all night trying to crack the system and finally managed at 8AM.
Could be, but I doubt it. Ive read a few books on real hacks that have taken place. One I forget the title, but the guy tracked the hacker for years and watched him in the system. Hed put our bait and such. The hacker was cautious. Really good book wish I could recall the title. Point is all the hackers were patient. They gained access and maintained access for a while before doing anything.
edit:
The book I was referring to is called "The Cuckoo's Egg" Cliff Stoll
Excellent read. Highly recommend.
Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases -- a one-man sting operation that finally gained the attention of the CIA...and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.
play_arrow
2
play_arrow
1 week ago
8 p.m. China time.
play_arrow
5
play_arrow
1
1 week ago
China Russia Iran. Depends on who the want to finger for a false flag
play_arrow
2
play_arrow
1 week ago
Whoever knew that hackers worked office hours?
play_arrow
7
play_arrow
PREMIUM
1 week ago
(Edited)
CIA hackers do.
play_arrow
6
play_arrow
1 week ago
Because they are hacker hookers who normally work at night?????
play_arrow
play_arrow
1 week ago
I smell BS. Took "control of the mouse", pretty shltty hacker, usually go straight for the PLC.
play_arrow
13
play_arrow
1 week ago
Exactly. total BS.
play_arrow
9
play_arrow
1 week ago
Yup, Someone working at the plant fluked up (perhaps bumped the controls) and they decided to blame the incident on a hacker.
Police Office: Do you know how fast you were going?
Driver: No.
Police Office: 95mph in a 35 mph zone.
Driver: My car must have been hacked!
Man gets caught stealing. pleads not guilt, "I got hacked!"
play_arrow
3
play_arrow
1
1 week ago
Might work with a Tesla.
play_arrow
3
play_arrow
1 week ago
Dude, this wasn't a missile control silo...it was the waste treatment plant for a ****ty town in Florida. It doesn't require some covert Russian hacker or Nork program to infiltrate.
Very likely the lazy admin had loaded some remote login (RDP) software onto their PC so he didn't have to drive into work at night to check some issue the night operator was reporting. It is also very likely the software hadn't been updated in 3 years.. and some script kiddie was able to exploit well-known vulnerability and **** around with the software.
Not everything requires some super-sleuth hacker... in fact, in many cases, it is just a kid running a script he found on the intertubes.
play_arrow
7
play_arrow
PREMIUM
1 week ago
(Edited)
It sounds so much more sexy to say China or Russia than the local computer nerd still in his Mickey Mouse PJ's at 8 am screwing with the local water treatment plant simply because he can.
play_arrow
4
play_arrow
1 week ago
It's not waste water, it's clean water that's pumped out of the aquifers then treated to bring it up to drinking standards.
play_arrow
play_arrow
1 week ago
(Edited)
@falseprofit and what do you have against Florida? What if it'd been a ****ty little town of whatever state you live in???
play_arrow
play_arrow
1 week ago
Pretty standard to use the built-in remote control/tech spport feature.
play_arrow
play_arrow
1 week ago
Why, just why was the control connected to the public internet. For what idiotic reason where the controls of that public water supply connected to the internet, what possible insane reason would make that stupid decision reasonable when clearly it has now been proven how unreasoable and stupid it was.
Forget about the ohh look we were hacked the whole internet needs more security rubbish.
How about criminal charges against those idiots for criminal negligence. The unnecessary connection of an critical system to the public internet. The clear incompetence in failing to secure that system, you are required by law to secure critical computer system properly, there is no longer any excuse for running critical system insecurely, for security by incompetence.
A pack of idiots bragging about how incompetently their network systems where run, how they stupidly connected a critical system to the public internet, how they failed to secure. The keystone cops of computer system security, blaming others for the pathetic security. Want better system security, start handing out custodial system to people providing network and computer system security and who fail due to criminal negligence, failing to provide the proper security, proof, THEY WERE HACKED (now they should be required to prove their system security was proper and sufficient or else face criminal charges for gross incompetence).
Blaming hacking for computer systems security failures, is no longer an excuse for any government agency, at any level, get hacked, you failed and you face criminal charges for criminal negligence. Not up to the role, do not take the job and the money.
play_arrow
9
play_arrow
1 week ago
(Edited)
While in Iraq, my team was given a secondary mission for our AoR, maintaining a certain city's water supply. Not my cup of tea, but they had a decent facility that ran a SCADA system and the eight of us kept things running for several days until the locals could be coaxed back to work. Anyway, the system went through the internet so that pumps 10 miles away could be activated/deactivated without having to be present.
Heck, we only required about three of us to run the facility with only some guidance from one local who showed up for a few hours a day to assist and show us the ropes as it were. There were some twenty of these pumps and it was a time saver (and safer) to not have to go to them each time they needed adjusting. Not to mention running the digesters and generators...
I was told that before SCADA was introduced there, they had two dozen employees running the place during the day, afterward that halved. Night shift was even fewer, so you can see the cost benefit, and isn't that the whole point of government, saving YOU the taxpayer some money. Not like fresh potable water is important or anything, everyone drinks from a bottle now-a-days - whatever that bottle contains is up to you!
PS- There is some sarc in there, so just deal with it!
play_arrow
play_arrow
1 week ago
Water? You mean like out the toilet?
play_arrow
9
play_arrow
1 week ago
(Edited)
It doesn’t even have electrolytes
play_arrow
2
play_arrow
1 week ago
Same FBI that couldn’t find Hillary’s emails or Russian collusion?
play_arrow
7
play_arrow
1
1 week ago
Or the parkland shooter even when tipped off.
play_arrow
1
play_arrow
1 week ago
remove
They did manage to arrest around 250 people from the Jan. 6 rally. Has anyone heard anything more about the woman killed or the supposed cops that were killed ???
play_arrow
play_arrow
Оценили 5 человек
15 кармы