Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Open Invitation to be Hacked – Lessons to be Learned
February 11, 2021
It’s all over the news. As The Hacker News reported, a Florida water treatment plant had a security incident where the remote attacker attempted to increase chemical levels in the water supply to dangerous levels. The attack was unsuccessful but was full of lessons to be learned about what NOT to do. The details are from the “you can’t make this stuff up” camp.
One initial problem is that the supervisory control and data acquisition (SCADA) controlling the treatment plant was directly exposed to the internet without any firewall protection. As a degreed Marine Engineer, I have a personal problem with any SCADA system being connected to the internet period, even with some sort of protection. SCADA systems control critical processes. When something goes wrong, people get hurt or even die. But I digress.
The exposed computers were running a 32-bit version of Windows 7. The Windows 7 operating system reached end-of-life on January 14, 2020 (over a year ago) and is no longer receiving any updates. The machines were also running TeamViewer, which is considered a less than acceptable remote access tool by cybersecurity professionals. The icing on the cake was the same password being used for the remote access.
The lessons are not running a computer with unsupported software, applying all updates as they are available, practicing good password hygiene, and putting all your devices behind a firewall.