Hacked US water plant was still using Windows 7
Awater-treatment plant that was hacked in Oldsmar, Florida was still using computers running Windows 7, making it easier for the attacker to infiltrate the system.
Microsoft stopped supporting Windows 7 in January 2020, though some businesses and organisations can pay for extended support.
Reports in the US quote investigators as saying that “the cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment”.
They added that the hacker probably used Teamviewer to remotely access and control the plant’s computers. The staff also use Teamviewer to access computers, but it seems they all shared the same password, meaning the hacker had to guess only one to take over the system.
In another severe security failure, the computers were connected to the internet without a firewall.
The attacker tried to poison the water supply by increasing the amount of sodium hydroxide, which is the main ingredient in liquid drain cleaners. It can irritate the skin and eyes, and lead to hair loss, while swallowing it can induce vomiting, nausea and diarrhoea.
A worker spotted the increase and reversed it before the poisoned water reached the 15,000 businesses and residents supplied by the plant.
The attack has drawn attention to the risk posed by hackers targeting national infrastructure. Security experts have long warned that it’s only a matter of time before a hack on water, electricity, nuclear power or transport kills many people. They’ve repeatedly urged governments to invest more to keep the security of critical infrastructure up to date.
Last year there were several unsuccessful hacks on Israeli water supplies, while in 2016 an unnamed US water plant was attacked.