Hackers Modify Water Treatment Parameters By Accident (softpedia.com)

Posted by msmash on Tuesday March 22, 2016 @05:30AM from the water-getting-hack-treatment dept.

An anonymous reader writes: Verizon's RISK security team has revealed details on a data breach they investigated where some hackers (previously tied to hacktivism campaigns) breached a payments application from an unnamed water treatment and supply company [PDF, page 38], and also escalated their access to reach SCADA equipment responsible for the water treatment process. The hackers modified water treatment chemical levels four different times. The cause of this intrusion seems to be bad network design, since all equipment was interconnected with each other in a star network design, and the payments app contained an INI file with the administrative password for the central router, from where the hackers reached the water treatment SCADA equipment. Of course, the hackers had no clue what they were modifying. Nobody got poisoned or sick in the end.

3 of 139 comments (clear)

Min score:

Reason:

Sort:

I disagree by liqu1d · 2016-03-22 05:37 · Score: 4, Funny

I got rather sick when I read that the admin password was in the ini file.
1. Re:I disagree by MobyDisk · 2016-03-22 05:42 · Score: 4, Funny
  
  Yeah, they should have put the admin password in an XML file!
Re:And the worst of it? by Pascoea · 2016-03-22 06:06 · Score: 4, Funny

Come on. Give them a little credit, it was an INI file, not a TXT file. They probably even named it this_isnt_the_network_password.ini