Technology

US Waterworks Hack Resulted In Shared Passwords And Windows 7 PCs

The “hack” of the waterworks in the small town of Oldsmar in the US state of Florida, which has been widely reported around the world, was evidently much less complex than you might think. The operator made it very easy for the attackers by making a few mistakes.

As reported by the Associated Press, there have been some easily preventable but huge safety issues with the Florida waterworks. The employees apparently used the same passwords across several security-relevant systems in order to be able to log in more easily.

In addition, comparatively old computers that worked with Windows 7 were used. The old Microsoft operating system has not been updated with new security updates for more than a year. This apparently gave the attackers easy access to the waterworks systems.

Employees noticed how the attackers moved the mouse using TeamViewer

Some more details should also make security experts stand on end. According to reports from the USA, the computers affected by the attack were “directly connected to the Internet without the installation of any kind of protection through a firewall”.

The attackers apparently used the simple remote access software TeamViewer, which is also very popular among private customers, to log into one of the waterworks control computers that are easily accessible via the Internet.

The “change on the screen” reported in the first reports, which was noticed by one of the employees, was apparently nothing more than the mouse pointer, which moved in front of the screen without any action on the part of the employee. All in all, in this case, you are dealing with a comparatively simple attack, which nevertheless had great potential for endangering the population of Oldsmar.

An attempt was made to increase the dosage of sodium hydroxide in the drinking water of the city of Oldsmar by a factor of 100. This controls the pH value of the drinking water so that the water would have been “poisoned” if an employee of the waterworks had not noticed the change in the values. Allegedly, however, further warning systems would have started before the water reached the first consumer after at least 24 hours.