Chippers διείσδυσε επιτυχώς στο σύστημα υπολογιστών που ελέγχει την εγκατάσταση επεξεργασίας νερού στην πολιτεία της Φλόριντα των ΗΠΑ και άλλαξε από απόσταση μια ρύθμιση που τροποποιούσε δραστικά τα επίπεδα υδροξειδίου του νατρίου (NaOH) στο νερό.
During press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an employee at the water treatment plant in Oldsmar, Fla., noticed his mouse cursor moving strangely on his screen computer of.
At first, he wasn't worried. The city's water treatment plant of 15.000 people used it software απομακρυσμένης πρόσβασης TeamViewer για να επιτρέψει στο προσωπικό να μοιράζεται οθόνες για έλεγχο και για να αντιμετωπίζει themecomputers. And his supervisor is often connected to the computer to monitor the facility's systems.
However, a few hours later, the shift operator noticed that his mouse was moving again. But this time there was no illusion of benign surveillance by a supervisor or an IT person. The cursor started clicking on the water treatment plant controls.
Within seconds, the intruder was trying to change the sodium hydroxide (also known as caustic soda) levels in the water supply, moving the setting from 100 parts per million to 11.100 parts per million. At low concentrations, the corrosive chemical regulates the pH level of drinking water. At high levels, it seriously damages any human tissue wherever it touches it.
Immediately the employee managed to take control of the mouse and restore concentration levels before the damage spread. According to the sheriff, the instant regulation did not have a significant effect on the water, and the population was never in danger.
The water treatment facility was apparently compromised for approximately 3 to 5 minutes by unknown suspects on February 5th, with remote access occurring twice, at 8:00 AM. and 1:30 p.m. It is not known if the breach took place from within the US or outside the country. Cops said it was underway research for the incident.
Although timely intervention prevented more serious consequences, the sabotage attempt underscores the exposure of critical infrastructure and industrial surveillance systems to cyber-attacks.
The fact that the attacker used TeamViewer to take over the system underscores the need for secure access with multi-factor authentication.
Remote access requirements must be minimized. And if they are really needed then they should be done with predefined and strict data, such as from specific IP addresses, with secure access systems (and not through TeamViewer) and with authentication multiple factorsn.
