Hackers Attempted to Remove Regulation of Poison Content in Florida

Someone needs to say “damn Florida, water you even doing right now” (puns intended) given the latest news.

And I don’t say this lightly, despite the puns, given Florida’s awful history of “killing zones” in water.

This blog post title could be talking about Facebook’s “business” relationship with Cambridge Analytica being so obviously toxic to humanity, or it could be talking about Flint Michigan being a foreshadowing.

The reader would be forgiven for assuming either of those stories are linked here to a metaphor of poisoned content, misuse of controls, and the need for better regulation.

However, this is a non-metaphorical story. A hacker literally attempted to bypass regulations, change control of levels of known harmful contents, to flow in a massive content delivery system — water.

“The hacker changed the sodium hydroxide from about one hundred parts per million, to 11,100 parts per million,” Gualtieri said, adding that these were “dangerous” levels. When asked if this should be considered an attempt at bioterrorism, Gualtieri said, “What it is is someone hacked into the system not just once but twice … opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance. So, you label it however you want, those are the facts.”

So now when clubhouse, or Uber or some other anti-regulatory tech darling says they want to be the next water, be sure to ask them to explain this story and how they’d handle it.

There are a couple obvious integrity questions being floated (pun not intended) here.

First, why could the amount go up more than a small percentage, for example? Adding a bunch of zeros to 100 (or 1s, from 100 to 11100) sounds like this was a lazy attack to overflow (pun not intended) the input field in more ways than one.

Second, what’s this remote access direct into changing levels all about? I can maybe understand remote access to something with limited capabilities (see point one) but total control with no multi-factor authentication (MFA)? Everyone knows that is just wrong, mismanagement of basic plant safety. Update: TeamViewer has a history of this, where users report losing control even with MFA.

Third, multiple entry? Coming back a second time means the platform admins allowed a hacker to lye in wait (ok, pun intended because sodium hydroxide is lye, get it?). I just wanted to say lye in wait. But seriously, what else did they change and can the admins even tell or should the whole infrastructure be treated (pun not intended) as contaminated?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.