Lax security measures allow for Florida water plant hack

In yet another case of poor security practices allowing for potentially catastrophic consequences, a Florida water plant was hacked earlier this month.

The Oldsmar plant in question was able to be hacked through the remote-access program TeamViewer.

The cyber criminal was able to log in through TeamViewer and easily access sensitive systems. While in the system, the criminal attempted to boost lye levels to the dangerous amount of 100 times over the normal limit.

This water plant was so easily hacked because of three main issues:

The plant was sharing passwords amongst employees, rendering the security of the passwords effectively useless.

The water plant’s vital computers were also connected directly to the internet without any type of firewall protection installed.

Finally, computers that the water plant was using in order to control the vital water treatment process were running Windows 7.

Windows 7 is no longer supported by Microsoft and there have not been any security patches or updates in over a year.

Thankfully, a supervisor happened to be monitoring one of the systems and saw a mouse pointer move across the screen. That supervisor immediately noticed the change in dosing amounts and was able to reverse the effects before the water treatment process was affected.

If this attack hadn’t been observed, the alteration would have affected the water supply in 24-36 hours and would have had to rely on the plant safeguards to have been detected and stopped.

There’s no telling what other damage the cybercriminal was intending to inflict after adjusting the lye levels to dangerous amounts.

With this company’s lax security measures, they are lucky that this incident did not have a more disastrous outcome.

This is a good reminder not to become complacent and allow your own security to be lax; cyber criminals are always on the hunt for more victims.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648