Page 1 of 2 12 LastLast
Results 1 to 16 of 26

Thread: Hackers attempt to poison Florida city's water supply

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    Hackers attempt to poison Florida city's water supply

    Unknown attacker increased Sodium Hydroxide level from 100 to 11,100 ppm.
    Read more.

  2. #2
    Registered+
    Join Date
    Aug 2017
    Posts
    20
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Hackers attempt to poison Florida city's water supply

    So probably a teamviewer vulnerability?

  3. #3
    Senior Member Pob255's Avatar
    Join Date
    Apr 2007
    Location
    The land of Brum
    Posts
    10,143
    Thanks
    608
    Thanked
    1,226 times in 1,123 posts
    • Pob255's system
      • Motherboard:
      • Asus M5A99X EVO
      • CPU:
      • FX8350 & CM Hyper 212+
      • Memory:
      • 4 x 2gb Corsair Vengence 1600mhz cas9
      • Storage:
      • 512gb samsung SSD +1tb Samsung HDD
      • Graphics card(s):
      • EGVA GTX970
      • PSU:
      • Seasonic GX 650W
      • Case:
      • HAF 912+
      • Operating System:
      • W7 Pro
      • Monitor(s):
      • iiyama XB3270QS-B1 32" IPS 1440p

    Re: Hackers attempt to poison Florida city's water supply

    after a search it's hard to find info on safe levels of NaOH
    I've found 500mg/kg injested is a lethal dose for a rabbit
    Aerosol 2mg/m3 is minimum safe levels for no more than 8hours
    and 10mg/m3 is rated as "immediately dangerous to life or health"

    but nothing about drinking water safety levels

    so 1mg per kg = 1 part per million
    so it was changed from 100mg to 11100mg or a 1% solution
    Looks like it would of been very bad

  4. #4
    Senior Member
    Join Date
    Jun 2013
    Posts
    344
    Thanks
    54
    Thanked
    22 times in 19 posts

    Re: Hackers attempt to poison Florida city's water supply

    In a sane world, this "wake-up call regarding cyber-security" would result in the complete removal of online control and an increase in the staff budget to always have a plural number of staff physically on site at all times.

    But I bet they give multiple millions to a software company instead, to add new protections that the plant owners won't understand and won't be able to evaluate.

  5. #5
    Keep it sexy Zhaoman's Avatar
    Join Date
    Jun 2008
    Location
    Dublin
    Posts
    1,527
    Thanks
    234
    Thanked
    126 times in 106 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Pob255 View Post
    after a search it's hard to find info on safe levels of NaOH
    I've found 500mg/kg injested is a lethal dose for a rabbit
    Aerosol 2mg/m3 is minimum safe levels for no more than 8hours
    and 10mg/m3 is rated as "immediately dangerous to life or health"

    but nothing about drinking water safety levels

    so 1mg per kg = 1 part per million
    so it was changed from 100mg to 11100mg or a 1% solution
    Looks like it would of been very bad
    Nothing on NaOH but the drinking water standards do specify maximum levels of Na at 200mg/l https://www.legislation.gov.uk/uksi/...chedule/1/made
    Perhaps NaOH would be captured in that.

  6. #6
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,948
    Thanks
    354
    Thanked
    255 times in 173 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Otherhand View Post
    In a sane world, this "wake-up call regarding cyber-security" would result in the complete removal of online control and an increase in the staff budget to always have a plural number of staff physically on site at all times.

    But I bet they give multiple millions to a software company instead, to add new protections that the plant owners won't understand and won't be able to evaluate.
    This is the problem - you can setup really good security but for 'convenience' someone can stick teamviewer on and bust straight through. Security is only as good as the lowest paid operator. (The sad thing is decent secure remote desktop is possible but it needs an expert to install it correctly and that's expensive.)

    I suspect this firm doesn't even have a proper IT security team (or basic unsecured teamviewer would have never been used!).
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  7. #7
    Senior Member
    Join Date
    Oct 2012
    Posts
    415
    Thanks
    158
    Thanked
    95 times in 66 posts

    Re: Hackers attempt to poison Florida city's water supply

    Jeez, they're still allowing TeamViewer on their system? Why does this not surprise me. I remember a while back some other company got hacked through their internet connected network printer (a functionality that particular printer didn't need to work). Guess stories like this is going to get more and more as more things that don't need to be connected to the internet, have that functionality. And IT security is not taken seriously. I've worked with IT managers who were totally clueless, but are still managers.
    "Arrogance and stupidity all in the same package. How efficient of you!" - Ambassador Londo Mollari
    "Never interrupt your enemy when he is making a mistake." - A General

  8. #8
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Hackers attempt to poison Florida city's water supply

    were they still using XP by any chance?

  9. #9
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,948
    Thanks
    354
    Thanked
    255 times in 173 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Zhaoman View Post
    Nothing on NaOH but the drinking water standards do specify maximum levels of Na at 200mg/l https://www.legislation.gov.uk/uksi/...chedule/1/made
    Perhaps NaOH would be captured in that.
    I don't think so - I haven't done chemistry since A Levels but I believe there is a big difference between Sodium ions in the water and caustic soda (Which would presumably dissolve into Na + OH with the OH being the bad alkali part). (Of course I could just be talking rubbish)
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  10. #10
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by cheesemp View Post
    I don't think so - I haven't done chemistry since A Levels but I believe there is a big difference between Sodium ions in the water and caustic soda (Which would presumably dissolve into Na + OH with the OH being the bad alkali part). (Of course I could just be talking rubbish)
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will. Its addition in small amounts is that it will mop-up any H+ /H3O+ ions (the functioning part of acids) making water and sodium salts, but crank the quantity too high and the equilibrium pulls right over into a strong alkaline solution. That is bad.
    Last edited by ik9000; 09-02-2021 at 04:14 PM.

