Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
posted by martyb on Tuesday February 09 2021, @11:13AM   Printer-friendly
from the and-that's-no-lye! dept.

Hacker tries to poison water supply of Florida city

A computer hacker gained access to the water system of a city in Florida and tried to pump in a "dangerous" amount of a chemical, officials say.

The hacker briefly increased the amount of sodium hydroxide (lye) in Oldsmar's water treatment system, but a worker spotted it and reversed the action. Lye is used in small amounts to control acidity but a large amount could have caused major problems in the water.

Oldsmar Mayor Eric Seidel said: "There's a bad actor out there." No arrests have yet been made and it is not known if the hack was done from within the US or outside.

A computer controlling Oldsmar's water treatment system was remotely accessed on Friday. A plant operator saw an attempt to access the system in the morning but assumed it was his supervisor, the Tampa Bay Times reported. But another attempt was made early in the afternoon and this time the hacker accessed the treatment software and increased the sodium hydroxide content from 100 parts per million to 11,100 ppm. The operator immediately reduced the level to normal.

Also at CNN, Ars Technica, and WWSB.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Tuesday February 09 2021, @12:55PM (7 children)

    by Runaway1956 (2926) Subscriber Badge on Tuesday February 09 2021, @12:55PM (#1110668) Journal

    The remote access programme to the water system has been temporarily disabled.

    I have the same question, and go one step further. After a warning like this, why is remote access disabled TEMPORARILY???

    Now way, now how, no where, no when, should critical infrastructure be accessibly via the internet. Fekkin' idiots!

    --
    “I have become friends with many school shooters” - Tampon Tim Walz
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Tuesday February 09 2021, @02:28PM

    by Anonymous Coward on Tuesday February 09 2021, @02:28PM (#1110697)

    I'm suspicious whether this story is actually real. If more lye ended in the water, did somebody spill a bucket by accident and they want to shift blame?

    Secondly, if safety critical systems are being controlled by computers, why not add another system to sanity check what the first one is doing?

  • (Score: 2) by Immerman on Tuesday February 09 2021, @03:00PM (1 child)

    by Immerman (3985) on Tuesday February 09 2021, @03:00PM (#1110704)

    Oldsmar Mayor Eric Seidel said: "There's a bad actor out there."

    Really? There's a bad actor somewhere on Earth, and they have internet access? Oh no! Sound the alarm! Unleash the hounds!

    Anyone who says such a thing as though it has more relevance than "the sky is blue" should not be allowed in any position of authority.

    Connecting any system to the internet is immediately exposing it to a huge number of bad actors. It's your responsibility to defend against them, and if you don't plan to take that responsibility seriously, unplug from the effing 'net.

    • (Score: 0) by Anonymous Coward on Tuesday February 09 2021, @07:47PM

      by Anonymous Coward on Tuesday February 09 2021, @07:47PM (#1110850)

      Seems you are having trouble processing context. Did you mean

      • I can't tell the difference between someone who steals my CPU cycles and someone who tries to kill me.
      • I can't tell the difference between someone who wants my credit card number and someone who wants thousands sick and dead.
      • I'm an aspie who doesn't want people to think seriously about those distinctions, look at my die collection!*

      [ Help ] [ OK ] [ Cancel ]

        - -

      *Wait, don't you mean dice collection?

      No, moron. The singular is die. Do you say "horses collection"?

  • (Score: 5, Interesting) by DannyB on Tuesday February 09 2021, @03:24PM (3 children)

    by DannyB (5839) Subscriber Badge on Tuesday February 09 2021, @03:24PM (#1110716) Journal

    After a warning like this, why is remote access disabled TEMPORARILY???

    Now way, now how, no where, no when, should critical infrastructure be accessibly via the internet. Fekkin' idiots!

    As someone at NASA once said in January 1986: take off your engineering hat for a moment and put on your management hat.

    Do you realize that it would cost money to have an actual person at an inconvenient location to actually physically monitor and control operations of water treatment? Even if someone only occasionally needs to physically visit the facility. (eg, remote monitoring, but actual hands-on manipulation must be, um, hands-on.) Ditto for electrical substations, chemical plants, sewage treatment, electrical generation facilities, nuclear power plants, etc. No on site humans needed! Just a warm body on the intarwebs.

    Don't you realize that it is way cheaper (to someone, but not to you and me) to simply have a warm body somewhere who can remotely monitor and control these facilities? (Located in India or somewhere.) Look how effectively this has worked for corporations to outsource their call centers! It's wonderful, just wonderful I tell you!

    No regulations needed. They are doing swell! We can't regulate corporations. Absolutely no regulation can be permitted. That would not be pro-business. If this principle works for corporations, it works equally well for municipal water.

    --
    Santa maintains a database and does double verification of it.
    • (Score: 3, Interesting) by VLM on Tuesday February 09 2021, @04:29PM

      by VLM (445) on Tuesday February 09 2021, @04:29PM (#1110743)

      No on site humans needed!

      I've worked at places running under a variation of the two man rule where they have an onsite and an offsite.

      Note that the workload can get pretty shitty for the onsite when there's either an internet outage at the offsite's house or the onsite plant, but at least they have someone. Luckily if you use VOIP then an internet outage means no incoming calls.

      The highest ratio I ever saw was during a snow storm at a data center type facility and they had like one dude who lived down the road come in for a 16 hour day and five guys VPN'd in from home. The onsite guy was pretty busy doing remote hands stuff. The fact of the matter is if you have 1000 water and enviro sensors in a very large facility (like acres...) even if the sensors are 99.9% reliable every day, that means at least once a day the flooding sensor will go off and need investigating, and air handling equipment needs continual maintenance, its a headache.

    • (Score: 1) by khallow on Tuesday February 09 2021, @06:37PM

      by khallow (3766) Subscriber Badge on Tuesday February 09 2021, @06:37PM (#1110818) Journal
      Keep in mind that the problem corporation here is the City of Oldsmar.
    • (Score: 2, Interesting) by Anonymous Coward on Tuesday February 09 2021, @07:15PM

      by Anonymous Coward on Tuesday February 09 2021, @07:15PM (#1110834)

      Ok, so you *really* need to always be able to remotely see what's going on. So point a webcam at the screen through an AIR GAP.