• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • Comment
  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

Republican obstruction dressed up as bipartisanship. Again.

I’m going back to the respite thread.

There’s some extremely good trouble headed their way.

Let there be snark.

Consistently wrong since 2002

They are all Michael Cohen now.

Make the republican party small enough to drown in a bathtub.

I’d like to think you all would remain faithful to me if I ever tried to have some of you killed.

It’s the corruption, stupid.

I can’t take this shit today. I just can’t.

An almost top 10,000 blog!

Wetsuit optional.

I’m only here for the duck photos.

The willow is too close to the house.

I see no possible difficulties whatsoever with this fool-proof plan.

Shallow, uninformed, and lacking identity

My years-long effort to drive family and friends away has really paid off this year.

Sadly, there is no cure for stupid.

I really should read my own blog.

They fucked up the fucking up of the fuckup!

This fight is for everything.

All your base are belong to Tunch.

Yes we did.

Four legs? good! two legs? we’re not so sure…

Mobile Menu

  • Look Forward & Back
  • Balloon Juice 2021 Pet Calendar
  • Site Feedback
  • All 2020 Fundraising
  • I Voted!
  • Take Action: Things We Can Do
  • Team Claire, and Family
  • Submit Photos to On the Road
  • BJ PayPal Donations
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • Nature & Respite
  • Information As Power
  • COVID-19 Coronavirus
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • On The Road
  • Garden Chats
  • Nature & Respite
  • Look Forward & Back
You are here: Home / Politics / America / Not Everything Is Russia: Oldsmar, Florida’s Water Treatment Facility Edition

Not Everything Is Russia: Oldsmar, Florida’s Water Treatment Facility Edition

by Adam L Silverman|  February 8, 202111:05 pm| 121 Comments

This post is in: America, Crazification Factor, Foreign Affairs, Iran, Open Threads, Russia, Silverman on Security

Facebook0Tweet0Email0

Last Friday someone was able to access the Oldsmar, Florida water treatment facility computer system and adjust the levels of sodium hydroxide, aka lye, that would be added to the water. The Tampa Bay Times has the details:

Local and federal authorities are investigating after an attempt Friday to poison the city of Oldsmar’s water supply, Pinellas County Sheriff Bob Gualtieri said.

Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday. The chemical is used in small amounts to control the acidity of water but it’s also a corrosive compound commonly found in household cleaning supplies such as liquid drain cleaners.

The city’s water supply was not affected. A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.

The Pinellas County Sheriff’s Office is investigating, along with the FBI and the Secret Service, Gualtieri said.

Nobody has been arrested, Gualtieri said, though investigators have some leads. They do not know why Oldsmar was targeted, he said.

Though some cities obtain water through Pinellas County, Oldsmar provides water directly to its businesses and roughly 15,000 residents, Gualtieri said. The computer system at the water treatment plant was set up to allow authorized users to remotely access it for troubleshooting.

A plant operator was monitoring the system at about 8 a.m. Friday and noticed that someone briefly accessed it. He didn’t find this unusual, Gualtieri said, because his supervisor remotely accessed the system regularly.

But at about 1:30 p.m. the same day, Gualtieri said, someone accessed the system again. This time, he said, the operator watched as someone took control of the mouse, directed it to the software that controls water treatment, worked inside it for three to five minutes and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

The attacker left the system, Gualtieri said, and the operator immediately changed the concentration back to 100 parts per million.

“At no time was there a significant adverse effect on the water being treated,” the sheriff said. “Importantly, the public was never in danger.”

Even if the operator hadn’t caught it, he said, it would have taken more than a day for the water to enter the water supply.

“The protocols that we have in place, monitoring protocols, they work — that’s the good news,” said Oldsmar Mayor Eric Seidel. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.

“The important thing is to put everyone on notice,” he said. “There’s a bad actor out there.”

Much more at the link, including a profound statement by Florida’s senior senator Micro Rubio.

Malcolm Nance immediately jumped to conclusions:

WARNING: A Remote access hack occurred Friday at a water treatment plant in Florida were someone remotely operated the computer controls, while staff watched and attempted to raise the amount of LYE chemicals in the water 1,000%. Both Russia & Iran have tried this before. https://t.co/D11RMlrwGL

— Malcolm Nance (@MalcolmNance) February 8, 2021

ALWAYS BET ON BLACK: Predicted? No, but I did write several warnings on Russian remote seizure attacks that seem almost identical to the Florida incident in @hackamericabook Page 102 … in 2016. Also see @TAPSTRIMEDIA & my 2015 book #HackingISIS. #GoRead https://t.co/Y8QnzYf3MO pic.twitter.com/lxXIociBME

— Malcolm Nance (@MalcolmNance) February 8, 2021

These conclusions were then picked up and broadcast to everyone by Rachel Maddow on her show this evening.

I know a little something about Oldsmar, Florida. Largely because the Balloon Juice Bunker compound in the cypress scrub is adjacent to Oldsmar. For lack of a better geographic locator, since the post office refuses to recognize Balloon Juice Bunker Compound, Cypress Scrub, FL, USA as a legitimate address*, I ACTUALLY FUCKING LIVE IN OLDSMAR!!!! And I can honestly say NO ONE WHO DOESN’T LIVE IN OLDSMAR OR NORTH PINELLAS COUNTY OR WESTERN HILLSBOROUGH COUNTY OR SOUTHERN PASCO COUNTY OR KNOWS SOMEONE WHO DOES EVEN KNOWS THERE IS AN OLDSMAR, FL!!!!!!

You can sneeze across Oldsmar if the wind is blowing the right way. Oldsmar is about a dozen stoplights running north-south and east-west at the northwestern most point of Tampa Bay. It got its name because RE Olds and his family had their winter home here, which they named Oldsmar. As in Olds by the sea. Or the sea of the Olds. And given the amount of venerable elders, Olds by the sea is an appropriate name!

I could be wrong, but I would be highly surprised if this was the Russians. I’ve been working on the Russian active measures, hybrid warfare, and political warfare problem set since January 2014 when I was assigned, under temporary assigned control, as the Cultural Advisor/Senior Civilian Advisor to the Commanding General of US Army Europe. I have published, in Special Warfare**, which is the professional journal of the Special Warfare community***, about how the Russians have probed for vulnerabilities and weaknesses in order to target a variety of utilities and the systems that control them. Three years before my article was published, in May of 2016, I included this strategic concern in a briefing I gave at FT Bragg to a room full of American and allied general officers and senior staff that partially dealt with Russia and its geo-strategic and regional strategic ambitions. My professional assessment, given what we know now, is that it is highly unlikely that this is the Russians. I have also published, just last July, on political warfare, which included this concern. This isn’t something I’ve just started thinking about today, I’ve been considering the problem off and on for over seven years as part of my professional work.

There are several reasons why I doubt this was the Russians. The first is that right now Putin does not want to do anything to further stress Russian relations with the US. President Biden and his team are not Trump and his team. And President Biden has already made it clear to Putin that he is not going to tolerate Putin’s actions the way Trump did. The second is that since almost no one in most of Florida, let alone the rest of the US knows that Oldsmar existed, at least before today, that it is a very strange place for Putin’s merry band of mischief makers to target a water treatment facility.

I think it is far more likely that either a disgruntled current or former employee of the City of Oldsmar or of Pinellas County who knew that this point of access existed and exploited it for their own purposes. Or that a local mischief maker went probing for an access point, found one, and decided it was party time. We do have a small, but sizable white supremacist, neo-NAZI, and domestic right wing extremist presence in the area, so it is also possible one fo them did it. Frankly, I wouldn’t be surprised if we find out that an actual authorized user who was teleworking and on the system stepped away from their computer for a few minutes without logging out to get something to drink or use the facilities and their cat walking across the computer desk or their toddler wanting to help daddy or mommy work unintentionally reset the levels. I think the Russians attacking Oldsmar, Florida through a water treatment facility that only supplies Oldsmar is, in my professional opinion, a big stretch. Is it possible it was the Russians? Sure. Is it probable and plausible? I think it likely improbable and implausible.

We’ll know more when we know more. And I know enough about what I don’t know to state that I could be wrong.

Open thread!

* I personally blame Louis DeJoy.

** I apologize for the random capitalizations, I’m pretty sure whoever copyedited this decided these were operational terms of art and capitalized them.

*** It was nice of them to hide their professional journal in plain sight.

Facebook0Tweet0Email0
Previous Post: «Open Thread 8 Open Thread
Next Post: COVID-19 Coronavirus Updates: Monday/Tuesday, Feb. 8-9 »

Reader Interactions

  • Commenters
  • Filtered
  • Settings

Commenters

No commenters available.

  • Achrachno
  • Adam L Silverman
  • Amir Khalid
  • Another Scott
  • Bill Arnold
  • Boris Rasputin (the evil twin)
  • Bruce K in ATH-GR
  • bt
  • Captain C
  • Carlo
  • danielx
  • df
  • Doc Sardonic
  • Doug R
  • egorelick
  • Eric S.
  • Geeno
  • Honus
  • J.
  • JaySinWA
  • Jim, Foolish Literalist
  • JoyceH
  • Ken
  • KrusherKing
  • leeleeFL
  • LeftCoastYankee
  • LongHairedWeirdo
  • Mallard Filmore
  • Mart
  • Martin
  • mdblanche
  • mrmoshpotato
  • NotMax
  • Omnes Omnibus
  • PaulWartenberg
  • Phylllis
  • piratedan
  • Planetjanet
  • prufrock
  • Redshift
  • RepubAnon
  • sab
  • sdhays
  • SFBayAreaGal
  • SiubhanDuinne
  • Sloane Ranger
  • smike
  • Starboard Tack
  • Stephen
  • The Moar You Know
  • TomatoQueen
  • Uncle Cosmo
  • Viva BrisVegas
  • Wag
  • WaterGirl
  • wenchacha
  • 🐾BillinGlendaleCA

Filtered Commenters

No filtered commenters available.

    Settings




    Settings are saved immediately; press X to close the box.

    121Comments

    1. 1.

      JoyceH

      February 8, 2021 at 11:11 pm

      My initial reaction to this story was – why on earth was this system able to be accessed remotely? Just because something is a computer doesn’t mean it has to be connected to the internet.

      Reply
    2. 2.

      PaulWartenberg

      February 8, 2021 at 11:13 pm

      Russia has declared war on OLDSMAR FLORIDA?!

      As a son of PALM HARBOR (BOYZ FROM THE HARB), I cannot let this attack stand. WE CANNOT LET THIS ATTACK STAND!

      SUMMON THE FLORIDA MEN AND WOMEN TO BATTLE.

      PREPARE THE 15-FOOT GATORS WITH SADDLES.

      UNLEASH THE LASER SHARKS.

      FROM THE SHORES OF KEY WEST TO THE GYRO SHOPS OF TARPON SPRINGS TO THE HALLOWED HALLS OF THE UNIVERSITY OF FLORIDA, WE SHALL AVENGE YOU, OLDSMAR!

      (starts playing “O Fortuna” in the background as orange blossoms spring to life across all of Polk County)

      Reply
    3. 3.

      Adam L Silverman

      February 8, 2021 at 11:14 pm

      @JoyceH:

      via GIPHY

      Reply
    4. 4.

