Outdated Windows software blamed for Florida water hack | Daily Mail Online
Hacker who tried to poison a Florida city's water supply was able to access the plant's computer because of an outdated version of Windows and poor password security, the FBI says
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar on February 4
The FBI said the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year
The plant also had cybersecurity weaknesses, including poor password security
The hacker used a remote access program shared by plant workers to briefly increase the amount of sodium hydroxide
The chemical, which is often found in grain cleaning products, is used to lower acidity, but in high concentrations it is highly caustic and can burn
A plant worker spotted the unusual activity and stopped it, authorities say
By EMILY CRANE FOR DAILYMAIL.COM and ASSOCIATED PRESS
PUBLISHED: 16:40, 11 February 2021 | UPDATED: 16:41, 11 February 2021
e-mail
25
shares
18
View comments
A hacker who tried to poison the water supply of a small Florida city managed to get into the plant's computer system because the facility was using an outdated version of windows and had a weak cybersecurity network, the FBI says.
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar on February 4 using a remote access program shared by plant workers.
In the wake of the attack, the FBI's Cyber Division sent out a memo to law enforcement and businesses this week warning them of potential computer vulnerabilities.
Read More
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year.
'The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,' the FBI memo, obtained by ABC News, said.
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar (above) on February 4 using a remote access program shared by plant workers +4
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar (above) on February 4 using a remote access program shared by plant workers
'The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.'
The FBI advised that computer systems should be upgraded or risk presenting vulnerabilities that hackers could exploit.
The hack of the Oldsmar plant, located about 15 miles from Tampa, occurred just two days before the Super Bowl was hosted in the city.
It has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders given treatment plants are typically cash-strapped and lack the cybersecurity depth of the power grid and nuclear plants.
In the Oldsmar attack, the hacker used a remote access program shared by plant workers to briefly increase the amount of sodium hydroxide by a factor of one hundred.
The chemical, which is often found in grain cleaning products, is used to lower acidity, but in high concentrations it is highly caustic and can burn.
A plant worker had first noticed the unusual activity at around 8am on Friday when someone briefly accessed the system - named TeamViewer - but thought little of it because co-workers regularly accessed the system remotely, according to Pinellas County Sheriff Bob Gualtieri.
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year +4
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year
The hack of the Oldsmar plant, located about 15 miles from Tampa, has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders +4
The hack of the Oldsmar plant, located about 15 miles from Tampa, has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders
But at about 1.30pm, someone accessed it again, took control of the mouse, directed it to the software that controls water treatment and increased the amount of sodium hydroxide.
The sheriff said the intruder was active for three to five minutes. When they exited, the plant operator immediately restored the proper chemical mix.
'The guy was sitting there monitoring the computer as he's supposed to and all of a sudden he sees a window pop up that the computer has been accessed,' Gualtieri said.
'The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.'
Other safeguards in place - including manual monitoring - likely would have caught the change in the 24 to 36 hours it took before it reached the water supply, the sheriff said.
Oldsmar officials have since disabled the remote-access system and say other safeguards were in place to prevent the increased chemical from getting into the water.
Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels'.
Pinellas County Sheriff Bob Gualtieri (right) and Mayor Eric Seidel (left) announced news of the hack on Monday. Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels' +4
Pinellas County Sheriff Bob Gualtieri (right) and Mayor Eric Seidel (left) announced news of the hack on Monday. Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels'
He said that water goes to holding tanks before reaching customers and 'it would have been caught by a secondary chemical check'.
He did not know if the hacker was domestic or foreign - and said no one related to a plant employee was suspected. He said the FBI and Secret Service were assisting in the investigation.
How the hacker got in remains unclear, he said, though it was possible the hacker was able to create administrator credentials.
Experts say municipal water and other systems have the potential to be easy targets for hackers because local governments' computer infrastructure tends to be underfunded.
Jake Williams, CEO of the cybersecurity firm Rendition Infosec, said engineers have been creating safeguards 'since before remote control via cyber was a thing,' making it highly unlikely the breach could have led to 'a cascade of failures' tainting Oldsmar's water.
There's been an uptick in hacking attempts of water treatment plants in the past year, the cybersecurity firm FireEye said, but most were by novices, many stumbling on systems while using a kind of search engine for industrial control systems called Shodan.
The serious threat is from nation-state hackers like the Russian agents blamed for the months-long SolarWinds campaign that has plagued US agencies and the private sector for at least eight months and was discovered in December.
While US officials have called SolarWinds a grave threat, they also call it cyberespionage, rather than an attempt to do damage.
