Hackers breach San Francisco water treatment plant

Water treatment tanks
(Image credit: Shutterstock)

A hacker accessed systems belonging to a water treatment plant in the San Francisco Bay area and deleted applications the plant used to treat drinking water.

The incident happened in January but only came to light this week. According to reports by NBC News, the hackers used the username and password from a former employee's TeamViewer account to gain access to the plant and delete programs.

There is no indication who the hacker was or what their motivations were, according to a private report compiled by the Northern California Regional Intelligence Center in February.

The breach went undetected until the next day. Once plant staff noticed the breach, it reinstalled all the deleted programs and reset all employee passwords.

"No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report said.

According to some reports, the hacker "tried to poison" the area's water, but Michael Sena, executive director of the Northern California Regional Intelligence Center, told the San Francisco Chronicle there was no attempt to poison the water supply.

“No one tried to poison any of our water,” he told the newspaper. “That is not accurate”.

“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people...the numbers are astronomical.”

Joseph Carson, chief security scientist at ThycoticCentrify, told IT Pro that this highlights and reminds us how bad password hygiene is getting and how important it is for organizations to priorities password security and management.

“Organizations must help employees move passwords into the background, so they do not have to choose, remember or store passwords, using privileged access security solutions helps organizations reduces the risk of weak passwords which is a common cause of many security incidents and data breaches moving passwords into the background at the same time reducing cyber fatigue,” Carson said.

Carson added that organizations must have a solid provisioning and deprovisioning process for privileged access, especially for employees with remote access to sensitive systems.

“Companies should demand multi-factor authentication by default and integrate it into privileged access management security solutions, as this breach shows the importance of not letting a password be your only security control,” he said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.