maddmaxx ★ Posted February 9, 2021 Share #1 Posted February 9, 2021 https://www.nytimes.com/2021/02/08/us/oldsmar-florida-water-supply-hack.html A hacker attempted to poison a water treatment plant in FL by upping the addition of sodium hydroxide (lye) by a huge factor that would have rendered the water capable of blinding a shower taker or seriously damaging someone who drank it. A human operator noticed the change and corrected it. After a second attempt by the same (or other) hacker the remote computer system that allowed one person to make the change without the approval of anyone else was disconnected from the system. In this day and age one has to ask if such a remote system was necessary or safe in the first place. We are going to have to rethink this internet thing as a country before it's too late. 1 Link to comment Share on other sites More sharing options...
bikeman564™ Posted February 9, 2021 Share #2 Posted February 9, 2021 I don't understand why water treatment needs to be on the internet. Water can be treated w/o this. 1 Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted February 9, 2021 Author Share #3 Posted February 9, 2021 24 minutes ago, bikeman564™ said: I don't understand why water treatment needs to be on the internet. Water can be treated w/o this. Lots of things can be done without this. Womaxx as the school bookkeeper and controller of the student accounts (about a quarter of a mil) used to have a stand alone program on her computer in her office subject to auditing at a moments notice. The new town school administration had everything put on line. No one knows why. It isn't accessed by anyone else. As a country we are doing far too much of this and hackers, Ransomeers and Pirates of all ilk are having a great time. 2 2 Link to comment Share on other sites More sharing options...
bikeman564™ Posted February 9, 2021 Share #4 Posted February 9, 2021 2 minutes ago, maddmaxx said: Lots of things can be done without this. Like refrigerators. Why the f some wants their fridge online so you can see what's inside is stupid. Also TVs, and them remotes you talk into. None of which I have. 1 Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted February 9, 2021 Author Share #5 Posted February 9, 2021 I don't mind the small things. If some asshole wants to see what I'm watching or listen to inane conversations through Alexa or screw with my lights that's a minor detail. I do think that power plants, water systems and other major infrastructure needs to be offline on dedicated networks. Even that is not totally secure as Stuxnet demonstrated. At least one of the DARPA projects that I worked on was loaded on a single computer inside a coded door room with our receptionist sitting outside. No connection to the outside world other than the power cord. Authorized people went in, recorded data from their lab notebooks and left. No electronic media allowed in. There were only 4 people in the company allowed in that room. (not me). I did however work on other even more classified programs in other companies that were less well protected. We trust our banks. Hopefully they have the best in security systems and good backups. That has proven to be misplaced trust in the past. We trust our healthcare system to provide the proper medications. Perhaps we shouldn't be so trusting. Link to comment Share on other sites More sharing options...
shootingstar Posted February 9, 2021 Share #6 Posted February 9, 2021 I can only assume this hacker news alerted the wastewater treatment plant services engineering sector world-wide. Pretty scary. Now with severe municipal budget pressures particularily in the big cities, certain remote systems monitoring by staff, might look attractive. So don't bitch too much about your property taxes being raised...you want staff to actually be on-site for some of your critical municipal services. Ask this out of your local municipal services. You want them for this critical service ...to do field site inspections also. There is a point where human beings are required. Link to comment Share on other sites More sharing options...
Razors Edge ★ Posted February 9, 2021 Share #7 Posted February 9, 2021 THE CLOUD!!!! We need EVERYTHING in the CLOUD!!!! DO NOT RESIST! Thank you. 1 2 Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted February 9, 2021 Author Share #8 Posted February 9, 2021 21 minutes ago, Razors Edge said: THE CLOUD!!!! We need EVERYTHING in the CLOUD!!!! DO NOT RESIST! Thank you. See other thread. there are such people. Link to comment Share on other sites More sharing options...
Longjohn ★ Posted February 9, 2021 Share #9 Posted February 9, 2021 I realize municipal water systems are a necessity for towns and cities but I have never trusted them. I have never lived anywhere that I had city water. The closest thing was when I was the maintenance supervisor at a large Methodist camp and retreat center. We had our own water and sewage systems that I was in charge of. We used a combination of spring water and many wells all tied together. I tested the drinking water for proper chlorination and sent samples to a lab for further testing on a regular basis. I could have accidentally screwed up and made the water bad but luckily I never did. Our pump house was kept locked but anyone wanting to poison our system could have broke in and we would all be dead before we knew it. 2 Link to comment Share on other sites More sharing options...
