Hackers Modify Water Treatment Parameters By Accident

An anonymous reader writes: Verizon's RISK security team has revealed details on a data breach they investigated where some hackers (previously tied to hacktivism campaigns) breached a payments application from an unnamed water treatment and supply company [PDF, page 38], and also escalated their access to reach SCADA equipment responsible for the water treatment process. The hackers modified water treatment chemical levels four different times. The cause of this intrusion seems to be bad network design, since all equipment was interconnected with each other in a star network design, and the payments app contained an INI file with the administrative password for the central router, from where the hackers reached the water treatment SCADA equipment. Of course, the hackers had no clue what they were modifying. Nobody got poisoned or sick in the end.

Re:And the worst of it?

[Coisiche]

I was nodding in agreement to that and then a thought suddenly struck me... what if something like this was left deliberately weak so that a part of the population could be disposed of, should it become necessary, and then hackers are the convenient scapegoat for blame in the eyes of everyone else. Especially if the hackers were associated with parties that the monied interests find inconvenient.

I know they say never attribute to malice that which can be explained by incompetence but maybe sometimes it is malice.