On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn’t seem hard.
The hacker had the username and password for a former employee’s TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.
After logging in, the hacker, whose name and motive are unknown and who hasn’t been identified by law enforcement, deleted programs that the water plant used to treat drinking water.
The hack wasn’t discovered until the following day, and the facility changed its passwords and reinstalled the programs.
“No failures were reported as a result of this incident, and no individuals in the city reported illness from water-related failures,” the report, which did not specify which water treatment plant had been breached, noted.
The incident, which has not been previously reported, is one of a growing number of cyberattacks on U.S. water infrastructure that have recently come to light. The Bay Area attack was followed by a similar one in Oldsmar, Florida, a few weeks later. In that one, which made headlines around the world, a hacker also gained access to a TeamViewer account and raised the levels of lye in the drinking water to poisonous levels. An employee quickly caught the computer’s mouse moving on its own, and undid the hacker’s changes.
The Biden administration and the…