The City of Oldsmar, Florida was recently targeted by a hacker attempting to poison the city’s water supply remotely. Although it sounds like something out of a movie, local news reports on the incident have said that one or more hackers remotely accessed computer systems at a water treatment plant in Oldsmar that apparently controls the city’s entire water supply. The hacker reportedly attempted to poison the city’s water supply by increasing the amount of sodium hydroxide, otherwise known as lye, at the water treatment plant by 100 times the current and usual level.
Law enforcement officials continue to search for the suspects involved in this incident. The Federal Bureau of Investigation (FBI) has also been notified and continues to investigate the incident.
How Did This Happen?
It is common to see hackers access computer systems remotely through user errors and unsafe computer practices. In this case, investigators determined that the hackers might have targeted the water treatment plant after discovering that it still ran on Windows 7. The older operating system could be more vulnerable to hacks because Microsoft stopped supporting it in January 2020, meaning official cybersecurity updates for the OS are effectively nonexistent. Investigators working on the case also found that the hackers may have used a software program called TeamViewer, which allows users to access computer systems remotely.
Major Concerns Following the Cyberattack
Some of the biggest concerns arising from the water plant hack in Oldsmar are:
- With Windows 7 no longer receiving technical assistance or software updates from Microsoft, all users are more prone to security issues and breaches to their devices until they update to a more recent OS. Other water treatment plants across the country could be in the same situation as Oldsmar’s plant.
- Microsoft began this transition away from Windows 7 in 2015 after Windows 10 had debuted that same summer. After millions of systems and devices were updated to Windows 10, users that continued to use Windows 7 had plenty of notice that its systems were outdated and more prone to vulnerabilities. Despite this advanced warning, the water treatment plant seemingly did nothing to update its software and operating systems.
- In addition to an outdated, unsupported operating system running the water plant in Oldsmar, investigators also determined that the computers were running “without any type of firewall protection installed.” Systems that lack a firewall are especially prone to heightened security risks.
- News reports also found that shared passwords were used to access the city’s water plant computer systems, which likely means that password management was poor or nonexistent. Password sharing can increase the chances of becoming a victim of cybercrime because hackers have more places to look for passwords.
Overall, this is a crucial development that requires the attention of all levels of government that may be targeted in similar cyberattacks. Safety measures such as strong password management, firewall protection, security updates, and other similar safeguards can decrease the likelihood of cyberattacks. While these measures do not guarantee complete and absolute protection from cybercrime, it certainly reduces the odds of becoming a victim.
If you enjoyed reading this article, check out more cybersecurity articles written by Vernon Litigation Group here.