Supervisor promptly reversed the action after noticing lye measurements suddenly changing wildly.
Local and federal authorities are investigating how a hacker was able to remotely gain access to a Florida city’s water treatment plant in an unsuccessful attempt at what could have amounted to a mass poisoning.
Yeah, let's give China access to our power grid too. This should be fun.
https://www.theguardian.com/us-news/2021/feb/08/hacker-water-supply-oldsmar-florida
Yes. Even worse: They had TeamViewer on those machines, which is how they got in so easily.
IT guy here
jesus
As a nerd who knows a thing or two about computers
nothing important should ever be connected to the internet...
As a nerd who knows a thing or two about the world -- everything that shouldn't be connected to the internet IS.
But muh Internet of Things!!!!
I still prefer World Wide Robot.
Surely there’s a legal argument for allowing something to be so easily com promised like that, whether intentionally or otherwise.....? It’s negligence that should be liable to litigation at the very least.
Lol this 100%
It department/sec guy " We need X amount to update this and get rid of that and our systems are vulnerable here"
Response from management " Nah. That costs money. Fuck that"
This is repeated daily in the IT world.
IT Department? Hell it's probably the bored day shift worker who knows how to add accounts to AD who conveniently elevated himself to domain admin when he had the chance. Then he downloads movies and watches porn on his DA account and needed TeamViewer because his desk machine is only home edition.
You're right about the budgeting though. I bet the city finds some money quickly this time, but 50/50 if something is actually done.
Nobody will care until a bunch of people die. Then they'll use it as an excuse for gun control.
And they will claim he was a Trump supporter and was in DC on 6 Jan. Obviously another example of why we must crush this right wing extremists.
Bingo
It was a Russian hacker name Fourchan.
Florida has the craziest news
So they'd be smart. Y u want dum water?
T-Dazzle. H2Flow.
I just bought a bottle of smart water at work today!
Um, did you actually drink it? Your body is probably connected to the internet now.
You would be surprised how many control valves, metering devices, etc are wireless and connected to an online system.
Yeah I used to coat eye glass lenses. The machines were hooked up online just because the manager was a lazy POS who'd rather instruct his techs over the phone while remoting in himself.
America - so great, our greatness trips us up into ultimate harm's way!
The primary reason is that running the water treatment plant and running the power grid are supposedly cheaper and react quicker when the technicians don't have to be on-site.
I'm in cybersecurity, and having remote access is definitely cheaper and helpful. It's also a crazy vulnerability, and some environments just should never have remote access. Many (most would be more honest) environments that have remote access without anywhere near the mitigations they should.
Breaches into SCADA is so common I'm actually surprised this made news, probably because of what was being added to the supply that could cause the serious problems.
I mean, does anyone really hear about ransomware locking up hospital records these days or even towns? By that I mean before the chicom special.
Came here to post something similar.
CD Projekt Red just got got with random ware, but that only really made gaming news.
All good points. You can have remote access without directly connecting those system to the internet though. Just properly follow the Purdue Model.
I'll have to look into that.
same question with voting machines.
Why the fuck are we paying taxes?
I'm not, and neither is any other patriot.
You might wanna go ahead and not announce that. Also, I pay my taxes. I'm not happy about it, and pay someone to ensure its the least amount possible.
I had no income after writing off the value of all those guns I lost in the boating accident.
Happy for you, but it doesn't work that way for most of us. Some of us work in the corporate world.
In reality what happened was some moron left a remote session running so a script kiddie just logged into it and started to add some drain cleaner to the water. In reality the NaOH is so diluted across the massive volume of water it would never have caused significant damage to anyone with functioning kidneys.
Right...and smoking cigarettes is actually healthy for us and lead and asbestos are harmless...
What is NaOH? It's a basic salt that ups the Ph. The reason it is poisonous is because when it touches your mucus membrane it burns straight through and causes your cells to dissolve.
You can stick your hand in it no problem. It's just a salt. Get it wet and your hand will burn.
So let me ask you. You are a water treatment plant for a town of about 15'000. Daily you need at least 30'000 gallons of water treated. More often it's several times more because you need to be able to store water. So let's say you got 300000 gallons. You use NaOH to balance the water's Ph ALL THE TIME if it's a little bit acidic, so how much NaOH do you have in storage?
A few pounds? Half a truck? Enough to achieve a ph of >10 in hundreds of thousands of gallons of water? Don't think so.
Don't eat NaOH, you'll die. If you throw a whole bag of the stuff in the lake I'd not be too worried.
This. It's not really "poison" per se. It's caustic at sufficient concentration, but 100% harmless below that concentration.
Kind of like how boiling water will burn you, but water that is a few degrees above room temp is no more harmful than room temp water.
0.0000001335 oz/gal (ounce / US gallon) or 10mg/m3 of NaOH is IDLH (immediately dangerous to life or health) per OSHA.
0.0000000267 oz/gal (ounce / US gallon) will cause burns on skin in a few hours. Not sure what the dilution over the amount he dumped in was but it don't take a lot to fuck you up.
IDLH is actually 250mg/m3
The actually lethal dose is 3500mg/m3 if orally administered, see research in rabbits
Of the MILLIONS UPON MILLIONS gallons you'd need to poison with NaOH it would be about a dump trucks worth of NaOH to achieve anywhere near 250 mg/m3. Why do you think a small town water treatment plant has that much NaOH?
What do you think the nature of the deadly dose is? It's not the Na, nor the O, nor the H. Those are all harmless to humans. It's a the extreme base Ph that NaOH easily creates.
They used to drink SULFUR water in that town dude! They can handle a bag of base in their water.
Source. Unethical German science from 1937.
