Breached water plant employees used the same TeamViewer password and no firewall

by
Dan Goodin
from Ars Technica - All content on (#5E1HA)
water-800x500.jpg

Enlarge (credit: Getty Images / Leon Justice)

The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.

The computer intrusion happened last Friday in Oldsmar, a Florida city of about 15,000 that's roughly 15 miles northwest of Tampa. After gaining remote access to a computer that controlled equipment inside the Oldsmar water treatment plant, the unknown intruder increased the amount of sodium hydroxide-a caustic chemical better known as lye-by a factor of 100. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place.

Beware of lax security

According to an advisory from the state of Massachusetts, employees with the Oldsmar facility used a computer running Windows 7 to remotely access plant controls known as a SCADA-short for supervisory control and data acquisition"-system. What's more, the computer had no firewall installed and used a password that was shared among employees for remotely logging in to city systems with the TeamViewer application.

Read 8 remaining paragraphs | Comments

index?i=r76htG8jB6g:vgehYE12nog:V_sGLiPB index?i=r76htG8jB6g:vgehYE12nog:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments