Header Ads

Hacker tried to POISON California water supply by stealing employee's login at Bay Area facility and deleting treatment programs

 A hacker attempted to poison the water supply in California by stealing an employee's login information at a facility in the Bay Area and attempting to delete treatment programs, a new report has revealed.  

The suspect - who has not been identified or apprehended - launched his attack on the unspecified facility on January 15, but it was quickly detected the next day.

A subsequent report from the Northern California Regional Intelligence Center later exposed just how easily the hacker was able to break into the system.  


The report said the perpetrator somehow obtained a former employee's TeamViewer login credentials, which allows users to remotely access their computers, NBC reports. 

They then deleted computer programs designed to treat the area's drinking water.

The hacker's attack was only thwarted after the facility changed all of its passwords before reinstalling and updating the programs, however the breach is still under investigation by the FBI.

'No (system) failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures,' the report stated.

It marked one of many recent cyberattacks on US water infrastructure that have officials troubled nationwide.

Pictured: Sunol Valley Water Treatment Plant in Sunol, Ca. which supplies water to thousands of Bay Area customers. The exact facility that was breached was not identified by officials

Pictured: Sunol Valley Water Treatment Plant in Sunol, Ca. which supplies water to thousands of Bay Area customers. The exact facility that was breached was not identified by officials

The cyberattacker had somehow obtained a former employee's TeamViewer login credentials, which allows users to remotely access their computers

The cyberattacker had somehow obtained a former employee's TeamViewer login credentials, which allows users to remotely access their computers

Pictured: San Ramon Regional Wastewater Treatment Facility in Pleasanton, Cali., another Bay Area water treatment plant.

Pictured: San Ramon Regional Wastewater Treatment Facility in Pleasanton, Cali., another Bay Area water treatment plant.  

Just weeks after the Bay Area water facility cyberattack, hackers breached Oldsmar, Florida's water supply and programmed its systems to raise the levels of lye in the water from 100 to 11,100 parts per million. 

Anything over 10,000 can lead to 'difficulty swallowing, nausea/vomiting, abdominal pain, and potentially even damage to the gastrointestinal tract, Dr. Kelly Johnson-Arbor, a medical toxicology physician at the National Capital Poison Center, told NBC back in February.

In May, a state water warning system in Pennsylvania notified personnel of two attempted recent hacks, while the Camrosa Water District in Southern California had ransomware installed in their system last summer, according to a data breach report.

Although a nationwide cybersecurity audit would likely protect water treatment plants from further breaches, the federal government says it has no plans to do so, NBC reports. 

Like the Bay Area cyberattack, the Florida hackers got into the facility's computers through TeamViewer. Once a hacker has access to an account, they can change the chemical content that is used to treat an area's drinking water.

While an employee was able to immediately reverse the Florida hackers changes and protect the drinking water for the 15,000-plus Oldsmar residents, the threat of further breaches to the country's water infrastructure remains ever-present, according to authorities.

'Water facilities are particularly problematic,' said Suzanne Spaulding, former chief cybersecurity official at the Department of Homeland Security for the Obama administration. 

'When I first came into DHS and started getting the sector-specific briefings, my team said, 'Here's what you've got to know about water facilities: When you've seen one water facility, you've seen one water facility.' 


NBC reports that the country's water infrastructure is particularly vulnerable to these kind of cyberattacks, as there is no federal or centralized governing body to oversee each of the US's roughly 54,000 water plant's security systems. 

To make matters worse, most water facilities in the US are nonprofit entities unlike the country's electrical grid, meaning there are less employees on hand to catch these kinds of breaches in more rural areas.

'It's really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities,' said National Rural Water Association analyst Mike Keegan.

'You don't really have a good assessment of what's going on,' he added.

While a motive has not been revealed for the Bay Area or Florida water system cyberattacks, some officials are pointing the finger at Chinese and Russian government-sponsored hackers, who regularly target US industrial and infrastructure systems, according to NBC.

'They're even more fragmented at lower levels than anything we're used to talking about, like the electric grid,' he said. 'If you could imagine a community center run by two old guys who are plumbers, that's your average water plant.'

The Bay Area hacker has yet to be identified, nor have authorities identified a possible motive for the Jan. cyberattack

The Bay Area hacker has yet to be identified, nor have authorities identified a possible motive for the Jan. cyberattack

Pictured: Water dam and filtration system for the management of the South San Francisco Bay Area wetlands, part of a Sunnyvale water pollution control plant

Pictured: Water dam and filtration system for the management of the South San Francisco Bay Area wetlands, part of a Sunnyvale water pollution control plant

FBI director says cyber threats increasing 'almost exponentially'
Loaded: 0%
Progress: 0%
0:00
Previous
Play
Skip
Mute
Current Time0:00
/
Duration Time2:41
Fullscreen
Need Text

An internal survey conducted by the Cybersecurity and Infrastructure Security Agency earlier this year revealed as many as 1 in 10 water and wastewater plants had cybersecurity vulnerabilities, according to NBC. 

Over 80 percent of such vulnerabilities were found before 2017, suggesting that water plant employees are not regularly updating their computer systems, the news outlet adds.

However, remote computer access does not appear to be going anywhere, despite ongoing security breaches and problems. 

'Remote access makes it so you don't have to man a facility 24 hours a day,' said Daryn Martin, a technical assistant at the Kansas Rural Water Association. 

'We have a lot of remote water districts that cover hundreds of miles. To pay a guy to drive 30 miles to turn a pump on and then he might have to turn it off in 3 hours when the tank gets full? He can do all that remotely. That saves money.'

No comments