Threat actors in January attempted to poison the water at a US facility

June 21, 2021  By Pierluigi Paganini


Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities.

The news that a threat actor in January attempted to poison the water at a facility in the U.S. made the headlines and highlights the importance of protecting critical infrastructure from hackers.

According to a report published by NBC News, threat actors attempted to compromise an unnamed water treatment plant that provides services to San Francisco Bay Area, the attack took place on January 15.

NBC became aware of the attack attempt from a private report created by the Northern California Regional Intelligence Center in February. The actors gained access to the systems at the facility by using the TeamViewer account of a former employee to gain access to systems and attempted to manipulate software used for treating drinking water.

“On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn’t seem hard.” reads the post published by NBC. “The hacker had the username and password for a former employee’s TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.”

This is the first time that this specific incident has been reported by authorities, but unfortunately the number of similar attacks is growing.

In February, Pinellas Sheriff revealed that attackers tried to raise levels of sodium hydroxide, by a factor of more than 100, in the Oldsmar’s water supply. The scenario described by Pinellas Sheriff Bob Gualtieri is disconcerting, an attacker attempted to raise levels of sodium hydroxide, also known as lye, by a factor of more than 100, in Oldsmar’s water supply.

In March, the United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering with the computer system of the Ellsworth County Rural Water District.

Travnichek accessed the computer system of the Public Water System on or about March 27, 2019, without authorization.

Travnichek worked for the Ellsworth County Rural Water District for roughly one year, he was remote monitoring the plan by accessing the Post Rock computer system.

Once gained access to the public water system, the man allegedly performed malicious actions that halted the processes at the facility that impacted the cleaning and disinfecting procedures.

Back to the incident reported by NBC News, the news outlet revealed that the attack was discovered the day after the initial compromise, and in response to the attack the IT staff at the facility changed its passwords and reinstalled the software that was removed by the hackers. The good news is that the failure caused by the intrusion did not cause any problems to the citizens.

“No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures,” read the incident report. 

U.S. water infrastructure, like other critical infrastructure in the US, lacks built-in security, according to the NbcNews, a widespread water hack would be very difficult to mitigate. The experts claim that there isn’t a centralized approach in the mitigation of cyber threats, each facility runs independently and doesn’s share any information with peers.

“It’s really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities,” Mike Keegan, an analyst at the National Rural Water Association, told to NbcNews. “You don’t really have a good assessment of what’s going on.”

The experts pointed out that drinking water facilities that serve rural areas don’t have a dedicated cybersecurity team and are particularly exposed to cyber-attacks. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, US facility)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

NSA releases guidance for securing Unified Communications and VVoIP

 The US National Security Agency (NSA) released guidance for securing Unified Communications/Voice and Video over IP Systems...