U.S. markets open in 15 minutes
  • S&P Futures

    4,132.75
    +5.00 (+0.12%)
     
  • Dow Futures

    33,680.00
    -29.00 (-0.09%)
     
  • Nasdaq Futures

    13,776.25
    +26.00 (+0.19%)
     
  • Russell 2000 Futures

    2,239.10
    +10.80 (+0.48%)
     
  • Crude Oil

    61.41
    -0.02 (-0.03%)
     
  • Gold

    1,794.90
    +12.90 (+0.72%)
     
  • Silver

    26.45
    +0.27 (+1.05%)
     
  • EUR/USD

    1.2069
    +0.0051 (+0.42%)
     
  • 10-Yr Bond

    1.5330
    -0.0210 (-1.35%)
     
  • Vix

    18.75
    +1.25 (+7.14%)
     
  • GBP/USD

    1.3875
    +0.0032 (+0.23%)
     
  • USD/JPY

    107.6290
    -0.3310 (-0.31%)
     
  • BTC-USD

    49,405.74
    -5,414.59 (-9.88%)
     
  • CMC Crypto 200

    1,128.60
    -114.46 (-9.21%)
     
  • FTSE 100

    6,893.86
    -44.38 (-0.64%)
     
  • Nikkei 225

    29,020.63
    -167.54 (-0.57%)
     

Hacked Florida water plant used shared passwords and Windows 7 PCs

Steve Dent
·Associate Editor
·2 min read

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

“The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,” according to investigators. "The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system."

The unknown attacker logged into TeamViewer, accessed sensitive systems and attempted to boost lye levels by 100 times. A supervisor monitoring one of the systems saw a mouse pointer move across the screen and “immediately noticed the change in dosing amounts,” according to the advisory. They were able to reverse it immediately and the water treatment process was unaffected. If it hadn’t been observed, the alteration would have taken 24-36 hours to affect the water supply and the changes would have been detected and stopped by plant safeguards.

Windows 7 has not been patched with security updates in over a year. On top of everything else, the computers were “connected directly to the Internet without any type of firewall protection installed,” the advisory said.

The Oldsmar hack was an accident waiting to happen, according to experts. “We have known for a long time that municipal water utilities are extremely underfunded and under-resourced, and that makes them a soft target for cyberattacks,” Dragos Security’s Lesley Carhart told the AP. “In a lot of cases, all of them have a very small IT staff. Some of them have no dedicated security staff at all.”