FBI investigates cyberattacks on two water supply systems in Pennsylvania

Last month, the local Water Action Response Network, which includes utility companies, sent emails to its members, informing that cyberattacks had affected two water supply systems.

According to the letter, the hackers installed a web shell in the networks of enterprises for remote access to them. The attack was detected and stopped, and the FBI initiated an investigation. The organization did not disclose the names of the enterprises.

This is alarming and it is very vulnerable thing.said Guy Kruppa, a water supply inspector for Bel Vernon County, Pennsylvania, which serves about 2,300 homes and businesses.

Kruppa’s responsibilities include computer monitoring of chlorine and PH levels in tap water. According to him, he is constantly worried about intruders gaining access to the system and changing the levels of chemicals.

If you add more chlorine, more phosphate, it can lead to an outrageous situation when all the tanks have to be drained. People will feel bad. It can turn into a real nightmare.the Pennsylvania TV channel 6abc quotes Kruppa’s saying.

A similar thing almost happened earlier this year in Oldsmar, Florida. The attacker gained access to the water treatment system and raised the level of sodium hydroxide (a cleaning chemical) to dangerous levels. Fortunately, the employees of the water treatment plant managed to reduce the concentration of the hazardous substance in time.

Sodium hydroxide, also known as caustic soda, is the main ingredient in liquid pipe cleaners. It is also used to control the acidity of water and remove metals from drinking water in wastewater treatment plants. The hacker changed the sodium hydroxide content of the water from about 100 ppm to 11,100 ppm. Obviously, this is a significant and potentially dangerous increase. Sheriff Bob Gualtieri said at a press conference.

In the aftermath of the Oldsmare incident, the Public Utilities Commission has provided advice to state businesses to strengthen cybersecurity. The commission requires large utility companies to draw up annual cybersecurity plans, but small municipal systems are not required to do so, therefore they are more vulnerable to hacker attacks.

Let me remind you that I also reported that Kansas resident charged with hacking water utility computer system.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *