A NEW TYPE of hacker has emerged who might break into utilities like the water supply and spike them so as to poison a whole community.
This is surely Hollywood stuff, or at least straight to DVD. But no, it is the real world and a warning from Verizon Security Solutions, which has found evidence of an actual attack where hackers got in and adulterated the water.
Verizon's 2015 Data Breach Investigations digest (you will have to register to read it) said that the attack happened at a facility called Kemuri Water Company (KWC). This is a fake name to protect injured parties, presumably, and to allow the drinking of water to carry on.
It is worth registering for the report if you are inclined to do that sort of thing. You can grab it as a PDF. It reckons that the incident was enabled by some hokey old issues.
"Behind the scenes, KWC was a likely candidate for a data breach. Its internet- facing perimeter showed several high-risk vulnerabilities often exploited in the wild," said the report.
"The OT end of the water district relied heavily on antiquated computer systems running operating systems from 10-plus years ago. Even more concerning, many critical IT and OT functions ran on a single AS400 system. KWC referred to this AS400 system as its SCADA platform.
"This system functioned as a router with direct connections into several networks. Moreover, only a single employee was capable of administering it. If a data breach were to occur at KWC, this SCADA platform would be the first place to look.
"Interviews with the KWC IT network team revealed concerns surrounding recent suspicious cyber activity. It became clear that KWC management was aware of potential unauthorised access into the OT systems of the water district."
The hackers were able to change the amount of chemicals in the water and alter its flow, according to the report. µ
What took so long?
Leaked display panel 'confirms' curved edge screen and iris scanner
Company is sometimes capable of good customer Surface