hacker using keyboard

    Published: April 28, 2016

    Hackers Infiltrate US Water Treatment Facility

    Verizon’s latest Data Breach Digest contains alarming news. Hackers targeted a US water company, gaining access to customer billing information and meddling with the company’s valve and control settings.

    The company, identified by UK tech site The Register as Kemuri Water Company, approached Verizon asking for help checking their system for security vulnerabilities. Verizon uncovered evidence a hack had already occurred, explaining a series of unexplained valve and duct movements ranging over two months.

    The hackers manipulated a range of water facility operations, including water flow and distribution. The amount of chemicals used to make water safe to drink was also affected. Fortunately, facility alerts allowed staff to quickly correct such changes, with minimal impact on customer safety.

    Hacking the system proved a frighteningly easy task, as the facility relies on outdated hardware running obsolete operating systems—some more than ten years old. The application targeted by the hackers also included personal and billing information for over 2.4 million customers. As of this date, that information has not been exploited for fraud or identity theft.

    As for the hackers themselves, Verizon linked them to IP addresses used in the past to commit “hacktivist” attacks. The Register suggests the hackers have ties to Syrian hacktivist groups, although this has yet to be conclusively proven.

    The motive for the attack seems unclear, especially as stolen personal information (if any) has yet to be exploited. It’s possible hackers launched the attack with a malicious end in mind, but if so they lacked sufficient knowledge of water treatment operating systems to do serious damage. They may also have breached security simply “for the lulz.”

    While no serious harm occurred in this instance, the attack serves as a reminder of yet another vulnerability in the nation’s aging water infrastructure. Had the attackers possessed more information on water systems, they could have made dangerous changes to amount of chemicals present in outgoing water.

    It’s well past time our nation’s leaders paid serious attention to restoring US water treatment plants and delivery systems, from updating antiquated and vulnerable software to replacing corroding lead pipes. Doing so is both a mammoth and expensive task, but it needs doing. In the meantime, you can at protect your home’s water supply with a Pelican whole house water filter with UV. Capable of reducing sediments, chemicals, and contaminants while preventing microbial growth, our filters are easy to install and require minimal maintenance.

    This is unlikely to be the last time a water treatment facility is hacked. Next time, the consequences might be deadly. Protect yourself and your family—between hacking attacks and scandals like the Flint water crisis, it’s increasingly apparent water treatment companies aren’t up to the task.