Dirtyhip Posted February 9, 2021 Share #10 Posted February 9, 2021 We are tapped into a huge underground body of water with my own personal tap. I am not too concerned about safety for my water. You can't even easily get onto our property. We also have a locking gate. 26 minutes ago, Longjohn said: I realize municipal water systems are a necessity for towns and cities but I have never trusted them. I have never lived anywhere that I had city water. The closest thing was when I was the maintenance supervisor at a large Methodist camp and retreat center. We had our own water and sewage systems that I was in charge of. We used a combination of spring water and many wells all tied together. I tested the drinking water for proper chlorination and sent samples to a lab for further testing on a regular basis. I could have accidentally screwed up and made the water bad but luckily I never did. Our pump house was kept locked but anyone wanting to poison our system could have broke in and we would all be dead before we knew it. Most wells are tapped into huge underground sources. A wrongdoer would need a hellof a lot of poison. Enough to poison an entire river is a lot for someone to just dump in. Link to comment Share on other sites More sharing options...
ChrisL Posted February 9, 2021 Share #11 Posted February 9, 2021 Infrastructure security has been a a long standing concern for my industry for years and I’m surprised it hasn’t happened more. Protection of water supplies, electrical grids, highway management systems, subways, dams & waterways and much more has the potential to be hacked and manipulated to put people at risk. Due to budget pressure & lack of oversight municipal systems are considered the most vulnerable to hacking. 1 Link to comment Share on other sites More sharing options...
Razors Edge ★ Posted February 9, 2021 Share #12 Posted February 9, 2021 19 minutes ago, Dirtyhip said: We are tapped into a huge underground body of water with my own personal tap. I am not too concerned about safety for my water. You can't even easily get onto our property. We also have a locking gate. Most wells are tapped into huge underground sources. A wrongdoer would need a hellof a lot of poison. Enough to poison an entire river is a lot for someone to just dump in. I think someone like @Longjohn has fracking wells to consider when testing his well water. That part of PA has a lot of fracking, and with it, potential for pollution from spills. Oregon isn't in the same boat. Link to comment Share on other sites More sharing options...
donkpow Posted February 9, 2021 Share #13 Posted February 9, 2021 1 Link to comment Share on other sites More sharing options...
Dirtyhip Posted February 9, 2021 Share #14 Posted February 9, 2021 1 hour ago, Razors Edge said: I think someone like @Longjohn has fracking wells to consider when testing his well water. That part of PA has a lot of fracking, and with it, potential for pollution from spills. Oregon isn't in the same boat. My goodness. The states should not allow that shit, and if they do it should come with heavy restrictions and they should limit what these companies can do to extract the gas. One of the main reasons that I enjoy living in Oregon, is that we are a very environmentally focused state. Link to comment Share on other sites More sharing options...
Razors Edge ★ Posted February 9, 2021 Share #15 Posted February 9, 2021 3 minutes ago, Dirtyhip said: The states should not allow that shit, and if they do it should come with heavy restrictions and they should limit what these companies can do to extract the gas. There are restrictions. Whether they are sufficient or not might remain to be seen, but it does warrant regular testing of a water source. Link to comment Share on other sites More sharing options...
BR46 Posted February 9, 2021 Share #16 Posted February 9, 2021 If something would happen to our water I always have this in our yard to fall back on 1 1 Link to comment Share on other sites More sharing options...
12string Posted February 9, 2021 Share #17 Posted February 9, 2021 Doesn't the water system have some kind of alarms or shutoffs if too much lye ends up in the water? And why lye in the first place? Not just all the time, but the hacker would have been way funnier if he diverted the supply through a Sodastream Link to comment Share on other sites More sharing options...
Airehead Posted February 9, 2021 Share #18 Posted February 9, 2021 Well water that is tested yearly-- so i guess I could die in between the tests but so far that hasnt happened. Our water conditioning system inside the basement has UV and filter stages. Our water is actually quite nice. 1 Link to comment Share on other sites More sharing options...
Thaddeus Kosciuszko Posted February 9, 2021 Share #19 Posted February 9, 2021 5 hours ago, maddmaxx said: In this day and age one has to ask if such a remote system was necessary or safe in the first place. Industrial or continuous process systems are often connected in this manner to improve quality control, record data points of critical systems, to allow remote trouble-shooting, or to comply with local/state/federal regulations. For example, a water treatment plant has to follow guidelines for how much of any number of chemical, elements, or minerals can be in the drinking water. An industrial processor follows a program to poll the sensors that record those readings. The processor then reacts based upon those readings executing what's called a control loop. The readings area typically stored on site, but also uploaded to a remote site as well. Other information such as alarms, warnings, and setting changes are often documented/recorded both on and off site. A water treatment system is composed of many subsystems from different manufacturers. These systems, if new, are under warranty; if out of warranty they are often under service contracts. Rapid response to problems can be crucial with a water treatment facility. Hence the remote links allow manufacturers and service companies to look in on the system, make immediate adjustments, and if that doesn't work they can get an idea of what the problem is and bring the necessary tools and equipment when they make the service call. The problem is few owners, municipalities, and companies take security on these systems seriously. Industrial processors often have several levels of security, with each level allowing greater latitude and control over the processor functions. Passwords aren't often changed as employees leave, simply because very few people ever tried to hack systems like this. ChrisL is spot-on about vulnerability of utility and municipal systems. Once a hacker is in the system, they can make changes to the process and then reset alarms and limits so the hacked conditions never trigger any warnings. 2 Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted February 9, 2021 Author Share #20 Posted February 9, 2021 Perhaps it would be as easy as limiting off site connections to sensor data out put only with local human intervention required to change any inputs outside the scope of the control loop which would also have to be loaded locally. Yes this would require manpower to be able to access a treatment plant quickly or in lieu of that constant supervision by a trained human. Somewhere we might run into a malicious human, but they would have access to one facility only. Hackers can work on gaining access to many facilities and save that access for a combined attack. Link to comment Share on other sites More sharing options...
12string Posted February 9, 2021 Share #21 Posted February 9, 2021 OK, so if I'm reading Ted and Max correctly, he couldn't have done the Sodastream thing? Link to comment Share on other sites More sharing options...
Razors Edge ★ Posted February 9, 2021 Share #22 Posted February 9, 2021 2 minutes ago, 12string said: OK, so if I'm reading Ted and Max correctly, he couldn't have done the Sodastream thing? Just need better hackers! Clearly, this Florida guy was a n00b! Link to comment Share on other sites More sharing options...
jsharr ★ Posted February 9, 2021 Share #23 Posted February 9, 2021 Link to comment Share on other sites More sharing options...
donkpow Posted February 9, 2021 Share #24 Posted February 9, 2021 2 hours ago, 12string said: And why lye in the first place? Adjusts pH. 1 Link to comment Share on other sites More sharing options...
shootingstar Posted February 10, 2021 Share #25 Posted February 10, 2021 hmm. I know security to our water treatment plants are tight...to even other employees. It is rather interesting how much money budget-wise the dept. for water supply and water treatment can obtain...without much public debate at all. The biggest ongoing public debate is whether orn not our local water should have fluoride. We don't have it our water.... too much public outcry. Whereas in other cities, where I've lived, they have it. They have some interesting projects...even combined with art. Whereas other depts. face alot more questions, fire from politicians and public --roads, construction of community centres, etc. I visited a water treatment facility to meet another employee. Underground to link another building 1 km. away, there were 2 simple bikes to bike down the wide hallway in between. Link to comment Share on other sites More sharing options...
Longjohn ★ Posted February 10, 2021 Share #26 Posted February 10, 2021 12 hours ago, donkpow said: Adjusts pH. I used soda ash, it takes more to change the ph but probably won’t cause blindness. 1 Link to comment Share on other sites More sharing options...
Prophet Zacharia Posted February 10, 2021 Share #27 Posted February 10, 2021 13 hours ago, donkpow said: Adjusts pH. Makes water into pHater? 16 hours ago, Dirtyhip said: The states should not allow that shit, and if they do it should come with heavy restrictions and they should limit what these companies can do to extract the gas. Ha. Our state politicians mostly want to increase fracking for the jobs, even offering sweetheart tax deals to lure new drilling. Our national election was nearly decided by one party wanting (primarily) to eliminate new fracking on Federal land and the other wanting fewer restrictions. My water comes from the Allegheny river, pumped out at Aspinwall, PA. 1 Link to comment Share on other sites More sharing options...
MickinMD ★ Posted February 10, 2021 Share #28 Posted February 10, 2021 On 2/9/2021 at 7:39 AM, maddmaxx said: https://www.nytimes.com/2021/02/08/us/oldsmar-florida-water-supply-hack.html A hacker attempted to poison a water treatment plant in FL by upping the addition of sodium hydroxide (lye) by a huge factor that would have rendered the water capable of blinding a shower taker or seriously damaging someone who drank it. A human operator noticed the change and corrected it. After a second attempt by the same (or other) hacker the remote computer system that allowed one person to make the change without the approval of anyone else was disconnected from the system. In this day and age one has to ask if such a remote system was necessary or safe in the first place. We are going to have to rethink this internet thing as a country before it's too late. Ralph Pollack, who was a chemistry professor then Dean of Science at UMBC, once told me that when he was a post-doc at U.C. Berkeley, a strong base was spilled on him. He was rushed to a shower, was washed off thoroughly several times, and given some clothes to wear home. When he got there, the clothes were disintegrating. He bathed again over and over and the clothes and bed sheets he was in contact while sleeping were damaged by the time he woke up in the morning. The human skin is a marvel! Link to comment Share on other sites More sharing options...
MickinMD ★ Posted February 10, 2021 Share #29 Posted February 10, 2021 It would seem to me you'd need tons of NaOH to poison Baltimore's drinking water, which comes from a few very large lake reservoirs. There is also a large pipeline for fresh water that connects to the Susquehanna River, miles away at the north end of the Chesapeake Bay, but I don't know how close that is to operating condition if it was needed in an emergency. Link to comment Share on other sites More sharing options...
jdc2000 Posted February 11, 2021 Share #30 Posted February 11, 2021 A unsecured TeamViewer session was what the hacker used. Time of day was 8:00 am and again at 10 or 11 am, so an operator noticed immediately. Fortunately, it did not happen at 2:00 am. 2 1 Link to comment Share on other sites More sharing options...
Longjohn ★ Posted February 11, 2021 Share #31 Posted February 11, 2021 17 hours ago, Prophet Zacharia said: My water comes from the Allegheny river, pumped out at Aspinwall, PA Did you know fish pee in that river? 2 Link to comment Share on other sites More sharing options...
JerrySTL ★ Posted February 11, 2021 Share #32 Posted February 11, 2021 I recently read "The Poisoned City: Flint's Water and the American Urban Tragedy". The government and water treatment people made things worse in Flint than a hacker could have done. 1 Link to comment Share on other sites More sharing options...
JerrySTL ★ Posted February 11, 2021 Share #33 Posted February 11, 2021 11 minutes ago, Longjohn said: Did you know fish pee in that river? Screw in it to. 1 Link to comment Share on other sites More sharing options...
Bikeguy Posted February 11, 2021 Share #34 Posted February 11, 2021 57 minutes ago, Longjohn said: Did you know fish pee in that river? When I was working, I was at the Pontiac (IL) sewage treatment plant. They discharge into the Vermilion River. 26 miles downstream, there is a dam where the water company takes water for Streator. That year there was a drought. I told the manager of the sewage treatment plant, 'You should tell everyone in Pontiac to flush their toilet twice, rather than just once.' He asked why? I told him we need the water in Streator. Now we have well water, from a shallow 75 foot well, and a RO filter for drinking water. Link to comment Share on other sites More sharing options...
Allen ★ Posted February 11, 2021 Share #35 Posted February 11, 2021 I have a very deep well. Link to comment Share on other sites More sharing options...
Longjohn ★ Posted February 11, 2021 Share #36 Posted February 11, 2021 The fracking wells go horizontal underground and cover an amazing area from where they were started. We don’t have any of those close to our property. The Wells that we could see from our house were the traditional gas Wells that went straight down. We didn’t experience any changes in our water after they drilled the wells. 2 Link to comment Share on other sites More sharing options...
Prophet Zacharia Posted February 11, 2021 Share #37 Posted February 11, 2021 6 hours ago, Bikeguy said: They discharge into the Vermilion River. 26 miles downstream, there is a dam where the water company takes water for Streator. Our sewage treatment plant empties into the Ohio River. Our gift to the Midwest. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now