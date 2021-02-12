Notice. A few days ago the police in the city of Oldsmar in Florida (USA) announced that hackers had been able to break into the computer network of a sewage treatment plant in order to increase the level of a chemical that is corrosive and therefore harmful to health in high doses. Today our colleagues at The Verge tell us that this cyberattack actually resulted from a cruel lack of security. The doors to the computer network were wide open and any former employee could log in with a simple password.

A lack of security at the root of the “cyber attack”

During their “cyber attack”, the “hackers” raised the sodium hydroxide level in the water. In high doses, this additive, usually used to balance acidity, can be dangerous as it is corrosive to the skin. Fortunately, a technician present that day saw the changes in real time and was able to intervene before more than ten thousand people were affected.

In the same category

In Florida, a group of hackers hacked a drinking water system to poison it

While the local police and the FBI initially believed it was a relatively well-organized cyberattack, new evidence revealed during the investigation that the security of the wastewater treatment plant’s computer system was largely unsuccessful. With a simple password, any (former) employee could have accessed and made these changes from anywhere in the world.

Indeed, investigators learned that the TeamViewer remote maintenance software was installed on the station’s computer system, even though it had not been used for six months. Worse, it was accessible through a unique password that was shared among all computers and that was never changed. A simple connection then made it possible to control all the chemicals present in the water without the need for computer skills.

As our colleagues at Vice point out, this situation is only a bitter reflection of what is happening on a large scale: public service infrastructure is aging, lacking the budget, expertise or capacity to control its own security systems. In this particular case, the disaster was narrowly avoided. This should be seen as a red flag warning of possible dangers that lie over our faces if these computer networks are not better protected in the future.