Page 1 of 2 12 LastLast
Results 1 to 16 of 26

Thread: Hackers attempt to poison Florida city's water supply

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    30,822
    Thanks
    0
    Thanked
    1,997 times in 703 posts

    Hackers attempt to poison Florida city's water supply

    Unknown attacker increased Sodium Hydroxide level from 100 to 11,100 ppm.
    Read more.

  2. #2
    Registered User
    Join Date
    Aug 2017
    Posts
    13
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Hackers attempt to poison Florida city's water supply

    So probably a teamviewer vulnerability?

  3. #3
    Senior Member Pob255's Avatar
    Join Date
    Apr 2007
    Location
    The land of Brum
    Posts
    10,119
    Thanks
    603
    Thanked
    1,216 times in 1,117 posts
    • Pob255's system
      • Motherboard:
      • Asus M5A99X EVO
      • CPU:
      • FX8350 & CM Hyper 212+
      • Memory:
      • 4 x 2gb Corsair Vengence 1600mhz cas9
      • Storage:
      • 512gb samsung SSD +1tb Samsung HDD
      • Graphics card(s):
      • EGVA GTX970
      • PSU:
      • Seasonic GX 650W
      • Case:
      • HAF 912+
      • Operating System:
      • W7 Pro
      • Monitor(s):
      • iiyama XB3270QS-B1 32" IPS 1440p

    Re: Hackers attempt to poison Florida city's water supply

    after a search it's hard to find info on safe levels of NaOH
    I've found 500mg/kg injested is a lethal dose for a rabbit
    Aerosol 2mg/m3 is minimum safe levels for no more than 8hours
    and 10mg/m3 is rated as "immediately dangerous to life or health"

    but nothing about drinking water safety levels

    so 1mg per kg = 1 part per million
    so it was changed from 100mg to 11100mg or a 1% solution
    Looks like it would of been very bad

  4. #4
    Senior Member
    Join Date
    Jun 2013
    Posts
    343
    Thanks
    53
    Thanked
    22 times in 19 posts

    Re: Hackers attempt to poison Florida city's water supply

    In a sane world, this "wake-up call regarding cyber-security" would result in the complete removal of online control and an increase in the staff budget to always have a plural number of staff physically on site at all times.

    But I bet they give multiple millions to a software company instead, to add new protections that the plant owners won't understand and won't be able to evaluate.

  5. #5
    Keep it sexy Zhaoman's Avatar
    Join Date
    Jun 2008
    Location
    Dublin
    Posts
    1,501
    Thanks
    226
    Thanked
    125 times in 105 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Pob255 View Post
    after a search it's hard to find info on safe levels of NaOH
    I've found 500mg/kg injested is a lethal dose for a rabbit
    Aerosol 2mg/m3 is minimum safe levels for no more than 8hours
    and 10mg/m3 is rated as "immediately dangerous to life or health"

    but nothing about drinking water safety levels

    so 1mg per kg = 1 part per million
    so it was changed from 100mg to 11100mg or a 1% solution
    Looks like it would of been very bad
    Nothing on NaOH but the drinking water standards do specify maximum levels of Na at 200mg/l https://www.legislation.gov.uk/uksi/...chedule/1/made
    Perhaps NaOH would be captured in that.

  6. #6
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,641
    Thanks
    268
    Thanked
    185 times in 127 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Otherhand View Post
    In a sane world, this "wake-up call regarding cyber-security" would result in the complete removal of online control and an increase in the staff budget to always have a plural number of staff physically on site at all times.

    But I bet they give multiple millions to a software company instead, to add new protections that the plant owners won't understand and won't be able to evaluate.
    This is the problem - you can setup really good security but for 'convenience' someone can stick teamviewer on and bust straight through. Security is only as good as the lowest paid operator. (The sad thing is decent secure remote desktop is possible but it needs an expert to install it correctly and that's expensive.)

