City's Water Control System Hacked Because of Three-Character Password

20

Comments

+ Add a Comment
avatar

Keno5net

The guy will probably be hunted down and strung up by his thumbs because he embarrassed The Department.

avatar

Bad Kharma

I would normally file this under life is hard but it is even harder when you are stupid.

avatar

livebriand

The password was probably 123, ABC, or H20, right?

avatar

bling581

I'm guessing ABC because H20 would be too obvious...

avatar

Caboose

or sex or god

avatar

don2041

Any idiots stupid enough to connect a utility company to the internet should be publicly flogged and then fired.

avatar

Eoraptor

EVERYTHING is on the internet these days, whether it's pofoundly stupid or not. why do you think (covert military operation of unknown origin) created stuxnet? because the Iranians had their nuclear material producing stuff hooked up to the net.

"because if it can't access the web, it's crap"

avatar

limitbreaker

Actually youre wrong about stuxnet, you're underestimating both the Iranians and the virus... stuxnet was designed to spread by things like USB sticks because those computers were not connected to the internet. The virus was engineered to remain passive and spread from pc to pc without the internet until it finds the target. 

stuxnet http://www.forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html

avatar

biggiebob12345

It's probably because of lazy engineers that want to be able to work from their phones while jerking off at home.

Same reason why American cars suck.  America produces the best engineers....but you also end up with lazy and sloppy engineers too.

avatar

LatiosXT

You're confusing engineers with IT.

Unless you're talking about the "Train Engineer" or "Flight Engineer" kind of engineer.

avatar

khaz19

You're way off base.  The SCADA and HMI/PLC systems are Ethernet-capable for a few (very good) reasons:

1. Enables for a greater physical distance between devices.

2. Remote connectivity for troubleshooting & updates.

3. Faster communication between devices.

4. Allows for more devices to communicate with each other simultaneously.

Having Ethernet/internet connectivity is a good thing, but without the proper and adequate security measures to ensure its protected, it's like a screen door on a submarine.

avatar

Eoraptor

exactly, it reduces or eluminates the need to have to pay some guy to sit with his tumb up his ass at a control station 24 hours a day on the off chance something MIGHT go wrong. Imagine something a small hydroelectric powerplant. it's sitting in the middle of the wilderness, on a waterfall, to generate electicity. now your choice in maintaining it is either to a.) put in an access road, a bathroom, several vending machines, maybe even a kitchen, a break room, and several chairs and desks or b.) hook the damned thing up to the web and let someone monitor it from downtown, and only send people physically there when needed.

 

 

 

 

 

 

 

avatar

don2041

Sometimes the dangers outweigh the conveniences.

avatar

mattman059

holly golightly, this is why we need better passwords.

avatar

win7fanboi

don't mess with tex@ss

avatar

Scatter

Unfortunately sometime it takes exposing vulnerabilities like these in order to bring attention to them and cause change.  Unfortunately again he'll probably be arrested for doing so and charges as a terrorist. 

avatar

MastaGuy

That's pretty much why Anonymous hacked PSN

avatar

Joji

But Anonymous is a malicious! Instead of throwing away all that data they stole from PSN, they posted it for the public to see!

avatar

Mkvandals

If they didn’t post the data they stole. Would we have believed them?

avatar

Peanut Fox

I think it's clear that Anon doesn't have credibility. 

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.