Tag: hackers

America’s Drinking Water Is Surprisingly Easy to Poison

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

Get Our Top Investigations

Subscribe to the Big Story newsletter.Email address:

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

Keep reading

Hacker Tried To Poison Entire Florida Town By Raising Chemical Levels In Water Supply

A town in Florida has been target of a hack which briefly altered chemicals in its water supply to “potentially damaging levels” according to local media reports. Federal and local authorities are currently investigating the computer network intrusion which happened last Friday morning, the alarming details of which are emerging Monday.

Plant operators overseeing the small city of Oldsmar’s water supply began observing strange activity on their monitors. That’s when technicians noticed that sodium hydroxide levels (or lye), which is used to treat the city’s water in small amounts in order to control acidity while removing heavy metals, was being remotely pushed higher.

Technicians noticed the chemical levels being subject of unauthorized external manipulation in real-time and immediately moved to restore the sodium hydroxide input to its safe, correct levels. The AP detailed based on local reporting: “A plant worker first noticed the unusual activity at around 8 a.m. Friday when someone briefly accessed the system.”

“At about 1:30 p.m., someone accessed it again, took control of the mouse, directed it to the software that controls water treatment and increased the amount of sodium hydroxide, the report continued.

The hacker or hackers have yet to be uncovered and apprehended.

Keep reading

Telegram feature exposes your precise address to hackers

If you’re using an Android device—or in some cases an iPhone—the Telegram messenger app makes it easy for hackers to find your precise location when you enable a feature that allows users who are geographically close to you to connect. The researcher who discovered the disclosure vulnerability and privately reported it to Telegram developers said they have no plans to fix it.

The problem stems from a feature called People Nearby. By default, it’s turned off. When users enable it, their geographic distance is shown to other people who have it turned on and are in (or are spoofing) the same geographic region. When People Nearby is used as designed, it’s a useful feature with few if any privacy concerns. After all, a notification that someone is 1 kilometer or 600 meters away still leaves stalkers guessing where, precisely, you are.

Stalking made simple

Independent researcher Ahmed Hassan, however, has shown how the feature can be abused to divulge exactly where you are. Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.

Keep reading

NBC Reported In 2019 How EASY It Was To Hack Dominion Machines, Trump Rubs Their Noses All In It!

Most major media are continuing to push back on claims by President Donald Trump’s campaign that voting machines in some key battleground states were manipulated in favor of Democratic rival Joe Biden.

But on Saturday, the president tweeted a clip of an August 2019 NBC News report featuring technology correspondent Jacob Ward who explained how easy it is for hackers to penetrate and manipulate voting machines made by top companies such as Election Systems & Software, Dominion Voting Systems, and Hart Intercivic.

Ward’s complete report, which is posted at NBC News’ website, is titled, “How hackers can target voting machines,” and was filed shortly after the world’s biggest underground hacking conference, DEFCON, ended in Las Vegas.

Keep reading

Smart TV hackers are filming people having sex on their sofas – and putting it on porn sites

Next time, you’re snuggling up to your other half on the sofa, imagine that some sweaty, sex-pest nerd might be watching you through your TV’s webcam. Horrifyingly, it’s actually true: hackers HAVE ‘watched’ couples making love on their sofas via webcams built into smart TVs – and put the video on porn sites. Many ‘smart TVs’ have poor security, and hackers can take over various functions – including webcams built for Skype. Laura Higgins of the Revenge Porn Helpline told the Daily Mail, ‘We have dealt with one couple who were filmed making love in their living room through their smart TV by someone who had taken control of it. ‘The footage just appeared on a website.

Keep reading

C-SPAN suspends Scully after he admits to lie about hack

C-SPAN suspended its political editor Steve Scully indefinitely Thursday after he admitted to lying about his Twitter feed being hacked when he was confronted about a questionable exchange with former Trump aide Anthony Scaramucci.

The news came on the day of what was supposed to be a career highlight for the 30-year C-SPAN veteran. Scully was to moderate the second debate between President Donald Trump and Democrat Joe Biden, which was canceled after Trump would not agree to a virtual format because of his COVID-19 diagnosis.

A week ago, after Trump had criticized him as a “never Trumper,” Scully tweeted “@Scaramucci should I respond to Trump.” Scaramucci, a former Trump communications director and now a critic of the president, advised Scully to ignore him.

Scully said that when he saw his tweet had created a controversy, “I falsely claimed that my Twitter account had been hacked.”

Keep reading

The Tool That Took Over Twitter

If you were staring at your Twitter feed last week, you probably saw a bunch of famous people and brands post a Bitcoin wallet address, asking people to send in money. 

Elon Musk, Bill Gates, Barack Obama, Joe Biden, Apple, Jeff Bezos, Kanye West, Uber, Wiz Khalifa, Floyd Mayweather, were all among 130 accounts that hackers took control of in a brazen hack. 

Joseph Cox was the first to report that the hackers had pulled off the hack leveraging an internal Twitter tool used by company employeesThe New York Times later confirmed the story, talking directly to some of the hackers involved. 

On this week’s CYBER, we spoke to Joseph, who broke down how the hack actually happened, and what we can all learn from it.

Keep reading

Hackers Convinced Twitter Employee to Help Them Hijack Accounts

 A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

On Wednesday, a spike of high profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack.

“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.

The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.

In all, four sources close to or inside the underground hacking community provided Motherboard with screenshots of the user tool. Two sources said the Twitter panel was also used to change ownership of some so-called OG accounts—accounts that have a handle consisting of only one or two characters—as well as facilitating the tweeting of the cryptocurrency scams from the high profile accounts.

Twitter has been deleting some screenshots of the panel and has suspended users who have tweeted them, claiming that the tweets violate its rules.

Keep reading