Florida water treatment facility hack used inactive remote access software, sheriff says



[ad_1]

The cyber intruder entered Oldsmar’s water treatment system twice on Friday – at 8 a.m. and 1:30 p.m. – through idle software called TeamViewer. The software had not been used for about six months but was still on the system.

“How they got in, whether it was password or something else, I can’t tell you,” Gualtieri said.

However, Oldsmar’s deputy manager Felicia Donnelly told CNN that a password was required for the system to be controlled remotely.

Once inside, the hacker adjusted the level of sodium hydroxide, or lye, to more than 100 times its normal level, Gualtieri said. The system operator noticed the intrusion and immediately reduced the level. At no time was there a significant negative effect on the city’s water supply and the public was never at risk, he said.

The identity of the hacker, or hackers, is not yet known.

“Nobody knows anything, so the discussions that are taking place are pure speculation at this point,” Gualtieri said.

Gualtieri praised the operator who spotted the attack on Friday and said current and former employees were questioned after an early review of an insider threat. There is currently no suspicion or indication that this is the case, he said.

Questions about the sophistication of the hack

Robert M. Lee, CEO of Dragos Inc., an industrial cybersecurity company, said this type of attack was precisely what kept industry experts awake at night.

“It wasn’t particularly fancy, but that’s exactly what people worry about, and as one of the very few examples of someone trying to hurt people, it’s a big deal for that reason. “said Lee.

However, Gualtieri rejected assumptions that the attack was not sophisticated.

“It could be that someone has somehow compromised the password and the password is out. Or it can be quite sophisticated when someone does what hackers do: it’s constantly looking for potential vulnerabilities and administrator credentials, ”he told me.

Gualtieri said the potential danger of an attack like this should spark discussion about remote access to software, adding that he has never seen an attack like this.

“It’s new to us,” the sheriff said.

Israel reaches out to US investigators

Gualtieri said the county is coordinating with the FBI and the US Secret Service, but the county is leading the investigation, using an in-house lab for forensic analysis of the attack.

Asked why the Secret Service is involved, Gualtieri highlighted their work on computer fraud and agreed that Sunday’s Super Bowl in Tampa “certainly has something to do with it,” given that the attack s ‘is produced on Friday. The attack was reported to the FBI Joint Task Force on Terrorism, of which the Secret Service is a part, “so they were involved at that time.”

Florida Senator Marco Rubio said on Monday that he wanted the hacking to be treated as a national security measure.

Israel’s National Cyber ​​Security Directorate (NCD), the government’s cybersecurity agency, said on Wednesday it had contacted US counterparts investigating the Oldsmar hack.

“Israel’s National Cyber ​​Security Directorate has reached out to its US counterparts about the case (in Oldsmar, Florida) as part of a standard and accepted cyber information sharing process aimed at learn from other cases around the world and increase resistance methods, ”the institution said in a statement.

Last April, Israeli water facilities were the target of an attack that NCD chief Yigal Unna called “a point of change in the history of modern cyber warfare.” He said the facilities had been targeted in a “synchronized and organized attack on our water systems”.

If the attack had been successful, Unna said, it could have caused significant damage to civilian water supplies. He also appeared to suggest that the hack was targeting the flow of chlorine in water treatment units, which could have been harmful to public health.

In his May 2020 presentation to an online CyberTech conference, the NCD chief did not say who he said was behind the attack in Israel, but noted that it had not been accompanied by the type of requests ransom or attempted financial gain that one would expect if it had been carried out by cybercriminals.

[ad_2]

Source link