      Adam L Silverman

      February 8, 2021 at 11:15 pm

      Fuck_Around_And_Find_Out

      Reply
    5. 5.

      Planetjanet

      February 8, 2021 at 11:17 pm

      Now that I have word from Sir Silverman, I can sleep peacefully.

      Reply
    6. 6.

      Wag

      February 8, 2021 at 11:19 pm

      Good thing they caught this, or Oldsmar might have ended up like Flint, MI, after someone messed with their water system and unleashed the lead poisoning from libertarian hell.

      Reply
    7. 7.

      SFBayAreaGal

      February 8, 2021 at 11:21 pm

      I go for the mischievous kitty cat 🐱

      Reply
    8. 8.

      Viva BrisVegas

      February 8, 2021 at 11:22 pm

      Obviously it was Trump attempting a last ditch effort to cure the coronavirus.

      Reply
    9. 9.

      Eric S.

      February 8, 2021 at 11:24 pm

      @SFBayAreaGal: it’s not mischievous, it’s just asking for a warm lap or a full bowl. Ozzie the Cat tells me so

      Reply
    10. 10.

      prufrock

      February 8, 2021 at 11:25 pm

      Oldsmar is a string of inconvenient traffic lights that vex me as I drive between Palm Harbor and Tampa.

      It is also full of nice houses that will flood in ten inches of storm surge.

      Reply
    11. 11.

      Achrachno

      February 8, 2021 at 11:25 pm

      Well, this takes all the fun out of it.  No Russians attacking small towns by exotic means?

      Reply
    12. 12.

      leeleeFL

      February 8, 2021 at 11:27 pm

      I was reading this thinking, Look around for who just got canned or excessed or “encouraged” to resign.

      Glad it seems to have been nipped in the bud, but I’d put in a supply of bottled water, Adam! Pretend it’s hurricane season.

      ETA: Adam, is it possible someone didn’t like your articles?  Just sayin’, funny how it’s where you live.

      I’ll show myself out….

      Reply
    13. 13.

      Doug R

      February 8, 2021 at 11:27 pm

      “Just because you’re paranoid, doesn’t mean they’re not out to get you”.

      Reply
    14. 14.

      Carlo

      February 8, 2021 at 11:32 pm

      Agreed. Mostly because Russia (or any other national actor) has zero to gain from this attack. A local asshole.

      I think the redundant systems thing is interesting.There’s a lot of threat-buzz about cyber attacks on infrastructure – power, water, etc. – but this makes me wonder how much of that is really practicable. In this case at least, there was a defense in depth. Seems as if an average nuclear power plant (say) would arrange similarly redundant safeguards.

      Reply
    15. 15.

      Jim, Foolish Literalist

      February 8, 2021 at 11:32 pm

      I didn’t think Maddow was necessarily promoting the idea that this was the Russians.
      She also had a segment on this story, about the ongoing madness in Arizona

      The feud between the Arizona Senate and the Maricopa County Board of Supervisors over lawmakers’ insistence that the county perform another hand count of 2020 general election results has escalated in the past few weeks.
      Now, the Senate might take it even further.
      The Senate, controlled by Republicans, has threatened to hold the supervisors, nearly all Republicans, in contempt for not responding to subpoenas asking for copies of allthe county’s mail-in ballots and access to voting machines. The Senate wants to perform its own audit.
      Some senators have even threatened to arrest the supervisors over the matter, and the body could vote on the the contempt resolution as early as Monday.

      Maddow had a clip of this special creature, from the same mold that made Sarah Palin and Marjorie Taylor Greene, apparently calling for violence from the less good people of Arizona

      Brahm Resnik @brahmresnik · 6h
      With AZ Senate’s contempt resolution failing, this sounds like a threat from GOP Sen. Kelly Townsend: ‘This shouldn’t fall into the hands of the public… when they’re so lathered up. So public, do what you gotta do.’

      and the quotes in the tweet capture the special word-salad delivery of Senator Townsend

      Reply
    16. 16.

      🐾BillinGlendaleCA

      February 8, 2021 at 11:35 pm

      Speaking of the mail, I ordered a filter* for my camera last Wednesday night from a company in New Jersey and it arrived today.   That’s pretty good for going across the country.

      *It’s called an IRChrome filter, so if you liked my Aerochrome effect, you’ll see more.

      Reply
    17. 17.

      Doc Sardonic

      February 8, 2021 at 11:35 pm

      Bust out the bass boat Cletus, we gonna go get us some gatdamn Russkies.

      Reply
    18. 18.

      🐾BillinGlendaleCA

      February 8, 2021 at 11:35 pm

      @Viva BrisVegas: Do we still have to stick a light up our ass or will the lye be OK by itself?

      Reply
    19. 19.

      Honus

      February 8, 2021 at 11:36 pm

      Ah, yeah reminds of the old days when us commie hippies were always going to put LSD in the water supply.

      Reply
    20. 20.

      Mart

      February 8, 2021 at 11:36 pm

      Nance don’t know nuthun. This is some really sophisticated digital fuckery. Clearly the work of the ghost of Hugo Chavez. First he came for Dominion, now he’s gunning for our water. Don’t say I did not warn you!

      Reply
    21. 21.

      df

      February 8, 2021 at 11:39 pm

      @Adam L Silverman:

      How about a nice game of chess?

      Edit to add more substance: I’m honestly surprised it took this long for something like this to happen (or at least for it to become public). The capital-I Internet is a garbage fire. This is going to keep happening until we have licensure and ethics boards for software developers, laws with teeth, and adequate funding for the unsexy parts of government IT work. Count on it.

      Reply
    22. 22.

      TomatoQueen

      February 8, 2021 at 11:41 pm

      @🐾BillinGlendaleCA:  Dang it the hot cocoa went right up my nose. Rotating tag nominee.