    I suspect this firm doesn't even have a proper IT security team (or basic unsecured teamviewer would have never been used!).
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  7. #7
    Senior Member
    Join Date
    Oct 2012
    Posts
    252
    Thanks
    66
    Thanked
    58 times in 37 posts

    Re: Hackers attempt to poison Florida city's water supply

    Jeez, they're still allowing TeamViewer on their system? Why does this not surprise me. I remember a while back some other company got hacked through their internet connected network printer (a functionality that particular printer didn't need to work). Guess stories like this is going to get more and more as more things that don't need to be connected to the internet, have that functionality. And IT security is not taken seriously. I've worked with IT managers who were totally clueless, but are still managers.
    "Arrogance and stupidity all in the same package. How efficient of you!" - Ambassador Londo Mollari

  8. #8
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    6,887
    Thanks
    1,590
    Thanked
    1,144 times in 866 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Hackers attempt to poison Florida city's water supply

    were they still using XP by any chance?

  9. #9
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,641
    Thanks
    268
    Thanked
    185 times in 127 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Zhaoman View Post
    Nothing on NaOH but the drinking water standards do specify maximum levels of Na at 200mg/l https://www.legislation.gov.uk/uksi/...chedule/1/made
    Perhaps NaOH would be captured in that.
    I don't think so - I haven't done chemistry since A Levels but I believe there is a big difference between Sodium ions in the water and caustic soda (Which would presumably dissolve into Na + OH with the OH being the bad alkali part). (Of course I could just be talking rubbish)
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  10. #10
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    6,887
    Thanks
    1,590
    Thanked
    1,144 times in 866 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by cheesemp View Post
    I don't think so - I haven't done chemistry since A Levels but I believe there is a big difference between Sodium ions in the water and caustic soda (Which would presumably dissolve into Na + OH with the OH being the bad alkali part). (Of course I could just be talking rubbish)
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will. Its addition in small amounts is that it will mop-up any H+ /H3O+ ions (the functioning part of acids) making water and sodium salts, but crank the quantity too high and the equilibrium pulls right over into a strong alkaline solution. That is bad.
    Last edited by ik9000; 09-02-2021 at 04:14 PM.

  11. #11
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,641
    Thanks
    268
    Thanked
    185 times in 127 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by ik9000 View Post
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will.
    That ties into what I remember but I was nervous relying on nearly 25 year old memories (how the heck did I get so old ). With Acids its the H+ you have to worry about.
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  12. #12
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,243
    Thanks
    460
    Thanked
    415 times in 287 posts

    Re: Hackers attempt to poison Florida city's water supply

    That someone thought having remote access to a water treatment plant via teamviewer of all things boggles the mind, it's the sort of thing you'd expect in a Hollywood film plot.

  13. #13
    Hardcore Tory, Lost Cause Ttaskmaster's Avatar
    Join Date
    Nov 2013
    Location
    Reading, UK
    Posts
    6,475
    Thanks
    421
    Thanked
    701 times in 594 posts
    • Ttaskmaster's system
      • Motherboard:
      • Asus X99-PRO
      • CPU:
      • i7 5960X o/c to 4.summat
      • Memory:
      • 32GB 3200MHz Crucial Ballistix Tactical Tracer RGB DDR4
      • Storage:
      • Samsung Evo 120GB and Seagate Baracuda 2TB
      • Graphics card(s):
      • Gigabyte G1 GTX980Ti
      • PSU:
      • EVGA Supernova G2 1000W
      • Case:
      • Phanteks Enthoo Luxe wiv perspex window
      • Operating System:
      • Win10 64 Home
      • Monitor(s):
      • Acer Predator XB270HU 1440 IPS GSync
      • Internet:
      • BT 0.7Mbps 'In The Sticks' version

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Corky34 View Post
    That someone thought having remote access to a water treatment plant via teamviewer of all things boggles the mind, it's the sort of thing you'd expect in a Hollywood film plot.
    Remote access during lockdown or other hazardous conditions saves someone having to go out there in person, and potentially never come home again.
    There's been a big safety drive throughout the industry in recent years, not helped by things like the recent explosion in Bristol.