Incorrect. According to Niosh it's 10 mg/m3 is IDLH. Original was updated in 1974, but is still an estimated amount.
https://www.cdc.gov/niosh/idlh/1310732.html
Also converted from 10 mg/m3 per the converter is:
10 mg/m3 milligrams/cubic meter =
0.000001335264712323093089065850027415584614000451550805407066260836794939914884* oz/gal.us avoirdupois ounces/gallon (US)
No need to convert it, more numbers behind the zero don't make it a bigger amount than 10mg/m3
What do you think the water treatment plant does when the Ph is too high? They dump an acid in.
So they test the water, go "OMG! Look at that Ph!" and they dumb a bunch of acid in lower Ph and neutralize the NaOH.
You seem to think NaOH is a TOXIC substance. It's not. It's a corrosive substance which results in death through base lysis of cellmembranes.
No, I don't believe it's toxic though you seem to believe you know what others think, but regardless of corrosiveness VS toxicity it can still potentially burn or kill you. Too basic can fuck you up. Same with too acidic, and No shit on the conversions, it's just shows oz/gal that people can relate to easier than 10 mg/m3.
How about we just agree that nobody, with any skill level, should fuck with chemicals in the water supply AT ALL?
Diversity and inclusion is how we measure things now. As long as those metrics of the day are met, system performance is irrelevant
been living with poisonous water for years... not a big deal :)
User name checks out...
Call me old fashioned, but I prefer my water to be accessible via a mechanical valve. I don't even care if I have to pump it myself.
Remote access into industrial assets has been a big thing for a while. I remember reading an article a number of years ago discussing the implications of assets like control valves, metering devices, control panels, etc being vulnerable to hacking due to being electronic and connected to online systems. People don't realize how scary that shit is. industrial facilities work with some crazy shit that can kill a lot of people real fast. Granted they weren't controls connected to an online system but the Bophal India methyl isocyanate release killed thousands and affected hundreds of thousands. There are lots of sites that have tens of thousands of tons of very dangerous chemicals like liquid hydrogen, O2, hydrogen sulfide gas, etc. It's a terrifying scenario. Not to mention the sites that produce food and beverages we all eat, how many pounds of fentanyl can you fit in a standard sized backpack, how many could it kill dumped in a cereal mixer or a city water supply? I have worked in the industrial field for over a decade and I can tell you the guards, as a rule not an exception, are elderly women or super fat dudes, that don't give a fuck about their jobs because they make $9 an hr, and would rather not have to deal with inconveniencing themselves to get up and look away from their phones. I have carried my work gear into plants in a military style molle bag for years, and never once had it searched, I have driven my car into TWIC facilities, specifically an oil refinery, with no one searching my car or bags. I try hard not to think of the risks when I go on site anywhere, but it's hard not to, especially as I work through training to become a saftey professional.
Now apply your thinking to outdated computer systems and several of the nuclear power plants still in use in the United States. Then consider that Biden is giving access to the power grid to China again; one of the largest producers of power in the Midwest sits in Kansas. Nuclear power is still in use, and I’d bet my left nut (doesn’t work anymore anyway) that it’s connected digitally. What is unknown is whether or not this plant is still using Windows 7. It took the military a few years to get away from it, and Stuxnet was the reason they did. Just spitballing some scary stories is all, have a nice day. Oooo... coffee.
It doesn't happen because people aren't interested in it happening. Just like police don't stop crime from happening.
Crazy!
It was only a matter of time
What you do is get a mile long USB extension and flush it down the toilet. That's how you get a direct connection.
But then they have access to your toilet. CHeckmate
There's an episode of some jail show where the inmates on different floors talk through the toilet.
Found it!
Illegitimate Team Biden screams WEAKNESS to the world. I’m sure this won’t be the only attack of this nature in the near and distant future. Another SolarWins software “update”, anyone?
RO FILTER YOUR FUCKING WATER PEOPLE
I'm not concerned if they poison the water. I never touch the stuff. Fish shit in it.
Even if they did up the level to 11,000 PPM, that's still only 1 part per thousand of lye in the water. It wouldn't have hurt anyone.
They will kill millions if it means to implement socialism.
I've been the proud Luddite all along saying we should watch what we tie into digitally aka our homes, infrastructure, our MILITARY, etc. Things like this vilify me!
Hacker is code for not a trump supporter. Must be a biden voter then
No guys... they were fortifying it.
This has never been more relevant.
https://youtu.be/6u8f6pE69k0
What would lye do?
Better not take off your mask and drink that.
Sound like straight bullshit FAKE NEWS. The Guardian? :/ Really? Fuck You!
Not fake. This is my water supply. It's all over the news here. This is the danger of allowing critical infrastructure access to the internet.
Ok I want to believe you because you seem genuine. I am just going to point out one thing: saying “it’s all over the news,” does sound naive. Local news is often owned by the same giants that own national news.
Fuck you. Confirmed by locals
This was both scary and harmless. Sounds like a warning shot, or even a concerned digital citizen trying to get local utilities to fortify their assets.
Obama destroyed the DOJ and Americans no longer have any criminal investigators other than those looking for patriots.
This is a 5 minute drive from my house. Not sure if that water comes to me or from another source. Scary shit.
The minute Big T leaves office all these shootings and false flags start popping up again.
Utility that allows full remote control of their system surprised when a bad actor gains full control of their system remotely.
It seems they haven't even enabled upper and lower limits.
The hacker was hired by the government probably to get some group of people in FL
This hacker just demonstrated how easy it is to manipulate utilities as a weapon against people.
Now, what if this hacker had shut the officials out of the system by inserting an encrypted password into the override?
Florida Man strikes again