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar on February 4
The FBI said the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year
The plant also had cybersecurity weaknesses, including poor password security
The hacker used a remote access program shared by plant workers to briefly increase the amount of sodium hydroxide
The chemical, which is often found in grain cleaning products, is used to lower acidity, but in high concentrations it is highly caustic and can burn
A plant worker spotted the unusual activity and stopped it, authorities say
By EMILY CRANE FOR DAILYMAIL.COM and ASSOCIATED PRESS
PUBLISHED: 16:40, 11 February 2021 | UPDATED: 16:41, 11 February 2021
25
shares
18
View comments
A hacker who tried to poison the water supply of a small Florida city managed to get into the plant's computer system because the facility was using an outdated version of windows and had a weak cybersecurity network, the FBI says.
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar on February 4 using a remote access program shared by plant workers.
In the wake of the attack, the FBI's Cyber Division sent out a memo to law enforcement and businesses this week warning them of potential computer vulnerabilities.
Read More
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year.
'The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,' the FBI memo, obtained by ABC News, said.
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar (above) on February 4 using a remote access program shared by plant workers +4
Authorities are still searching for the suspect who breached the system at the Bruce T. Haddock Water Treatment Plant in Oldsmar (above) on February 4 using a remote access program shared by plant workers
'The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.'
The FBI advised that computer systems should be upgraded or risk presenting vulnerabilities that hackers could exploit.
The hack of the Oldsmar plant, located about 15 miles from Tampa, occurred just two days before the Super Bowl was hosted in the city.
It has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders given treatment plants are typically cash-strapped and lack the cybersecurity depth of the power grid and nuclear plants.
In the Oldsmar attack, the hacker used a remote access program shared by plant workers to briefly increase the amount of sodium hydroxide by a factor of one hundred.
The chemical, which is often found in grain cleaning products, is used to lower acidity, but in high concentrations it is highly caustic and can burn.
A plant worker had first noticed the unusual activity at around 8am on Friday when someone briefly accessed the system - named TeamViewer - but thought little of it because co-workers regularly accessed the system remotely, according to Pinellas County Sheriff Bob Gualtieri.
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year +4
Federal investigators noted that the Oldsmar plant was still using Windows 7 - a computer system that Microsoft has not updated in a year
The hack of the Oldsmar plant, located about 15 miles from Tampa, has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders +4
The hack of the Oldsmar plant, located about 15 miles from Tampa, has raised alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders
But at about 1.30pm, someone accessed it again, took control of the mouse, directed it to the software that controls water treatment and increased the amount of sodium hydroxide.
The sheriff said the intruder was active for three to five minutes. When they exited, the plant operator immediately restored the proper chemical mix.
'The guy was sitting there monitoring the computer as he's supposed to and all of a sudden he sees a window pop up that the computer has been accessed,' Gualtieri said.
'The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.'
Other safeguards in place - including manual monitoring - likely would have caught the change in the 24 to 36 hours it took before it reached the water supply, the sheriff said.
Oldsmar officials have since disabled the remote-access system and say other safeguards were in place to prevent the increased chemical from getting into the water.
Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels'.
Pinellas County Sheriff Bob Gualtieri (right) and Mayor Eric Seidel (left) announced news of the hack on Monday. Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels' +4
Pinellas County Sheriff Bob Gualtieri (right) and Mayor Eric Seidel (left) announced news of the hack on Monday. Gualtieri insists the public was never in danger but admitted the intruder took 'the sodium hydroxide up to dangerous levels'
He said that water goes to holding tanks before reaching customers and 'it would have been caught by a secondary chemical check'.
He did not know if the hacker was domestic or foreign - and said no one related to a plant employee was suspected. He said the FBI and Secret Service were assisting in the investigation.
How the hacker got in remains unclear, he said, though it was possible the hacker was able to create administrator credentials.
Experts say municipal water and other systems have the potential to be easy targets for hackers because local governments' computer infrastructure tends to be underfunded.
Jake Williams, CEO of the cybersecurity firm Rendition Infosec, said engineers have been creating safeguards 'since before remote control via cyber was a thing,' making it highly unlikely the breach could have led to 'a cascade of failures' tainting Oldsmar's water.
There's been an uptick in hacking attempts of water treatment plants in the past year, the cybersecurity firm FireEye said, but most were by novices, many stumbling on systems while using a kind of search engine for industrial control systems called Shodan.
The serious threat is from nation-state hackers like the Russian agents blamed for the months-long SolarWinds campaign that has plagued US agencies and the private sector for at least eight months and was discovered in December.
While US officials have called SolarWinds a grave threat, they also call it cyberespionage, rather than an attempt to do damage.