      Reply
    23. 23.

      bt

      February 8, 2021 at 11:42 pm

      It is so clearly the case that the #1 suspect will be someone who works at, or was fired from, or was a contractor at this place.

      That’s who would bother, that’s who has the access.

      –> It’s like when a pretty young woman is found in tragic circumstances. They don’t call the Russians in for questioning, they call the ex-boyfriend.

      Reply
    24. 24.

      LongHairedWeirdo

      February 8, 2021 at 11:47 pm

      WARNING: A Remote access hack occurred Friday at a water treatment plant in Florida were someone remotely operated the computer controls, while staff watched and attempted to raise the amount of LYE chemicals in the water 1,000%.

      That’s *10,000* percent – a factor of 100, times 100 per centum (per hundredth, essentially) , is 10,000%, *not* 1,000%.

      Reply
    25. 25.

      sab

      February 8, 2021 at 11:50 pm

      This happened to my college town way back before the internet. Some higher up guy was out sick and some lower down guy fucked up, and the town water supply was awful and salty for a week. Corrosive showers at home and in the dorm. Poisonous bug juice and coffee in the cafeteria. It was very inconvenient and annoying, but we got through it.

      Remote access probably would have fixed it sooner, since the guy home sick could have checked on the idiot’s work.

      Reply
    26. 26.

      Adam L Silverman

      February 8, 2021 at 11:51 pm

      @leeleeFL: I have a full hurricane/emergency supply of everything all year long.

      Reply
    27. 27.

      Adam L Silverman

      February 8, 2021 at 11:52 pm

      @Doug R: Did someone tell you that about me?

      Reply
    28. 28.

      Adam L Silverman

      February 8, 2021 at 11:53 pm

      @🐾BillinGlendaleCA: Just stay away from the adrenochrome.

      Reply
    29. 29.

      Adam L Silverman

      February 8, 2021 at 11:54 pm

      @Honus: Pinellas County stopped fluoridating the water supply several years ago because one of the local cranks was being mean to the county commission about it. So they just gave him what he wanted.

      ETA: They reversed the decision about a year or so later and started adding fluoride back into the water.

      Reply
    30. 30.

      Adam L Silverman

      February 8, 2021 at 11:55 pm

      @LongHairedWeirdo: I didn’t write the article, I just copied and pasted it.

      Reply
    31. 31.

      Ken

      February 8, 2021 at 11:57 pm

      @Carlo: Probably my own fault for not reading the original sources, but I’m not seeing the “defense in depth” here.  Had they not had an operator watching the screens, when and how would this have been detected?  For example, would the system page the operator(s) to alert them (as is fairly common in, among other things, cloud ops).

      Reply
    32. 32.

      RepubAnon

      February 9, 2021 at 12:00 am

      Obviously it was an attack by Hillary’s e-mail server, which has joined Antifa and is now hiding on Hagbard Celine’s submarine.)

      (/snark, just so it doesn’t start a new conspiracy theory)

      Reply
    33. 33.

      sdhays

      February 9, 2021 at 12:02 am

      @Adam L Silverman: 😲 Wow. That’s just…wow.

      Reply
    34. 34.

      Adam L Silverman

      February 9, 2021 at 12:03 am

      @Ken: From the quoted section of the reporting in my post:

      City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.

      Even if the operator hadn’t caught it, he said, it would have taken more than a day for the water to enter the water supply.

      “The protocols that we have in place, monitoring protocols, they work — that’s the good news,” said Oldsmar Mayor Eric Seidel. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.

      Reply
    35. 35.

      Adam L Silverman

      February 9, 2021 at 12:05 am

      @sdhays: I double checked, apparently they started putting it back in about a year or so after they stopped.

      Reply
    36. 36.

      Omnes Omnibus

      February 9, 2021 at 12:07 am

      @Adam L Silverman: ​
        Dude, everyone knows.

      Reply
    37. 37.

      Bill Arnold

      February 9, 2021 at 12:09 am

      Fluoride, Third Eye and the Conspiracy Against Humanity (Youtube, Jul 4, 2016, 8:00)
      (This is gloriously non-American (India – Varanasi), a guy on a plush-velvet(?)/golden throne, and is about calcification of the pineal gland, which is a real thing.)

      Reply
    38. 38.

      Omnes Omnibus

      February 9, 2021 at 12:11 am

      @Adam L Silverman: Those redundancies don’t seem very efficient.  I though we were supposed to want everything to run like a business.

      Reply
    39. 39.

      Ken

      February 9, 2021 at 12:13 am

      @Adam L Silverman: I saw that, but I was thinking of something in the software that would alert them  to prevent the damage, instead of detecting it after the water’s already been contaminated.  You want that anyway, in case the legitimage operator accidentally enters a number wrong.

      Of course the chemical sensors are still a necessary backup, because of the hippies and their ell ess dee.

      Reply
    40. 40.

      Ken

      February 9, 2021 at 12:14 am

      @Omnes Omnibus: For running municipal utilities like a business, see above reference to Flint Michigan.

      Reply
    41. 41.

      Mallard Filmore

      February 9, 2021 at 12:15 am

      @🐾BillinGlendaleCA:

       

      Do we still have to stick a light up our ass or will the lye be OK by itself?

      The light activates the lye.

      Reply
    42. 42.

      Omnes Omnibus

      February 9, 2021 at 12:16 am

      @Ken: Remember when missed your snark?

      Reply
    43. 43.

      Adam L Silverman

      February 9, 2021 at 12:18 am

      @Omnes Omnibus: Not me. I’m not even sure I want business to run like a business.

      Reply
    44. 44.

      Adam L Silverman

      February 9, 2021 at 12:19 am

      @Ken: I have no idea.