    Choice of software is determined by business prices that fit the budget, which is dictated by the regulator, who pander to what (they think) the customer wants.
    _______________________________________________________________________
    Quote Originally Posted by stevie lee View Post
    I could never work my way back up the shaft. Managed once to get to the bottom of the shaft, but got covered in slime and got stuck.

  14. #14
    Keep it sexy Zhaoman's Avatar
    Join Date
    Jun 2008
    Location
    Dublin
    Posts
    1,501
    Thanks
    226
    Thanked
    125 times in 105 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by ik9000 View Post
    again, only A-levels, but with adding sodium hydroxide the issue is less the Na+ ions but the introduction of lots of OH- ions smashing the PH upwards into strongly alkaline territory. It'll burn you like bleach will. Its addition in small amounts is that it will mop-up any H+ /H3O+ ions (the functioning part of acids) making water and sodium salts, but crank the quantity too high and the equilibrium pulls right over into a strong alkaline solution. That is bad.
    Thanks for the explanations. In that case, the indicator parameters include maximum levels of conductivity and hydrogen ions (as measured by pH) https://www.legislation.gov.uk/uksi/...chedule/2/made which should capture this? (To answer Pob's query)

  15. #15
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,243
    Thanks
    460
    Thanked
    415 times in 287 posts

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Ttaskmaster View Post
    Remote access during lockdown or other hazardous conditions saves someone having to go out there in person, and potentially never come home again.
    There's been a big safety drive throughout the industry in recent years, not helped by things like the recent explosion in Bristol.

    Choice of software is determined by business prices that fit the budget, which is dictated by the regulator, who pander to what (they think) the customer wants.
    For sure, but you'd expect someone to be there just to confirm a change to a system that could kill (i assume) loads of people.

    Maybe I'm just old but i would've thought something like this would be: Boss or person phones in and tells technician or whoever to change such and such to whatever and for such calls to be logged with the person making the request and the person who took and actioned the request.

  16. #16
    Hardcore Tory, Lost Cause Ttaskmaster's Avatar
    Join Date
    Nov 2013
    Location
    Reading, UK
    Posts
    6,475
    Thanks
    421
    Thanked
    701 times in 594 posts
    • Ttaskmaster's system
      • Motherboard:
      • Asus X99-PRO
      • CPU:
      • i7 5960X o/c to 4.summat
      • Memory:
      • 32GB 3200MHz Crucial Ballistix Tactical Tracer RGB DDR4
      • Storage:
      • Samsung Evo 120GB and Seagate Baracuda 2TB
      • Graphics card(s):
      • Gigabyte G1 GTX980Ti
      • PSU:
      • EVGA Supernova G2 1000W
      • Case:
      • Phanteks Enthoo Luxe wiv perspex window
      • Operating System:
      • Win10 64 Home
      • Monitor(s):
      • Acer Predator XB270HU 1440 IPS GSync
      • Internet:
      • BT 0.7Mbps 'In The Sticks' version

    Re: Hackers attempt to poison Florida city's water supply

    Quote Originally Posted by Corky34 View Post
    For sure, but you'd expect someone to be there just to confirm a change to a system that could kill (i assume) loads of people.
    Depends on the site.
    In the UK alone, there are many many small sites that are completely unstaffed as standard. A large works will be, but small pumping stations and the like just do not need crew and the cost of staffing them, providing for their safety and wellbeing, amenities, security, parking, facilities, etc... well, we'd easily treble our head count and likely more.

    Quote Originally Posted by Corky34 View Post
    Maybe I'm just old but i would've thought something like this would be: Boss or person phones in and tells technician or whoever to change such and such to whatever and for such calls to be logged with the person making the request and the person who took and actioned the request.
    I'm sure the software logs it too...
    But you're looking at the wrong end - Who looks over the shoulder of the technician actually actioning the change, verifies that s/he has authorisation and... most importantly... carries it out correctly?
    Moreover, who is there to stop the change before it goes wrong? Logs only hold people accountable after the fact. They do nothing to prevent the disaster from happening.
    _______________________________________________________________________
    Quote Originally Posted by stevie lee View Post
    I could never work my way back up the shaft. Managed once to get to the bottom of the shaft, but got covered in slime and got stuck.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •