Hackers breach San Francisco water treatment plant

A successful attack could have poisoned the well

A hacker accessed systems belonging to a water treatment plant in the San Francisco Bay area and deleted applications the plant used to treat drinking water.

The incident happened in January but only came to light this week. According to reports by NBC News, the hackers used the username and password from a former employee's TeamViewer account to gain access to the plant and delete programs.

There is no indication who the hacker was or what their motivations were, according to a private report compiled by the Northern California Regional Intelligence Center in February. 

The breach went undetected until the next day. Once plant staff noticed the breach, it reinstalled all the deleted programs and reset all employee passwords.

"No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report said.

According to some reports, the hacker "tried to poison" the area's water, but Michael Sena, executive director of the Northern California Regional Intelligence Center, told the San Francisco Chronicle there was no attempt to poison the water supply. 

“No one tried to poison any of our water,” he told the newspaper. “That is not accurate”.

“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people...the numbers are astronomical.”

Joseph Carson, chief security scientist at ThycoticCentrify, told IT Pro that this highlights and reminds us how bad password hygiene is getting and how important it is for organizations to priorities password security and management. 

“Organizations must help employees move passwords into the background, so they do not have to choose, remember or store passwords, using privileged access security solutions helps organizations reduces the risk of weak passwords which is a common cause of many security incidents and data breaches moving passwords into the background at the same time reducing cyber fatigue,” Carson said.

Carson added that organizations must have a solid provisioning and deprovisioning process for privileged access, especially for employees with remote access to sensitive systems.

“Companies should demand multi-factor authentication by default and integrate it into privileged access management security solutions, as this breach shows the importance of not letting a password be your only security control,” he said.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

3 Aug 2021
86% of organizations expect a cyber attack in the next 12 months
cyber attacks

86% of organizations expect a cyber attack in the next 12 months

3 Aug 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021