      Reply
    45. 45.

      🐾BillinGlendaleCA

      February 9, 2021 at 12:22 am

      @Omnes Omnibus: I’m going to branch out from my photography business and go into snark detector sales and service.

      Reply
    46. 46.

      mrmoshpotato

      February 9, 2021 at 12:25 am

      @PaulWartenberg:

      TO THE GYRO SHOPS OF TARPON SPRINGS 

      Yes please.

      Reply
    47. 47.

      LeftCoastYankee

      February 9, 2021 at 12:25 am

      They took immediate countermeasures. The password for account “admin” is now 2345.

      Reply
    48. 48.

      danielx

      February 9, 2021 at 12:26 am

      @PaulWartenberg: ​
       
      Instead of WOLVERINES! we shall have GATORS! and CROCs!

      The latter being the reptilian kind, not the ridiculous footwear.

      Reply
    49. 49.

      Adam L Silverman

      February 9, 2021 at 12:29 am

      Send in the clowns…

      A source confirms @HouseInSession reports that Trump's TV defense squad during the impeachment trial will include @Jim_Jordan @RepMikeJohnson @EliseStefanik @RepLeeZeldin and @RepMattGaetz. All active defenders during the first impeachment trial, especially during House hearings.

      — Rebecca Kaplan (@RebeccaRKaplan) February 8, 2021

      Reply
    50. 50.

      danielx

      February 9, 2021 at 12:30 am

      @Adam L Silverman: ​
       
      Will there be live bats, a la Ozzy?

      Reply
    51. 51.

      🐾BillinGlendaleCA

      February 9, 2021 at 12:35 am

      @danielx: With Gym Jorden being on the team, yes.

      Reply
    52. 52.

      mrmoshpotato

      February 9, 2021 at 12:38 am

      @danielx: What about gators wearing Crocs?

      Reply
    53. 53.

      Adam L Silverman

      February 9, 2021 at 12:39 am

      @danielx: Possibly.

      Reply
    54. 54.

      NotMax

      February 9, 2021 at 12:40 am

      As someone who has used TeamViewer* something smells rotten in the state of Florida.

      1) An app like that has no business being installed on a computer in such an office.
      2) Unless the program has been opened on both the computer there and the remote computer I cannot fathom how it could be used to gain access**. Why was it turned on (actively running) at the water plant facility? And by whom?
      .
      *makes it infinitely easier to diagnose/fix Mom’s computer on the rare occasion when she has concerns or a problem crops up over trying to have her describe stuff and walk her through steps over the phone.

      **not saying it is impossible if it is not already actively running on the accessed computer but it does intuitively belie belief, as TV generates a new random password each time it is opened which must be used by the remote computer to gain access.

      Reply
    55. 55.

      mrmoshpotato

      February 9, 2021 at 12:41 am

      @Adam L Silverman: Great googly moogly!  I might have to watch this shitshow just for the comedy of errors from these morons.

      Reply
    56. 56.

      Adam L Silverman

      February 9, 2021 at 12:47 am

      @mrmoshpotato: How much booze, popcorn, pretzels, and other snacks can you have delivered by tomorrow morning?

      Reply
    57. 57.

      danielx

      February 9, 2021 at 12:47 am

      @mrmoshpotato: ​
       
      Florida: anything is possible.

      Reply
    58. 58.

      SiubhanDuinne

      February 9, 2021 at 12:49 am

      @mrmoshpotato:

      What about gators wearing Crocs?

      What about Crocs-wearing gators wearing gaiters?

      Reply
    59. 59.

      Adam L Silverman

      February 9, 2021 at 12:50 am

      @SiubhanDuinne: I hear you were looking for me…

      Reply
    60. 60.

      NotMax

      February 9, 2021 at 12:51 am

      @NotMax

      Amended.

      1) An app like that has no business being installed on a computer in such an office. Who downloaded and installed it? And when?

      Reply
    61. 61.

      Adam L Silverman

      February 9, 2021 at 12:53 am

      @NotMax: If they report who did, I’ll update with a new post.

      Reply
    62. 62.

      mrmoshpotato

      February 9, 2021 at 12:53 am

      @Adam L Silverman: Enough to feed a small army probably given the ridiculous amount of delivery services today.

      Reply
    63. 63.

      Redshift

      February 9, 2021 at 12:53 am

      @Adam L Silverman:

      all active defenders during the first impeachment trial, especially during House hearings. 

      And possibly more important, all unrepentant defenders of the Big Lie that the election was stolen. Lawyers for The Orange One may not be willing to risk their professional reputations and legal sanctions by bringing it up, but I doubt these clowns will be able to resist.

      If Trump demands that GOP senators openly endorse that to support acquittal, we may yet see a conviction. (Hey, I can hope, especially with the spate of retirement announcements!)

      Reply
    64. 64.

      Adam L Silverman

      February 9, 2021 at 12:54 am

      @mrmoshpotato: Pace yourself.

      Reply
    65. 65.

      mrmoshpotato

      February 9, 2021 at 12:55 am

      @SiubhanDuinne: Yes.

      Reply
    66. 66.

      🐾BillinGlendaleCA

      February 9, 2021 at 12:56 am

      @NotMax: In all probability, they’re using Remote Desktop access built into Windows 10 Pro, they probably have it on so that someone, like a supervisor, with elevated network permissions can authorize some changes that the regular operator doesn’t have the permissions to do.

       

      Reply
    67. 67.

      Adam L Silverman

      February 9, 2021 at 12:57 am

      @Redshift: Between the House chuckleheads, the attorneys he’s hired – the Orthodox Jewish one who asked to be accommodated because he’s shomer shabbos (literally guardian of the Sabbath meaning he won’t work from sundown Friday to sundown Saturday) has now withdrawn that request after the Senate granted the accommodation. It appears he was hoping they’d deny it so he could be performatively outraged and when they didn’t, he couldn’t, so he’s decided he can suddenly work on Saturday after all, and the Senate Republican anti-constitution caucus, this is going to be a Category 5 Shitshow.

      Reply
    68. 68.

      🐾BillinGlendaleCA

      February 9, 2021 at 12:59 am

      @Adam L Silverman: You know what you did.

      Reply
    69. 69.

      Another Scott

      February 9, 2021 at 12:59 am

      I think it is far more likely that either a disgruntled current or former employee of the City of Oldsmar or of Pinellas County who knew that this point of access existed and exploited it for their own purposes.

      Bingo.

      The description sounds like some sort of VNC access was available to the control computer in question. Some average joker isn’t going to know what to do if they come across some weird control software for a water treatment plant.

      There isn’t some big virtual knob that says – “Turn me to poison the city!!11”. Someone would have to be familiar with the software and the plant for this to be remotely plausible as a malicious act.

      My (uninformed) guess is that your quoted scenario is most likely accurate.

      Plus, messing with a water treatment plant as some sort of evil hack is stupid. Any adulteration is diluted because of the vast amounts of water involved. Unless they plan to go into the homeopathy business or something…

      Cheers,
      Scott.

      Reply
    70. 70.

      smike

      February 9, 2021 at 1:01 am

      @TomatoQueen: ​

      Dang it the hot cocoa went right up my nose.

      Now that’s a tag line!​

      Reply
    71. 71.

      Adam L Silverman

      February 9, 2021 at 1:02 am

      @🐾BillinGlendaleCA: And I’d do it again…

      Reply
    72. 72.

      Adam L Silverman

      February 9, 2021 at 1:03 am

      @Another Scott: Thank you for your support.

      Reply
    73. 73.

      danielx

      February 9, 2021 at 1:03 am

      @Adam L Silverman: ​
       
      A total fucking circus, which is exactly the sort of show preferred above all else by He Who Must Not Be Named.

      Reply
    74. 74.

      piratedan

      February 9, 2021 at 1:06 am

      @Adam L Silverman: so we can expect the same bad faith bullshit kabuki from the same bad faith actors… problem is, this time they won’t be on Fox News or Newsmaxx and get to spar with passionate Dems who appear to be inclined to cut a motherfucker.

      I look forward to watching them propose the Montoya defense of “you keep using that word but I don’t think it means what you think it means”..

      Reply
    75. 75.

      Starboard Tack

      February 9, 2021 at 1:08 am

      @Adam L Silverman:

      shomer shabbos (literally guardian of the Sabbath meaning he won’t work from sundown Friday to sundown Saturday) has now withdrawn that request after the Senate granted the accommodation.

      Oh, the sincerety!! (sob)

      Reply
    76. 76.

      LongHairedWeirdo

      February 9, 2021 at 1:09 am

      @Adam L Silverman: ​
       
      Adam, I *never* would have thought you’d make that mistake; off by a full order of magnitude? No way. (Well, maybe, if you confessed to being shy on sleep and just slipped a decimal place, but then you’d have already corrected the error.)

      That was copied/pasted from a tweet (referenced in the post), and with my math background, I couldn’t let the mistake pass.

      Reply
    77. 77.

      egorelick

      February 9, 2021 at 1:10 am

      I’m somewhat skeptical that safeguards were in place to prevent this from getting to the public.  That might be so, but it’s also the kind of thing you say to minimize an incident that may have turned into a tragedy.  IOW, it’s easy to say when nothing bad happened without actually backing up that assertion with a detailed explanation about how that backup safety measure actually would work. Also, does noone else find it a convenient coincidence that this supposedly non-Russian hack targeted the very town Mr. Silverman lives in?

      Reply
    78. 78.

      mdblanche

      February 9, 2021 at 1:13 am

      I dunno. Oldsmar is awfully close to St Petersburg…

       

      @egorelick: Also, does noone else find it a convenient coincidence that this supposedly non-Russian hack targeted the very town Mr. Silverman lives in?

      Clearly a Russian operation to take out Balloon Juice’s leading security expert.

      Reply
    79. 79.

      NotMax

      February 9, 2021 at 1:13 am

      @BillinGlendaleCA

      Early reporting, so subject to change, but –

      The attempt on Friday was thwarted. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems, Sheriff Bob Gualtieri said in an interview. Source

      Reply
    80. 80.

      LongHairedWeirdo

      February 9, 2021 at 1:18 am

      @RepubAnon: ​
      Too late; there are wingnuts with depth charges patrolling Lake Michigan already, as part of the latest Trump boat parade.
      @SiubhanDuinne: ​ Or worse, an alligator in the house?

      Reply
    81. 81.

      NotMax

      February 9, 2021 at 1:18 am

      @piratedan

      “Only the best hires.”

      //

      Reply
    82. 82.

      Adam L Silverman

      February 9, 2021 at 1:19 am

      @danielx: Yep.

      Reply
    83. 83.

      Adam L Silverman

      February 9, 2021 at 1:20 am

      @piratedan: Pretty much.

      Reply
    84. 84.

      Adam L Silverman

      February 9, 2021 at 1:20 am

      @Starboard Tack: I have not forgotten that I owe you a post.

      Reply
    85. 85.

      JaySinWA

      February 9, 2021 at 1:21 am

      @NotMax: Jebuss, from the article:

      A plant operator was monitoring the system at about 8 a.m. Friday and noticed that someone briefly accessed it. He didn’t find this unusual, Gualtieri said, because his supervisor remotely accessed the system regularly.

      Management authorized and used remote access. They were going for ease of use and convenience, not security.

      As to the culprit, if it was targeted then someone local, or a cat/baby attack by someone with authorized access. But it is entirely possible that someone scanning open ports hit a target of opportunity not knowing where it was located. More like the kid in the Wargames reference but possibly with more malice.

      Reply
    86. 86.

      Adam L Silverman

      February 9, 2021 at 1:24 am

      @LongHairedWeirdo: No worries. As for short on sleep, I’m getting ready to rack out as I’m still catching up from Sunday. We had a really heavy storm front come through starting around 4 AM. The first squall line wasn’t too bad and was moving fast. But about 20 minutes after it moved off to the east we got slammed for almost two hours. High winds making the freight train coming down the tracks sound, which was disconcerting because we were under a tornado watch that had started around minute and was up through 7:30 AM. Then there was the torrential driving rain and the very small hail. And finally the persistent, steady thunder and lightning punctuated by some real thunderclaps. My lab mixes were exceedingly upset and spent almost three hours sitting on me. So I didn’t get much sleep. Last night I got a good night’s sleep, but one more tonight should stand me back in good stead.

      Reply
    87. 87.

      danielx

      February 9, 2021 at 1:24 am

      So…pissed off current or former employee with some technical smarts who a) has a shit ton of water stored for everything – drinking, cooking, bathing or b) doesn’t get their water from the same source and c) had enough access, one way or another, to pull this off. Plus d) being more fucked up than Rocky the Flying Squirrel and (maybe) e) could have picked up the technical knowledge needed from anywhere on the internet, possibly by an untraceable method.

      Or it could be a random nutcase doing this for unknown reasons, or a group of nutcases, or…

      We have a matrix! Shit, they’ll have this solved by Wednesday.

      In truth, seems like something that could be solved pretty quickly with the right software forensics, but I’m totally rambling and clueless.

      Reply
    88. 88.

      Adam L Silverman

      February 9, 2021 at 1:25 am

      @egorelick: My brother is Mr. Silverman. He doesn’t live here.

      Reply
    89. 89.

      Adam L Silverman

      February 9, 2021 at 1:26 am

      @mdblanche: Oldsmar isn’t that close to St. Petersberg. About 18 miles as the crow flies, but a good 35 to 40 minutes as the roads allow us to drive.

      Reply
    90. 90.

      Starboard Tack

      February 9, 2021 at 1:27 am

      @Adam L Silverman:

      Whenevz.

      Reply
    91. 91.

      Adam L Silverman

      February 9, 2021 at 1:31 am

      @danielx: Given Oldsmar’s small size and location, one could live in 1/2 a dozen different municipalities or unincorporated parts of Pinellas County and be two feet from parts of Oldsmar. And, as a result, be on Pinellas County’s or Hillsborough Counties water system. So an insider threat wouldn’t necessarily need to stockpile water if they lived in Safety Harbor, Palm Harbor, Ozona (I still have no idea what Ozona is, but I think it is where they make the ozone), Lake Tarpon, and unincorporated Hillsborough County just over the county line on Racetrack Road and Tampa Road.

      Reply
    92. 92.

      Adam L Silverman

      February 9, 2021 at 1:32 am

      @Starboard Tack: Sometime this week depending on whether the pro-Trump extremists who are determined to strike in the US don’t do something really stupid and really bad during the impeachment.

      New: Law enforcement on high alert for impeachment trial. The FBI continues to conduct surveillance on a number of people in the US, in cases where there is enough probable cause to do so, source tells CNN.

      Full story w/ @ShimonPro & @WhitneyWReports https://t.co/C1eFAodv2J

      — Zachary Cohen (@ZcohenCNN) February 9, 2021

      Reply
    93. 93.

      Adam L Silverman

      February 9, 2021 at 1:34 am

      Time for me to rack out. Catch everyone on the flip.

      Reply
    94. 94.

      NotMax

      February 9, 2021 at 1:35 am

      @JaySinWA

      More like the kid in the Wargames reference

      F.B.I. already knock knock knocking on Matthew Broderick’s door as a “person of interest?”

      //

      Reply
    95. 95.

      NotMax

      February 9, 2021 at 1:39 am

      @Adam L. Silverman

      (I still have no idea what Ozona is, but I think it is where they make the ozone)

      Thought that was Ozone Park.

      ;)

      Reply
    96. 96.

      Martin

      February 9, 2021 at 1:46 am

      I don’t think the point is that Russia was trying to hack Oldsmar. I think the point is that US infrastructure security is terrible, and even if we do find out it was someone sitting on their bed who weighs 400lbs, that’s not better because it implies that if a nation state did try to attack infrastructure, they’d have an even easier time of it.

      Reply
    97. 97.

      Amir Khalid

      February 9, 2021 at 2:06 am

      @Adam L Silverman:

      Does Trump know any lawyers who are not clowns?

      Reply
    98. 98.

      Martin

      February 9, 2021 at 2:06 am

      @Amir Khalid: Oh, sure. But only clown lawyers would take Trump as a client.

      Reply
    99. 99.

      Stephen

      February 9, 2021 at 2:30 am

      One of the earliest attacks was in Australia, in 2000. It’s documented here:

      http://web.mit.edu/smadnick/www/wp/2017-09.pdf

      Reply
    100. 100.

      Bruce K in ATH-GR

      February 9, 2021 at 2:52 am

      @Amir Khalid: Roy Cohn wasn’t a clown, was he? Dangerous and evil, but not a clown.

      Reply
    101. 101.

      Amir Khalid

      February 9, 2021 at 3:49 am

      @Bruce K in ATH-GR: ​
       Ah yes, Roy Cohn. Too bad he’s now post-life and unavailable to defend Trump.

      Reply
    102. 102.

