OLDSMAR, FL- During a news conference on Monday, February 8th, Pinellas County Sheriff Bob Gualtieri announced that a hacker gained unauthorized entry to the system that controls the water treatment place of a Florida city of 15,000 and tried to taint the water supply with a caustic chemical.
According to cybersecurity experts, this type of hacking exposes a type of danger that has grown as systems become both more computerized and accessible via the internet.
Reportedly, the hacker who breached the system at the city of Oldsmar’s water treatment plant used a remote access program shared by plant workers and briefly increased the amount of sodium hydroxide by a factor of one hundred (from 100 parts per million to 11,100 parts per million).
Sodium hydroxide, also called lye, is used to treat water acidity. However, the compound is also found in cleaning supplies such as soaps and drain cleaners and in larger quantities, it can cause irritation, burns, or other complications.
Gualtieri said that a supervisor at the water plant saw the chemical being tampered with, as he saw a mouse controlled by the intruder move across the computer screen changing settings and was able to intervene and immediately reverse it.
Florida water plant was hacked via TeamViewer, but the facility hadn't used TeamViewer in six months.
"the TeamViewer program remained in place but unused, providing the door through which the intruder entered and gained full access to the system."https://t.co/KdaBqC8dIz
— Robert McMillan (@bobmcmillan) February 9, 2021
The plant worker first noticed the unusual activity around 8 a.m. on Friday, February 5th when someone briefly accessed the system, but thought little of it because co-workers regularly access the system remotely.
However, later that day around 1:30 p.m., someone accessed it again, took control of the mouse and directed it to the software that controls water treatment, proceeding to increase the amount of sodium hydroxide.
Gualtieri reiterated that the public was never in danger, but that the intruder did take the “sodium hydroxide up to dangerous levels.” He said the intruder was active for three to five minutes and when the exited, the plant operated immediately restored the proper chemical mix.
Since the incident, Oldsmar officials have disabled the remote-access system and said other safeguards were already in place to prevent the increased chemical from getting into the water.
Some of these safeguards like manual monitoring, would have caught the change in the 24 to 36 hours it took before it would have reached the water supply.
FBI Cyber Unit Trying To Determine Who Hacked Florida Water Plant https://t.co/5mB2KEaGGC
— The Florida Voice (@TheFlaVoice) February 9, 2021
According to experts, municipal water and other systems have the potential to be easy targets for hackers because local governments’ computer infrastructure tends to be underfunded.
Robert M. Lee, CEO of Dragos Security and a specialist in industrial control system vulnerabilities, said remote access to industrial control systems such as those running treatment plants has become increasingly common. He said:
“As industries become more digitally connected we will continue to see more states and criminals target these sites for the impact they have on society.”
Florida water treatment plant hacked. Could’ve gotten ugly. https://t.co/iNopv9BeSY
— South Coast Politics (@PoliticsCoast) February 9, 2021
What concerns experts most is the potential for state-backed hackers intent on doing serious harm targeting water supplies, power grids, and other vital sources. Tarah Wheeler, a Harvard Cybersecurity Fellow, said communities should take every precaution possible when using remote access technology on something a critical as a water supply. She said:
“The systems administrators in charge of major civilian infrastructure like a water treatment facility should be securing that plant like they’re securing the water in their own kitchens.”
“Sometimes when people set up local networks, they don’t understand the danger of an improperly configured and secured series of internet-connected devices.”
Investigators said it was not immediately clear where the attack came from, whether the hacker was domestic or foreign. The FBI along with the Secret Service and the Pinellas County Sheriff’s Office are currently investigating the case.
Do you want to join our private family of first responders and supporters? Get unprecedented access to some of the most powerful stories that the media refuses to show you. Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories. Click to check it out.
Flashback to January – Terror threat: Hacking groups looking to take down power grid in America
December 12th, 2020
Editor note: This article was originally published on January 12, 2020 on Law Enforcement Today. In light of the massive and unprecedented cyber attack targeting U.S. government and private networks, we thought it was worth revisiting. Especially given this:
“One estimate is that within a year or so, two-thirds of the United States population would die.
The other estimate is that within a year or so, 90% of the U.S. population would die. We’re talking about total devastation. We’re not talking about just a regular catastrophe.”
Here is the original article.
WASHINGTON, D.C.- A new report shows that at least three hacking groups have the ability to interfere with or take down power grids across America. And the results would be catastrophic.
Cyber security company Dragos said the number of cyber-criminal operations targeting electricity and other utilities is rapidly rising, and the timing seems to coincide with the political and military tensions in the Gulf.
“The threat landscape focusing on electric utilities in North America is expansive and increasing, led by numerous intrusions into ICS networks for reconnaissance and research purposes and ICS activity groups demonstrating new interest in the electric sector,” the report warned.
The comments were made in the North American Electric Cyber Threat Perspective report.
They said there are currently seven groups being tracked by security researchers.
All of them are targeting electrical facilities in North America, and the report said three of these have proven they can “infiltrate or disrupt” electrical power networks.
The company Dragos doesn’t identify which countries or cyber-criminal groups could be behind these attacks.
But they have detailed three different operations that show evidence of disruption capabilities: Xenotime, Dymalloy and Electrum.
According to the report, Xenotime is the hacking group behind the Triton cyberattack that disrupted oil and gas facilities in Saudi Arabia in 2017.
It’s an attack that targeted Triconex safety controllers. In the report, researchers said that “represented an escalation of ICS attacks due to its potential catastrophic capabilities and consequences”.
The threat hasn’t gone away, they say – it’s gotten worse. The group has apparently expanded activity to include electric facilities in North America, alongside utilities across Europe, Australia and the Middle East.
Time and time again, they’ve shown they can “access, operate, and conduct attacks in an industrial environment and Dragos believes the group capable of attacks against US-based systems”.
The second group is called Dymalloy, and is described as a “highly aggressive and capable activity group”. They’ve got the proven ability to “achieve long-term and persistent access to IT and operational environments for both intelligence-gathering and possible disruption”.
The group has demonstrated successes in hacking campaigns across Turkey, Europe and North America, and is believed to have links to the Dragonfly hacking group.
The third big threat is a group called Electrum, which is also described as “capable of developing malware that can modify electric equipment processes” and ICS protocols.
In the past, their attacks mostly focused on Ukraine – and caused huge power outages during the winter.
They’re recognized as being well-resourced.
Dragos included in their report an urgent warning that the group is capable of physically disruptive events.
“North American electric utilities should consider Electrum to be a serious threat,” they warn.
When President Trump signed an executive order to protect America’s electric grid and other infrastructure against an electromagnetic pulse (EMP), it received very little media coverage.
But with the growing threat from Iran, it’s a conversation we need to be having. Because if the grid were to be taken out by either an EMP or through wide-spread cyberattacks, the results would be catastrophic.
In 2015, Sen. Ron Johnson (R- Wisconsin) said that there’s “100% certainty” that a large electromagnetic pulse (EMP) or geomagnetic disturbance (GMD) event would hit at some time in the future.
He also said that when it happens, as many as 9 out of 10 people in the U.S. could die.
At the time, Johnson was chairman of the U.S. Senate Committee on Homeland Security & Governmental Affairs.
He asked a series of questions to witnesses testifying on Capitol Hill before his committee.
Among them was a question directed at R. James Woolsley, then chairman of the Foundation for Defense of Democracies and former director of the Central Intelligence Agency. He wanted to know what would happen to society if the electrical grid were to be down for an extended period of time, such as a year or two.
Here was Woolsley’s response:
“It’s briefly dealt with in the commission report of . There are essentially two estimates on how many people would die from hunger, from starvation, from lack of water, and from social disruption. One estimate is that within a year or so, two-thirds of the United States population would die.
The other estimate is that within a year or so, 90% of the U.S. population would die. We’re talking about total devastation. We’re not talking about just a regular catastrophe.”
The scary truth is that a nuclear EMP attack or cyber warfare from Russia, China, North Korea, Iran, or other adversary is an existential threat to the United States. Not only that, but it’s actually part of the military doctrines of Russia, China, North Korea, and Iran.
Here’s what it would mean.
A first-strike EMP attack would disrupt command, control, and communications for America’s military along with almost all of the supporting critical infrastructures.
And although our strategic nuclear forces are protected against being hit with the impact of an EMP, the truth is that most other military and civilian equipment remains vulnerable.
Even domestic military bases ultimately depend on the commercial electric grid for their water and power. And the fact remains that the grid is almost completely unprotected against EMP.
Countries like Iran don’t believe in “mutually assured destruction” – they believe that by taking down a nation’s ability to command and control its military and civilians would help ensure that a retaliatory strike is difficult to achieve.
If you’re not familiar with what an EMP attack is, it would involve a nuclear device being exploded high in the atmosphere, leaving no blast, radiation, thermal or local fallout on the ground.
Yet it would kill many more people than a ground-level nuclear attack. That’s because without electricity, most people would starve or die of disease.
If the attack were to happen, high intensity ultra-fast (E1) pulses would destroy the electronics, switches, and control systems on which essentially all critical infrastructures depend.
LET has a private home for those who support emergency responders and veterans called LET Unity. We reinvest the proceeds into sharing untold stories of those patriotic Americans. Click to check it out.
We’re talking about the electric grid, gas and oil pipelines, the internet and telecommunications systems and most modern cars being completely disabled, creating a blackout lasting months or years.
It’s been proven to be effective.
In 1962, we saw just that with the Starfish Prime test.
It was a high altitude nuclear explosion that took out communications and street lights in Hawaii some 900 miles away. And that was LONG before we had the type of electronic infrastructure and internet that we are blessed with today.
The truth of it is that in the age of advanced technology that we live in today, a cyberattack of any kind could be detrimental to our livelihoods.
Of course we all keep tabs on what we can mostly control at the individual level, like wifi, but what about the bigger fish? What about the community reliance on our electricity?
Our nation’s electric grid is, put simply, a sitting duck. It’s just floating along, licking its feathers or whatever ducks do. Waiting for a hunter to come shoot it and cook it for dinner.
The hunter in this scenario is, of course, terrorists.
They know how much Americans rely on technology for day-to-day living locally, as well as nationally. Being on the west coast, if my wifi went out, I might have to wait 3 or 4 full days to hear the latest on what’s happening in DC. Like a Neanderthal!
All joking aside, it really is a serious threat, especially given our Department of Energy (DOE) relying on information that sometimes dates back to the 1980’s when implementing the assessment of electric grid security.
The assessments were sufficient for that time period, but times have changed: Our population as vastly expanded. Our technological needs have grown. And so have our enemies’.
Earlier this week, the Federal Depository Library (yes, that’s actually a thing) was said to have been hacked by a pro-Iranian group, or by Iranians themselves.
The website showed the bloody head of President Trump with a fist smashing into it, representing Iran based on the sleeve insignia. One message on the site said this was only “a small part of Iran’s cyber ability.”
The FDL was the only part of the US Government Publishing Office to be affected and it has since been shut down.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security took the incident as an opportunity to remind organizations and citizens that “in these times of increased threats,” they should “increasingly monitor their sites for cyberattacks, back up data and use multi-factor authentication to protect account and login information.”
Texas Governor Greg Abbott said yesterday that his state’s Department of Information Resources (DIR) has fielded approximate 10,000 cyberattacks from Iran.
Read that again.
These attacks had started increasing in the last 48 hours before he made the announcement.
So far there hasn’t been any successful attempts as far as the department knows. Executive Director of the DIR, Amanda Crawford said:
“We have no way of knowing whether anything is government-based or not, or government-sanctioned. What we’re doing is scanning on our state networks, and we can see where attacks are coming from.”
Governor Abbott warned:
“It’s very important that everybody be particularly vigilant right now about what may happen out of Iran.”
He said that a successful hacking into the DIR could bring with it compromised data and/or the shut down of state agency websites.
Well done, Texas, for curbing these cyberattacks in your region.
However, at the national level, we are still vastly vulnerable. The Government Accountability Office (GAO) has reported that the Department of Energy doesn’t have a truly national strategy to be able to confront possible cyberattacks that could strike the electric grid, leaving it as vulnerable as that duck.
Last year, the U.S. Director of National Intelligence office released a report called the Worldwide Threat Assessment of the US Intelligence Community. According to the report, “nation-states such as Russia, criminal groups and terrorists pose the most significant and current cyberthreats to U.S. critical infrastructure. Hackers and hacktivists, as well as malicious insiders, also pose significant risks to the U.S. power grid as well.”
Remote access has made our system more vulnerable to attacks. Clearly, someone, or 10,000 someones per minute, in Iran has shown a desire to cyberattack our nation. If attacks escalate, they are likely to go after our power grid.
If hackers (Iran or otherwise) are successful with their attacks, there could be massive power outages. Just to be clear, I’m not talking about a few hours where you can’t watch TV in your house, you miss a hot shower, and you have to treat traffic lights like stop signs.
I’m talking about lengthy, painful power outages where civilization as we know it is chaotically interrupted.
What would an outage of this magnitude look like?
Stores would have to shut down because, well, they wouldn’t have any power. They couldn’t accept credit cards. They couldn’t reorder food and supplies on the phone or online.
And if there’s anything I’ve learned from working the streets of Oakland, CA, it’s that when stores are forced to board up for any period of time (due to natural disasters, riots, or power outages), they will get looted.
Police would have to deal with them, or just make sure the good citizens stay away from their pillaging because there wouldn’t be anywhere to take the criminals anyway.
People would freak out. They would be worrying about their families, their food supply, their safety. They would go to the police for answers, and when the police don’t have any, people would take to the streets.
I don’t mean to make it sound all doom-and-gloom, but people just wouldn’t know what else to do; they’d be scared. Aside from looting stores, some would turn to looting their neighbors, attempting to survive over them.
Police would not be able to keep up with the amount of looting and theft. They wouldn’t be able to keep people safe.
Phone and cell services would be interrupted. Schools wouldn’t be open. Communities would run out of gas. With the size of our cities and the understaffed levels of police departments, how are police supposed to respond to calls for help with no gas for their vehicles?
Police would still show up. They’d still be there for their communities. It would likely be unpaid since there wouldn’t be any access to money other than what the banks keep in the vault. And even then, what would they do with that money anyway?
Listen, I’m not trying to get all crazy, conspiracy theory, the-world-is-ending-so-every-man-for-himself on you.
It’s just realistic, and it shows the amount of damage that Iran or other terrorists could do to our country with one triumphant attack to our power grid.
All it takes is one time. One EMP. One successful hacking. One cyberattack to do the damage intended, and our whole country is knocked on its proverbial ass.
The nation of Iran is trying to get that one “win” in order to do just that. It’s trying 10,000 times per minute.
Want to make sure you never miss a story from Law Enforcement Today? With so much “stuff” happening in the world on social media, it’s easy for things to get lost.