America’s Drinking Water Is Surprisingly Easy to Poison

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

Get Our Top Investigations

Subscribe to the Big Story newsletter.Email address:

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

Keep reading

Journalist Can’t Sue Rod Rosenstein for Alleged Illegal Spying on Her Family During Obama Admin Because of Qualified Immunity

Television journalist Sharyl Attkisson and her family sued former deputy attorney general Rod Rosenstein for illegally spying on them in violation of the Fourth Amendment and federal law during the Obama administration. A federal court dismissed the lawsuit earlier this week by finding that Rosenstein is entitled to qualified immunity.

The controversy has taken numerous paths through the legal system since the Attkissons claimed they discovered that the government had hacked into their computers and cellphones in 2014—first filing a lawsuit against former U.S. Attorney General Eric Holder, former U.S. Postmaster General Patrick Donahoe, and numerous “John Doe” agents with the U.S. Department of Justice (DOJ) based on alleged violations of the First and Fourth Amendments.

Keep reading

Controversial COVID-19 Data Scientist’s Home Raided, Guns at Pointed Family, Computers Seized

Earlier this year in May, Rebekah Jones, the data scientist working for Florida, who put together that state’s COVID-19 database, made national headlines when she was fired by the state over a disagreement in reporting the numbers. Jones says she was fired for refusing to manipulate data that showed a higher number of deaths while the state claimed she was fired for insubordination. Fast-forward to this month, and what started as a firing ended with armed agents of the state allegedly pointing guns at an entire family, during a raid on their Florida home.

After she was fired in May, Jones made the following claim:

I was asked by DOH leadership to manually change numbers. This was a week before the reopening plan officially kicked off into phase one. I was asked to do the analysis and present the findings about which counties met the criteria for reopening. The criteria followed more or less the White House panel’s recommendations, but our epidemiology team also contributed to that as well. As soon as I presented the results, they were essentially the opposite of what they had anticipated. The whole day while we’re having this kind of back and forth changing this, not showing that, the plan was being printed and stapled right in front of me. So it was very clear at that point that the science behind the supposedly science-driven plan didn’t matter because the plan was already made.

After she was fired, Jones continued her work reporting the numbers by starting the website Florida COVID Action, which is a dashboard of Florida COVID information, like the one she used to run for the state. Since then, she’s been running this site without much resistance from the state — until now.

Keep reading

The Tool That Took Over Twitter

If you were staring at your Twitter feed last week, you probably saw a bunch of famous people and brands post a Bitcoin wallet address, asking people to send in money. 

Elon Musk, Bill Gates, Barack Obama, Joe Biden, Apple, Jeff Bezos, Kanye West, Uber, Wiz Khalifa, Floyd Mayweather, were all among 130 accounts that hackers took control of in a brazen hack. 

Joseph Cox was the first to report that the hackers had pulled off the hack leveraging an internal Twitter tool used by company employeesThe New York Times later confirmed the story, talking directly to some of the hackers involved. 

On this week’s CYBER, we spoke to Joseph, who broke down how the hack actually happened, and what we can all learn from it.

Keep reading

Knowing Or Distributing This Illegal Prime Number Could Get You Arrested

What if I told you that there exist few numbers that will get you arrested in America if your write them down or publish them on some website? Well, this isn’t some kind of April Fools’ Day joke and even some casual affair with these number could get you in trouble in States.

If your knowledge extends deep into the waters of security and cryptography, you might be knowing that prime numbers are really important in the field of encryption. Earlier this year in January, cryptographers were elated when a new world’s largest prime number was discovered.

Keep reading