Today in data breaches

Post Reply
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

I used to work at a company that made metering software + hardware. And I was STUNNED how terrible a lot of systems for water plants, electrical grid, etc are. Just terrible. Easy to hack into, etc. I would assume half of the US' systems have been hacked into already.
A water-treatment plant in Oldsmar, Fla., was hacked, and the intruder briefly increased the amount of lye used to treat water to a dangerous level, authorities said Monday.

A plant operator noticed the alteration Friday and immediately reversed it, avoiding adverse effects on the city’s water supply. But the breach highlights the exposure of utilities to cyberattacks.

“Water systems, like other public utility systems, are part of the nation’s critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety,” said Pinellas County Sheriff Bob Gualtieri at a news conference Monday about the incident.

The hacking began on Friday morning at the plant in Oldsmar, a city of about 15,000 people in the Tampa Bay area, Sheriff Gualtieri said. Around 8 a.m., a plant operator noticed that someone remotely accessed a computer system he was monitoring that controls chemicals used to treat water as well as other functions. The computer system has a software program that allows authorized users to access it remotely.

The intruder got into the utility’s industrial control-system through TeamViewer, a tool that allows engineers to monitor and repair computers and network machines, Sheriff Gualtieri said in an interview. Though the utility had switched to a different tool six months ago, he said, the TeamViewer program remained in place but unused, providing the door through which the intruder entered and gained full access to the system.

The intrusion was brief, and the operator didn’t think much of it because his supervisor and others remotely access his computer screen to monitor the system, Sheriff Gualtieri said at the news conference. Then at around 1:30 p.m. Friday, someone again entered the system remotely. A plant operator observed the intruder opening various software functions that control the water being treated in the system, the sheriff said.
That being said, this one just looks like incompetent IT.
It's not me, it's someone else.
User avatar
Cakedaddy
Posts: 8798
Joined: Thu May 20, 2004 6:52 pm

Today in data breaches

Post by Cakedaddy »

I was going to say and inside job, or a disgruntled former employee.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

Cakedaddy wrote: Mon Feb 08, 2021 8:32 pm I was going to say and inside job, or a disgruntled former employee.
That was my first thought when I saw the story.

Although, it does highlight that, as a society, we're far more vulnerable than we might think. So give a shout out to the CIA and other alphabet agencies for working hard and killing folks before they kill us.
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
GORDON
Site Admin
Posts: 54400
Joined: Sun Jun 06, 2004 10:43 pm
Location: DTManistan
Contact:

Today in data breaches

Post by GORDON »

The article listed an obsolete remote access program, open firewall ports, and compromised passwords. I completely believe it. Automated port scanners found them while the hackers were asleep, probably.
"Be bold, and mighty forces will come to your aid."
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

Everyone running Exchange was hacked. Or something like that.

Good job, Microsoft.
So far, hack descriptors such as “crazy huge,” “astronomical,” and “unusually aggressive” seem to be right on the money. As a result of Exchange vulnerabilities, it is likely that tens of thousands of U.S.-based entities have had malicious backdoors implanted in their systems. Anonymous sources close to the Microsoft investigation have repeatedly told press outlets that somewhere around 30,000 American organizations have been compromised as a result of the security flaws (if correct, these numbers officially dwarf SolarWinds, which led to the compromise of about 18,000 entities domestically and nine federal agencies, according to the White House). The number of compromised entities worldwide could be much larger. A source recently told Bloomberg that there are “at least 60,000 known victims globally.”
It's not me, it's someone else.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

We were.

They weren't actually in our systems. It was just files showing they could access our webmail. That has been patched.

Meanwhile, the governments of the world continue to do absolutely nothing about China.
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
GORDON
Site Admin
Posts: 54400
Joined: Sun Jun 06, 2004 10:43 pm
Location: DTManistan
Contact:

Today in data breaches

Post by GORDON »

On a serious tip, do what about China? Is this worth killing people over? It's not like China is a bunch of kids in a house during a police raid. You can't just go in threatening to shoot China if they dont comply.
"Be bold, and mighty forces will come to your aid."
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

I'll answer you in the China thread.
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

Leisher wrote: Fri May 28, 2021 4:02 pm Cybersecurity experts are in high demand.
My brother works in cybersecurity. He is doing very well.
It's not me, it's someone else.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

Leisher wrote: Tue Jun 01, 2021 2:04 pm Russians attack our meat.
:x :x :x
It's not me, it's someone else.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

Yahoo Finance thinks the government is solution to stop cyberattacks.
So, how do we stop cyberattacks? The answer may be for the U.S. government to step in and mandate cybersecurity standards for the nation’s most crucial companies
Listen, I'm on board with the feds demanding better cybersecurity for pretty much every industry. However, I don't want the feds dictating what those standards should be, nor do I want the corporations deciding. Create an advisory board made up of industry professionals from actual security companies (like DDI) and let them figure it out.
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

Maybe we just stop Russia from using our part of the Internet.
It's not me, it's someone else.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

Don't forget about China.

I can watch intrusion attempts into my network via a piece of hardware we have, and 90% of them come from Russia and China.

What the U.S. needs to do is hire an elite hacker team to hack something in China, but make it look like Russians, and vice versa. :D
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

I await the drone strikes.
It's not me, it's someone else.
Leisher
Site Admin
Posts: 65258
Joined: Thu May 20, 2004 9:17 pm
Contact:

Today in data breaches

Post by Leisher »

Read between the lines and that's kind of where they're going with this, right?
“Every record been destroyed or falsified, books rewritten, pictures repainted, statues, street building renamed, every date altered. The process is continuing day by day. History stops. Nothing exists except endless present in which the Party is right.”
TheCatt
Site Admin
Posts: 53728
Joined: Thu May 20, 2004 11:15 pm
Location: Cary, NC

Today in data breaches

Post by TheCatt »

Leisher wrote: Fri Jun 04, 2021 11:16 am Read between the lines and that's kind of where they're going with this, right?
They had better.
It's not me, it's someone else.
Post Reply