  11. #11
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,948
    Thanks
    354
    Thanked
    255 times in 173 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by ik9000 View Post
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will.
    That ties into what I remember but I was nervous relying on nearly 25 year old memories (how the heck did I get so old ). With Acids its the H+ you have to worry about.
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  12. #12
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Hackers attempt to poison Florida city's water supply

    That someone thought having remote access to a water treatment plant via teamviewer of all things boggles the mind, it's the sort of thing you'd expect in a Hollywood film plot.

  13. #13
    MCRN Tachi Ttaskmaster's Avatar
    Join Date
    Nov 2013
    Location
    Reading, UK
    Posts
    6,917
    Thanks
    673
    Thanked
    806 times in 668 posts
    • Ttaskmaster's system
      • Motherboard:
      • Aorus Master X670E
      • CPU:
      • Ryzen 7800X3D
      • Memory:
      • 32GB Corsair Dominator DDR5 6000MHz
      • Storage:
      • Samsung Evo 120GB and Seagate Baracuda 2TB
      • Graphics card(s):
      • Aorus Master 4090
      • PSU:
      • EVGA Supernova G2 1000W
      • Case:
      • Lian Li V3000 Plus
      • Operating System:
      • Win11
      • Monitor(s):
      • Gigabyte M32U
      • Internet:
      • 900Mbps Gigaclear WHOOOOOOOOOOOO!!!!!!!!

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Corky34 View Post
    That someone thought having remote access to a water treatment plant via teamviewer of all things boggles the mind, it's the sort of thing you'd expect in a Hollywood film plot.
    Remote access during lockdown or other hazardous conditions saves someone having to go out there in person, and potentially never come home again.
    There's been a big safety drive throughout the industry in recent years, not helped by things like the recent explosion in Bristol.

    Choice of software is determined by business prices that fit the budget, which is dictated by the regulator, who pander to what (they think) the customer wants.
    _______________________________________________________________________
    Quote Originally Posted by Mark Tyson
    like a chihuahua urinating on a towering inferno...

  14. #14
    Keep it sexy Zhaoman's Avatar
    Join Date
    Jun 2008
    Location
    Dublin
    Posts
    1,527
    Thanks
    234
    Thanked
    126 times in 106 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by ik9000 View Post
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will. Its addition in small amounts is that it will mop-up any H+ /H3O+ ions (the functioning part of acids) making water and sodium salts, but crank the quantity too high and the equilibrium pulls right over into a strong alkaline solution. That is bad.
    Thanks for the explanations. In that case, the indicator parameters include maximum levels of conductivity and hydrogen ions (as measured by pH) https://www.legislation.gov.uk/uksi/...chedule/2/made which should capture this? (To answer Pob's query)

  15. #15
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Ttaskmaster View Post
    Remote access during lockdown or other hazardous conditions saves someone having to go out there in person, and potentially never come home again.
    There's been a big safety drive throughout the industry in recent years, not helped by things like the recent explosion in Bristol.

    Choice of software is determined by business prices that fit the budget, which is dictated by the regulator, who pander to what (they think) the customer wants.
    For sure, but you'd expect someone to be there just to confirm a change to a system that could kill (i assume) loads of people.

    Maybe I'm just old but i would've thought something like this would be: Boss or person phones in and tells technician or whoever to change such and such to whatever and for such calls to be logged with the person making the request and the person who took and actioned the request.

  16. #16
    MCRN Tachi Ttaskmaster's Avatar
    Join Date
    Nov 2013
    Location
    Reading, UK
    Posts
    6,917
    Thanks
    673
    Thanked
    806 times in 668 posts
    • Ttaskmaster's system
      • Motherboard:
      • Aorus Master X670E
      • CPU:
      • Ryzen 7800X3D
      • Memory:
      • 32GB Corsair Dominator DDR5 6000MHz
      • Storage:
      • Samsung Evo 120GB and Seagate Baracuda 2TB
      • Graphics card(s):
      • Aorus Master 4090
      • PSU:
      • EVGA Supernova G2 1000W
      • Case:
      • Lian Li V3000 Plus
      • Operating System:
      • Win11
      • Monitor(s):
      • Gigabyte M32U
      • Internet:
      • 900Mbps Gigaclear WHOOOOOOOOOOOO!!!!!!!!

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Corky34 View Post
    For sure, but you'd expect someone to be there just to confirm a change to a system that could kill (i assume) loads of people.
    Depends on the site.
    In the UK alone, there are many many small sites that are completely unstaffed as standard. A large works will be, but small pumping stations and the like just do not need crew and the cost of staffing them, providing for their safety and wellbeing, amenities, security, parking, facilities, etc... well, we'd easily treble our head count and likely more.

    Quote Originally Posted by Corky34 View Post
    Maybe I'm just old but i would've thought something like this would be: Boss or person phones in and tells technician or whoever to change such and such to whatever and for such calls to be logged with the person making the request and the person who took and actioned the request.
    I'm sure the software logs it too...
    But you're looking at the wrong end - Who looks over the shoulder of the technician actually actioning the change, verifies that s/he has authorisation and... most importantly... carries it out correctly?
    Moreover, who is there to stop the change before it goes wrong? Logs only hold people accountable after the fact. They do nothing to prevent the disaster from happening.
    _______________________________________________________________________
    Quote Originally Posted by Mark Tyson
    like a chihuahua urinating on a towering inferno...

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •