Come for the politics, stay for the snark.

Proof that we need a blogger ethics panel.

You don’t get rid of your umbrella while it’s still raining.

Wow, I can’t imagine what it was like to comment in morse code.

We still have time to mess this up!

Presidents are not kings, and Plaintiff is not President.

The poor and middle-class pay taxes, the rich pay accountants, the wealthy pay politicians.

Is it irresponsible to speculate? It is irresponsible not to.

Teach a man to fish, and he’ll sit in a boat all day drinking beer.

Nothing worth doing is easy.

Balloon Juice has never been a refuge for the linguistically delicate.

In my day, never was longer.

When I decide to be condescending, you won’t have to dream up a fantasy about it.

And we’re all out of bubblegum.

Accountability, motherfuckers.

Let me eat cake. The rest of you could stand to lose some weight, frankly.

I know this must be bad for Joe Biden, I just don’t know how.

Everybody saw this coming.

If you tweet it in all caps, that makes it true!

Since when do we limit our critiques to things we could do better ourselves?

No offense, but this thread hasn’t been about you for quite a while.

The willow is too close to the house.

Sadly, there is no cure for stupid.

Insiders who complain to politico: please report to the white house office of shut the fuck up.

Black Jesus loves a paper trail.

You are here: Home / Politics / America / Not Everything Is Russia: Oldsmar, Florida’s Water Treatment Facility Edition

Not Everything Is Russia: Oldsmar, Florida’s Water Treatment Facility Edition

by | 121 Comments

This post is in: , , , , , ,

Last Friday someone was able to access the Oldsmar, Florida water treatment facility computer system and adjust the levels of sodium hydroxide, aka lye, that would be added to the water. The Tampa Bay Times has the details:

Local and federal authorities are investigating after an attempt Friday to poison the city of Oldsmar’s water supply, Pinellas County Sheriff Bob Gualtieri said.

Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday. The chemical is used in small amounts to control the acidity of water but it’s also a corrosive compound commonly found in household cleaning supplies such as liquid drain cleaners.

The city’s water supply was not affected. A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.

The Pinellas County Sheriff’s Office is investigating, along with the FBI and the Secret Service, Gualtieri said.

Nobody has been arrested, Gualtieri said, though investigators have some leads. They do not know why Oldsmar was targeted, he said.

Though some cities obtain water through Pinellas County, Oldsmar provides water directly to its businesses and roughly 15,000 residents, Gualtieri said. The computer system at the water treatment plant was set up to allow authorized users to remotely access it for troubleshooting.

A plant operator was monitoring the system at about 8 a.m. Friday and noticed that someone briefly accessed it. He didn’t find this unusual, Gualtieri said, because his supervisor remotely accessed the system regularly.

But at about 1:30 p.m. the same day, Gualtieri said, someone accessed the system again. This time, he said, the operator watched as someone took control of the mouse, directed it to the software that controls water treatment, worked inside it for three to five minutes and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

The attacker left the system, Gualtieri said, and the operator immediately changed the concentration back to 100 parts per million.

“At no time was there a significant adverse effect on the water being treated,” the sheriff said. “Importantly, the public was never in danger.”

Even if the operator hadn’t caught it, he said, it would have taken more than a day for the water to enter the water supply.

“The protocols that we have in place, monitoring protocols, they work — that’s the good news,” said Oldsmar Mayor Eric Seidel. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.

“The important thing is to put everyone on notice,” he said. “There’s a bad actor out there.”

Much more at the link, including a profound statement by Florida’s senior senator Micro Rubio.

Malcolm Nance immediately jumped to conclusions:

These conclusions were then picked up and broadcast to everyone by Rachel Maddow on her show this evening.

I know a little something about Oldsmar, Florida. Largely because the Balloon Juice Bunker compound in the cypress scrub is adjacent to Oldsmar. For lack of a better geographic locator, since the post office refuses to recognize Balloon Juice Bunker Compound, Cypress Scrub, FL, USA as a legitimate address*, I ACTUALLY FUCKING LIVE IN OLDSMAR!!!! And I can honestly say NO ONE WHO DOESN’T LIVE IN OLDSMAR OR NORTH PINELLAS COUNTY OR WESTERN HILLSBOROUGH COUNTY OR SOUTHERN PASCO COUNTY OR KNOWS SOMEONE WHO DOES EVEN KNOWS THERE IS AN OLDSMAR, FL!!!!!!

You can sneeze across Oldsmar if the wind is blowing the right way. Oldsmar is about a dozen stoplights running north-south and east-west at the northwestern most point of Tampa Bay. It got its name because RE Olds and his family had their winter home here, which they named Oldsmar. As in Olds by the sea. Or the sea of the Olds. And given the amount of venerable elders, Olds by the sea is an appropriate name!

I could be wrong, but I would be highly surprised if this was the Russians. I’ve been working on the Russian active measures, hybrid warfare, and political warfare problem set since January 2014 when I was assigned, under temporary assigned control, as the Cultural Advisor/Senior Civilian Advisor to the Commanding General of US Army Europe. I have published, in Special Warfare**, which is the professional journal of the Special Warfare community***, about how the Russians have probed for vulnerabilities and weaknesses in order to target a variety of utilities and the systems that control them. Three years before my article was published, in May of 2016, I included this strategic concern in a briefing I gave at FT Bragg to a room full of American and allied general officers and senior staff that partially dealt with Russia and its geo-strategic and regional strategic ambitions. My professional assessment, given what we know now, is that it is highly unlikely that this is the Russians. I have also published, just last July, on political warfare, which included this concern. This isn’t something I’ve just started thinking about today, I’ve been considering the problem off and on for over seven years as part of my professional work.

There are several reasons why I doubt this was the Russians. The first is that right now Putin does not want to do anything to further stress Russian relations with the US. President Biden and his team are not Trump and his team. And President Biden has already made it clear to Putin that he is not going to tolerate Putin’s actions the way Trump did. The second is that since almost no one in most of Florida, let alone the rest of the US knows that Oldsmar existed, at least before today, that it is a very strange place for Putin’s merry band of mischief makers to target a water treatment facility.

I think it is far more likely that either a disgruntled current or former employee of the City of Oldsmar or of Pinellas County who knew that this point of access existed and exploited it for their own purposes. Or that a local mischief maker went probing for an access point, found one, and decided it was party time. We do have a small, but sizable white supremacist, neo-NAZI, and domestic right wing extremist presence in the area, so it is also possible one fo them did it. Frankly, I wouldn’t be surprised if we find out that an actual authorized user who was teleworking and on the system stepped away from their computer for a few minutes without logging out to get something to drink or use the facilities and their cat walking across the computer desk or their toddler wanting to help daddy or mommy work unintentionally reset the levels. I think the Russians attacking Oldsmar, Florida through a water treatment facility that only supplies Oldsmar is, in my professional opinion, a big stretch. Is it possible it was the Russians? Sure. Is it probable and plausible? I think it likely improbable and implausible.

We’ll know more when we know more. And I know enough about what I don’t know to state that I could be wrong.

Open thread!

* I personally blame Louis DeJoy.

** I apologize for the random capitalizations, I’m pretty sure whoever copyedited this decided these were operational terms of art and capitalized them.

*** It was nice of them to hide their professional journal in plain sight.

Reader Interactions

121Comments

  1. 1.

    JoyceH

    My initial reaction to this story was – why on earth was this system able to be accessed remotely? Just because something is a computer doesn’t mean it has to be connected to the internet.

  2. 2.

    PaulWartenberg

    Russia has declared war on OLDSMAR FLORIDA?!

    As a son of PALM HARBOR (BOYZ FROM THE HARB), I cannot let this attack stand. WE CANNOT LET THIS ATTACK STAND!

    SUMMON THE FLORIDA MEN AND WOMEN TO BATTLE.

    PREPARE THE 15-FOOT GATORS WITH SADDLES.

    UNLEASH THE LASER SHARKS.

    FROM THE SHORES OF KEY WEST TO THE GYRO SHOPS OF TARPON SPRINGS TO THE HALLOWED HALLS OF THE UNIVERSITY OF FLORIDA, WE SHALL AVENGE YOU, OLDSMAR!

    (starts playing “O Fortuna” in the background as orange blossoms spring to life across all of Polk County)

  6. 6.

    Wag

    Good thing they caught this, or Oldsmar might have ended up like Flint, MI, after someone messed with their water system and unleashed the lead poisoning from libertarian hell.

  10. 10.

    prufrock

    Oldsmar is a string of inconvenient traffic lights that vex me as I drive between Palm Harbor and Tampa.

    It is also full of nice houses that will flood in ten inches of storm surge.

  12. 12.

    leeleeFL

    I was reading this thinking, Look around for who just got canned or excessed or “encouraged” to resign.

    Glad it seems to have been nipped in the bud, but I’d put in a supply of bottled water, Adam! Pretend it’s hurricane season.

    ETA: Adam, is it possible someone didn’t like your articles?  Just sayin’, funny how it’s where you live.

    I’ll show myself out….

  14. 14.

    Carlo

    Agreed. Mostly because Russia (or any other national actor) has zero to gain from this attack. A local asshole.

    I think the redundant systems thing is interesting.There’s a lot of threat-buzz about cyber attacks on infrastructure – power, water, etc. – but this makes me wonder how much of that is really practicable. In this case at least, there was a defense in depth. Seems as if an average nuclear power plant (say) would arrange similarly redundant safeguards.

  15. 15.

    Jim, Foolish Literalist

    I didn’t think Maddow was necessarily promoting the idea that this was the Russians.
    She also had a segment on this story, about the ongoing madness in Arizona

    The feud between the Arizona Senate and the Maricopa County Board of Supervisors over lawmakers’ insistence that the county perform another hand count of 2020 general election results has escalated in the past few weeks.
    Now, the Senate might take it even further.
    The Senate, controlled by Republicans, has threatened to hold the supervisors, nearly all Republicans, in contempt for not responding to subpoenas asking for copies of allthe county’s mail-in ballots and access to voting machines. The Senate wants to perform its own audit.
    Some senators have even threatened to arrest the supervisors over the matter, and the body could vote on the the contempt resolution as early as Monday.

    Maddow had a clip of this special creature, from the same mold that made Sarah Palin and Marjorie Taylor Greene, apparently calling for violence from the less good people of Arizona

    Brahm Resnik @brahmresnik · 6h
    With AZ Senate’s contempt resolution failing, this sounds like a threat from GOP Sen. Kelly Townsend: ‘This shouldn’t fall into the hands of the public… when they’re so lathered up. So public, do what you gotta do.’

    and the quotes in the tweet capture the special word-salad delivery of Senator Townsend

  16. 16.

    ?BillinGlendaleCA

    Speaking of the mail, I ordered a filter* for my camera last Wednesday night from a company in New Jersey and it arrived today.   That’s pretty good for going across the country.

    *It’s called an IRChrome filter, so if you liked my Aerochrome effect, you’ll see more.

  19. 19.

    Honus

    Ah, yeah reminds of the old days when us commie hippies were always going to put LSD in the water supply.

  20. 20.

    Mart

    Nance don’t know nuthun. This is some really sophisticated digital fuckery. Clearly the work of the ghost of Hugo Chavez. First he came for Dominion, now he’s gunning for our water. Don’t say I did not warn you!

  21. 21.

    df

    @Adam L Silverman:

    How about a nice game of chess?

    Edit to add more substance: I’m honestly surprised it took this long for something like this to happen (or at least for it to become public). The capital-I Internet is a garbage fire. This is going to keep happening until we have licensure and ethics boards for software developers, laws with teeth, and adequate funding for the unsexy parts of government IT work. Count on it.

  23. 23.

    bt

    It is so clearly the case that the #1 suspect will be someone who works at, or was fired from, or was a contractor at this place.

    That’s who would bother, that’s who has the access.

    –> It’s like when a pretty young woman is found in tragic circumstances. They don’t call the Russians in for questioning, they call the ex-boyfriend.

  24. 24.

    LongHairedWeirdo

    WARNING: A Remote access hack occurred Friday at a water treatment plant in Florida were someone remotely operated the computer controls, while staff watched and attempted to raise the amount of LYE chemicals in the water 1,000%.

    That’s *10,000* percent – a factor of 100, times 100 per centum (per hundredth, essentially) , is 10,000%, *not* 1,000%.

  25. 25.

    sab

    This happened to my college town way back before the internet. Some higher up guy was out sick and some lower down guy fucked up, and the town water supply was awful and salty for a week. Corrosive showers at home and in the dorm. Poisonous bug juice and coffee in the cafeteria. It was very inconvenient and annoying, but we got through it.

    Remote access probably would have fixed it sooner, since the guy home sick could have checked on the idiot’s work.

  29. 29.

    Adam L Silverman

    @Honus: Pinellas County stopped fluoridating the water supply several years ago because one of the local cranks was being mean to the county commission about it. So they just gave him what he wanted.

    ETA: They reversed the decision about a year or so later and started adding fluoride back into the water.

  31. 31.

    Ken

    @Carlo: Probably my own fault for not reading the original sources, but I’m not seeing the “defense in depth” here.  Had they not had an operator watching the screens, when and how would this have been detected?  For example, would the system page the operator(s) to alert them (as is fairly common in, among other things, cloud ops).

  32. 32.

    RepubAnon

    Obviously it was an attack by Hillary’s e-mail server, which has joined Antifa and is now hiding on Hagbard Celine’s submarine.)

    (/snark, just so it doesn’t start a new conspiracy theory)

  34. 34.

    Adam L Silverman

    @Ken: From the quoted section of the reporting in my post:

    City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.

    Even if the operator hadn’t caught it, he said, it would have taken more than a day for the water to enter the water supply.

    “The protocols that we have in place, monitoring protocols, they work — that’s the good news,” said Oldsmar Mayor Eric Seidel. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.

  39. 39.

    Ken

    @Adam L Silverman: I saw that, but I was thinking of something in the software that would alert them  to prevent the damage, instead of detecting it after the water’s already been contaminated.  You want that anyway, in case the legitimage operator accidentally enters a number wrong.

    Of course the chemical sensors are still a necessary backup, because of the hippies and their ell ess dee.

  54. 54.

    NotMax

    As someone who has used TeamViewer* something smells rotten in the state of Florida.

    1) An app like that has no business being installed on a computer in such an office.
    2) Unless the program has been opened on both the computer there and the remote computer I cannot fathom how it could be used to gain access**. Why was it turned on (actively running) at the water plant facility? And by whom?
    .
    *makes it infinitely easier to diagnose/fix Mom’s computer on the rare occasion when she has concerns or a problem crops up over trying to have her describe stuff and walk her through steps over the phone.

    **not saying it is impossible if it is not already actively running on the accessed computer but it does intuitively belie belief, as TV generates a new random password each time it is opened which must be used by the remote computer to gain access.

  60. 60.

    NotMax

    @NotMax

    Amended.

    1) An app like that has no business being installed on a computer in such an office. Who downloaded and installed it? And when?

  63. 63.

    Redshift

    @Adam L Silverman:

    all active defenders during the first impeachment trial, especially during House hearings. 

    And possibly more important, all unrepentant defenders of the Big Lie that the election was stolen. Lawyers for The Orange One may not be willing to risk their professional reputations and legal sanctions by bringing it up, but I doubt these clowns will be able to resist.

    If Trump demands that GOP senators openly endorse that to support acquittal, we may yet see a conviction. (Hey, I can hope, especially with the spate of retirement announcements!)

  66. 66.

    ?BillinGlendaleCA

    @NotMax: In all probability, they’re using Remote Desktop access built into Windows 10 Pro, they probably have it on so that someone, like a supervisor, with elevated network permissions can authorize some changes that the regular operator doesn’t have the permissions to do.

     

  67. 67.

    Adam L Silverman

    @Redshift: Between the House chuckleheads, the attorneys he’s hired – the Orthodox Jewish one who asked to be accommodated because he’s shomer shabbos (literally guardian of the Sabbath meaning he won’t work from sundown Friday to sundown Saturday) has now withdrawn that request after the Senate granted the accommodation. It appears he was hoping they’d deny it so he could be performatively outraged and when they didn’t, he couldn’t, so he’s decided he can suddenly work on Saturday after all, and the Senate Republican anti-constitution caucus, this is going to be a Category 5 Shitshow.

  69. 69.

    Another Scott

    I think it is far more likely that either a disgruntled current or former employee of the City of Oldsmar or of Pinellas County who knew that this point of access existed and exploited it for their own purposes.

    Bingo.

    The description sounds like some sort of VNC access was available to the control computer in question. Some average joker isn’t going to know what to do if they come across some weird control software for a water treatment plant.

    There isn’t some big virtual knob that says – “Turn me to poison the city!!11”. Someone would have to be familiar with the software and the plant for this to be remotely plausible as a malicious act.

    My (uninformed) guess is that your quoted scenario is most likely accurate.

    Plus, messing with a water treatment plant as some sort of evil hack is stupid. Any adulteration is diluted because of the vast amounts of water involved. Unless they plan to go into the homeopathy business or something…

    Cheers,
    Scott.

  74. 74.

    piratedan

    @Adam L Silverman: so we can expect the same bad faith bullshit kabuki from the same bad faith actors… problem is, this time they won’t be on Fox News or Newsmaxx and get to spar with passionate Dems who appear to be inclined to cut a motherfucker.

    I look forward to watching them propose the Montoya defense of “you keep using that word but I don’t think it means what you think it means”..

  75. 75.

    Starboard Tack

    @Adam L Silverman:

    shomer shabbos (literally guardian of the Sabbath meaning he won’t work from sundown Friday to sundown Saturday) has now withdrawn that request after the Senate granted the accommodation.

    Oh, the sincerety!! (sob)

  76. 76.

    LongHairedWeirdo

    @Adam L Silverman: ​
     
    Adam, I *never* would have thought you’d make that mistake; off by a full order of magnitude? No way. (Well, maybe, if you confessed to being shy on sleep and just slipped a decimal place, but then you’d have already corrected the error.)

    That was copied/pasted from a tweet (referenced in the post), and with my math background, I couldn’t let the mistake pass.

  77. 77.

    egorelick

    I’m somewhat skeptical that safeguards were in place to prevent this from getting to the public.  That might be so, but it’s also the kind of thing you say to minimize an incident that may have turned into a tragedy.  IOW, it’s easy to say when nothing bad happened without actually backing up that assertion with a detailed explanation about how that backup safety measure actually would work. Also, does noone else find it a convenient coincidence that this supposedly non-Russian hack targeted the very town Mr. Silverman lives in?

  78. 78.

    mdblanche

    I dunno. Oldsmar is awfully close to St Petersburg…

     

    @egorelick: Also, does noone else find it a convenient coincidence that this supposedly non-Russian hack targeted the very town Mr. Silverman lives in?

    Clearly a Russian operation to take out Balloon Juice’s leading security expert.

  79. 79.

    NotMax

    @BillinGlendaleCA

    Early reporting, so subject to change, but –

    The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview. Source

  85. 85.

    JaySinWA

    @NotMax: Jebuss, from the article:

    A plant operator was monitoring the system at about 8 a.m. Friday and noticed that someone briefly accessed it. He didn’t find this unusual, Gualtieri said, because his supervisor remotely accessed the system regularly.

    Management authorized and used remote access. They were going for ease of use and convenience, not security.

    As to the culprit, if it was targeted then someone local, or a cat/baby attack by someone with authorized access. But it is entirely possible that someone scanning open ports hit a target of opportunity not knowing where it was located. More like the kid in the Wargames reference but possibly with more malice.

  86. 86.

    Adam L Silverman

    @LongHairedWeirdo: No worries. As for short on sleep, I’m getting ready to rack out as I’m still catching up from Sunday. We had a really heavy storm front come through starting around 4 AM. The first squall line wasn’t too bad and was moving fast. But about 20 minutes after it moved off to the east we got slammed for almost two hours. High winds making the freight train coming down the tracks sound, which was disconcerting because we were under a tornado watch that had started around minute and was up through 7:30 AM. Then there was the torrential driving rain and the very small hail. And finally the persistent, steady thunder and lightning punctuated by some real thunderclaps. My lab mixes were exceedingly upset and spent almost three hours sitting on me. So I didn’t get much sleep. Last night I got a good night’s sleep, but one more tonight should stand me back in good stead.

  87. 87.

    danielx

    So…pissed off current or former employee with some technical smarts who a) has a shit ton of water stored for everything – drinking, cooking, bathing or b) doesn’t get their water from the same source and c) had enough access, one way or another, to pull this off. Plus d) being more fucked up than Rocky the Flying Squirrel and (maybe) e) could have picked up the technical knowledge needed from anywhere on the internet, possibly by an untraceable method.

    Or it could be a random nutcase doing this for unknown reasons, or a group of nutcases, or…

    We have a matrix! Shit, they’ll have this solved by Wednesday.

    In truth, seems like something that could be solved pretty quickly with the right software forensics, but I’m totally rambling and clueless.

  89. 89.

    Adam L Silverman

    @mdblanche: Oldsmar isn’t that close to St. Petersberg. About 18 miles as the crow flies, but a good 35 to 40 minutes as the roads allow us to drive.

  91. 91.

    Adam L Silverman

    @danielx: Given Oldsmar’s small size and location, one could live in 1/2 a dozen different municipalities or unincorporated parts of Pinellas County and be two feet from parts of Oldsmar. And, as a result, be on Pinellas County’s or Hillsborough Counties water system. So an insider threat wouldn’t necessarily need to stockpile water if they lived in Safety Harbor, Palm Harbor, Ozona (I still have no idea what Ozona is, but I think it is where they make the ozone), Lake Tarpon, and unincorporated Hillsborough County just over the county line on Racetrack Road and Tampa Road.

  92. 92.

    Adam L Silverman

    @Starboard Tack: Sometime this week depending on whether the pro-Trump extremists who are determined to strike in the US don’t do something really stupid and really bad during the impeachment.

  94. 94.

    NotMax

    @JaySinWA

    More like the kid in the Wargames reference

    F.B.I. already knock knock knocking on Matthew Broderick’s door as a “person of interest?”

    //

  96. 96.

    Martin

    I don’t think the point is that Russia was trying to hack Oldsmar. I think the point is that US infrastructure security is terrible, and even if we do find out it was someone sitting on their bed who weighs 400lbs, that’s not better because it implies that if a nation state did try to attack infrastructure, they’d have an even easier time of it.

  102. 102.

    Sloane Ranger

    At this stage it’s too early to speculate about motivation. It could be another country, if not Russia, perhaps Iran or a terrorist group, either foreign or domestic, or a pissed off employee or ex employee or the cat/toddler or it could even be some true believer in the lye kills coronavirus myth your ex President put out there who genuinely believes they were performing a public good.

    It’s important at the start of an investigation not to lock yourself into any specific hypothesis as this can lead the investigation down the wrong path.

  103. 103.

    mrmoshpotato

    HaHAHa! So good.

    Have we started calling Marjorie Taylor Greene a "Qaren" yet? If so, carry on. If not, we should start.— The Rude Pundit (@rudepundit) February 8, 2021

  107. 107.

    Phylllis

    Thread about dead, but have to chime in to say know where Oldsmar is, being from Parrish*, FL.

    *Home to Mr. Stealer of Nancy Smash’s lecturn. Can confirm, goober central. 

  112. 112.

    KrusherKing

    @Adam L Silverman: Ozona is a charming little bit of Palm Harbor, very old Florida, that contains some nice restaurants, including the world famous Ozona Pig, a really extensive antique/junk shop and a marina.  It is strictly legal to travel around the streets of Ozona in a golf cart–it’s that small.   once met an extremely amiable drunk who was driving a golf cart around Ozona at 6:00 AM.  No street is wider than one lane in each direction.  I

    https://www.ozonavillagefl.us/

  113. 113.

    wenchacha

    Is there a summary description of the Malcolm Nance/Naveen Jumali stuff on Twitter and elsewhere? Should I take their appearances in pundit shows with a few chunks of Himalayan salt?I

    Thanks!

     

    Thanks

  114. 114.

    Uncle Cosmo

    @Doug R: “Just because you’re paranoid, doesn’t mean they’re not out to get you”.

    Even paranoids have real enemies.

    (Henry the K, referring to Tricky the Dick back in the day…)

  115. 115.

    The Moar You Know

    Shame I missed this until this morning.  My specialty.

    This could have been anyone.  It is almost certainly NOT a state actor as Adam says.

    The security breakdown:  they had a commercial remote access program, TeamViewer, running on a machine so that they could come in from outside and do their work thing (i.e. everyone working there has been on a down-low “work from home” program for quite some time, likely long before the plague).

    The second security breakdown:  there’s no reason for a facility like this to have internet connectivity at all.  Oh sure, the office folks gotta have their email and you probably want to give the employees some wifi because the job is boring AF, but the plant control systems should be on a completely separate (physically and logically) network.  Setting it up this way is not hard.  It’s actually a lot easier for maintenance in many ways.

    And yet, almost every infrastructure sector in this country has this because nobody wants to get up at two in the morning and drive in just to see what the alarm is.  That particular form of laziness has got to stop.

    By “every infrastructure sector” I mean all of them.  Harmless water treatment plants like this, but also some truly scary-ass stuff like refineries, chemical plants – the kinds of places where fucking with a setting on a operating parameter can cause explosions and leaks of the kind of shit that an kill everything it touches.   Again, this form of laziness has to stop.  Unplug the networks and get bodies in the seats where the control systems are.

    TeamViewer isn’t very secure, but then again not any of these telework programs are.  The military is FINALLY taking action on this, but of course for right now we actually need them as there’s a lot of workspaces where people should not be entering unless they absolutely have to.  That will look a lot different by this summer.

    Running down the clown who did this will be easy to impossible depending on how smart they were. I rarely see a lot of smart attacks in my work, so I’m guessing 48 hours.  I will differ with Adam’s analysis in only one major way – this wasn’t a current employee who just wandered off for a cuppa joe and had a cat do the laptop dance while they were gone.  This was an outsider.

    Shame you all missed the analysis from the forensics/security guy.  Oh well.  My best work always remains unread.

  119. 119.

    Adam L Silverman

    @wenchacha: They’re both pretty solid. But there are times that Nance gets too far ahead of the information because it fits the analytical structures he’s built and is promoting.

    It happens to everyone now and then.

Comments are closed.