Oldsmar is a small town in Florida that became the center of the cyber world this week when a hacker broke into its drinking water supply and tried to poison it.
It’s the nightmare scenario that the security community has warned for years, one that could kill thousands by targeting the critical infrastructure that we all rely on. The hacker gained access to a computer at the water facility used for running remote control software TeamViewer, according to Reuters, and jacked up the levels of sodium hydroxide, aka lye, which would have made the water highly toxic to drink.
It’s not known what security was in place to prevent unauthorized users from gaining access to the critical system. Sheriff Bob Gualtieri said in a press conference that there were fail-safes and alarms in place to prevent tainted water from reaching residents, and as a result there was little risk to the population of some 15,000 residents.
But suffice to say, running remote control software in a facility that controls the local water supply is a disaster waiting to happen. These networks are supposed to be isolated from the internet to prevent this exact scenario. But you can look for clues in this Reuters report: The water facility is a public utility owned by the town and has its own internal IT staff.
Gualtieri, in his remarks, said: “The important thing is to put everyone on notice.” He’s not kidding; it’s a similar picture to a lot of small-town America, where much of these facilities are under-resourced and underfunded. Robert Lee, founder and chief executive at industrial security startup Dragos, set the context:
The FBI confirmed it has been called in to investigate. But what’s unlikely to change any time soon is that small towns are underfunded and don’t get the resources that other critical infrastructure gets. In the end, a TeamViewer subscription will be cheaper than a person’s salary, and there is no greater incentive to cut costs than during a pandemic.
On with the rest of Decrypted.
THE BIG PICTURE
Hackers post stolen health data after hospital ransomware attacks
As COVID-19 vaccines begin to roll out, ransomware actors are hitting back. NBC News this week revealed two hospitals that were hit by data-stealing ransomware. After the hospitals refused to pay the ransom, the hackers started to publish highly sensitive health and medical data stolen from the hospital networks.