ZDNet - Hacker modified drinking water chemical levels in a US city
ZDNet reports: "An unidentified hacker has accessed the computer systems for the water treatment facility in the city of Oldsmar, Florida, and has modified chemical levels to dangerous parameters. [...] Oldsmar city staff said that no tainted water was delivered to local residents as the attack was caught in time before any lye levels could be deployed. According to Sheriff Gualtieri, the hacker disconnected as soon as they modified the lye levels, and a human operator set the chemical level back to normal right away. Officials didn't attribute the attack to any specific hacker group or entity."
See also:
NYT - ‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town
This report has a good summary of the international context with a focus on Iran.
Comment: Here we have a report of a confirmed cyberattack by an unknown actor. This attack is noteworthy for being an example of an attack that not only penetrated a protected system and accessed information, but also changed system controls that altered hardware settings and could have impacted the health and welfare of the citizens in the city. The attack was detected, not by an automated system, but by a human operator. The attacker's changes were corrected and no one was hurt in the incident.While media reports are emphasizing that this could have been a local hacker, it should also be noted that this could well have been a foreign hacker or a state-sponsored attack. A municipal utility is low-hanging fruit and represents an attractive target for a range of bad actors to test vulnerabilities and demonstrate proof-of-concept attacks.
No comments:
Post a Comment