Hackers breach San Francisco water treatment plant

A successful attack could have poisoned the well

A hacker accessed systems belonging to a water treatment plant in the San Francisco Bay area and deleted applications the plant used to treat drinking water.

The incident happened in January but only came to light this week. According to reports by NBC News, the hackers used the username and password from a former employee's TeamViewer account to gain access to the plant and delete programs.

There is no indication who the hacker was or what their motivations were, according to a private report compiled by the Northern California Regional Intelligence Center in February. 

The breach went undetected until the next day. Once plant staff noticed the breach, it reinstalled all the deleted programs and reset all employee passwords.

"No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures," the report said.

According to some reports, the hacker "tried to poison" the area's water, but Michael Sena, executive director of the Northern California Regional Intelligence Center, told the San Francisco Chronicle there was no attempt to poison the water supply. 

“No one tried to poison any of our water,” he told the newspaper. “That is not accurate”.

“It takes a lot to influence a water supply chain,” he said. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people...the numbers are astronomical.”

Joseph Carson, chief security scientist at ThycoticCentrify, told IT Pro that this highlights and reminds us how bad password hygiene is getting and how important it is for organizations to priorities password security and management. 

“Organizations must help employees move passwords into the background, so they do not have to choose, remember or store passwords, using privileged access security solutions helps organizations reduces the risk of weak passwords which is a common cause of many security incidents and data breaches moving passwords into the background at the same time reducing cyber fatigue,” Carson said.

Carson added that organizations must have a solid provisioning and deprovisioning process for privileged access, especially for employees with remote access to sensitive systems.

“Companies should demand multi-factor authentication by default and integrate it into privileged access management security solutions, as this breach shows the importance of not letting a password be your only security control,” he said.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022