Attack against Florida Water Treatment Facility

2021-02-12 12:08

A water treatment plant in Oldsmar, Florida, was attacked last Friday.

Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it's a disgruntled insider: either a current or former employee.

The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.

Spend a few minutes searching Twitter, Reddit or any number of other social media sites and you'll find countless examples of researchers posting proof of being able to access so-called "Human-machine interfaces" - basically web pages designed to interact remotely with various complex systems, such as those that monitor and/or control things like power, water, sewage and manufacturing plants.

There have been precious few known incidents of malicious hackers abusing this access to disrupt these complex systems.

That is, until this past Monday, when Florida county sheriff Bob Gualtieri held a remarkably clear-headed and fact-filled news conference about an attempt to poison the water supply of Oldsmar, a town of around 15,000 not far from Tampa.

News URL

https://www.schneier.com/blog/archives/2021/02/attack-against-florida-water-treatment-facility.html

#attack #florida