      Sloane Ranger

      February 9, 2021 at 4:09 am

      At this stage it’s too early to speculate about motivation. It could be another country, if not Russia, perhaps Iran or a terrorist group, either foreign or domestic, or a pissed off employee or ex employee or the cat/toddler or it could even be some true believer in the lye kills coronavirus myth your ex President put out there who genuinely believes they were performing a public good.

      It’s important at the start of an investigation not to lock yourself into any specific hypothesis as this can lead the investigation down the wrong path.

      Reply
    103. 103.

      mrmoshpotato

      February 9, 2021 at 4:16 am

      HaHAHa! So good.

      Have we started calling Marjorie Taylor Greene a "Qaren" yet? If so, carry on. If not, we should start.— The Rude Pundit (@rudepundit) February 8, 2021

      Reply
    104. 104.

      NotMax

      February 9, 2021 at 4:21 am

      @mrmoshpotato

      If we must go that route, go all the way: Qrazypants.

      Reply
    105. 105.

      mrmoshpotato

      February 9, 2021 at 4:24 am

      @NotMax: Agreed.

      Reply
    106. 106.

      sab

      February 9, 2021 at 5:26 am

      Thre is a new front page post. Why no little blue frosted arrows to the right?

      Reply
    107. 107.

      Phylllis

      February 9, 2021 at 5:58 am

      Thread about dead, but have to chime in to say I know where Oldsmar is, being from Parrish*, FL.

      *Home to Mr. Stealer of Nancy Smash’s lecturn. Can confirm, goober central. 

      Reply
    108. 108.

      Geeno

      February 9, 2021 at 8:24 am

      You’re being modest, Adam. They were after you the whole time.

      Reply
    109. 109.

      PaulWartenberg

      February 9, 2021 at 8:35 am

      @LeftCoastYankee:

      dammit you know perfectly well the security protocols for passwords is now 8-character minimum with at least one Upper case and one Lower case letter.

      The new admin password is undoubtedly 1234Abcd. DUH.

      Reply
    110. 110.

      J.

      February 9, 2021 at 9:04 am

      @PaulWartenberg: I am looking forward to the TV movie.

      Reply
    111. 111.

      KrusherKing

      February 9, 2021 at 9:22 am

      @PaulWartenberg: Huh!  Iive at the Ozona end of PH, feet from Dunedin.

      Reply
    112. 112.

      KrusherKing

      February 9, 2021 at 9:30 am

      @Adam L Silverman: Ozona is a charming little bit of Palm Harbor, very old Florida, that contains some nice restaurants, including the world famous Ozona Pig, a really extensive antique/junk shop and a marina.  It is strictly legal to travel around the streets of Ozona in a golf cart–it’s that small.   once met an extremely amiable drunk who was driving a golf cart around Ozona at 6:00 AM.  No street is wider than one lane in each direction.  I

      https://www.ozonavillagefl.us/

      Reply
    113. 113.

      wenchacha

      February 9, 2021 at 10:00 am

      Is there a summary description of the Malcolm Nance/Naveen Jumali stuff on Twitter and elsewhere? Should I take their appearances in pundit shows with a few chunks of Himalayan salt?I

      Thanks!

       

      Thanks

      Reply
    114. 114.

      Uncle Cosmo

      February 9, 2021 at 10:02 am

      @Doug R: “Just because you’re paranoid, doesn’t mean they’re not out to get you”.

      Even paranoids have real enemies.

      (Henry the K, referring to Tricky the Dick back in the day…)

      Reply
    115. 115.

      The Moar You Know

      February 9, 2021 at 10:13 am

      Shame I missed this until this morning.  My specialty.

      This could have been anyone.  It is almost certainly NOT a state actor as Adam says.

      The security breakdown:  they had a commercial remote access program, TeamViewer, running on a machine so that they could come in from outside and do their work thing (i.e. everyone working there has been on a down-low “work from home” program for quite some time, likely long before the plague).

      The second security breakdown:  there’s no reason for a facility like this to have internet connectivity at all.  Oh sure, the office folks gotta have their email and you probably want to give the employees some wifi because the job is boring AF, but the plant control systems should be on a completely separate (physically and logically) network.  Setting it up this way is not hard.  It’s actually a lot easier for maintenance in many ways.

      And yet, almost every infrastructure sector in this country has this because nobody wants to get up at two in the morning and drive in just to see what the alarm is.  That particular form of laziness has got to stop.

      By “every infrastructure sector” I mean all of them.  Harmless water treatment plants like this, but also some truly scary-ass stuff like refineries, chemical plants – the kinds of places where fucking with a setting on a operating parameter can cause explosions and leaks of the kind of shit that an kill everything it touches.   Again, this form of laziness has to stop.  Unplug the networks and get bodies in the seats where the control systems are.

      TeamViewer isn’t very secure, but then again not any of these telework programs are.  The military is FINALLY taking action on this, but of course for right now we actually need them as there’s a lot of workspaces where people should not be entering unless they absolutely have to.  That will look a lot different by this summer.

      Running down the clown who did this will be easy to impossible depending on how smart they were. I rarely see a lot of smart attacks in my work, so I’m guessing 48 hours.  I will differ with Adam’s analysis in only one major way – this wasn’t a current employee who just wandered off for a cuppa joe and had a cat do the laptop dance while they were gone.  This was an outsider.

      Shame you all missed the analysis from the forensics/security guy.  Oh well.  My best work always remains unread.

      Reply
    116. 116.

      WaterGirl

      February 9, 2021 at 10:32 am

      @The Moar You Know: I read it!

      Reply
    117. 117.

      Captain C

      February 9, 2021 at 12:11 pm

      @Bill Arnold: A friend of mine is…very into this guy.

      Reply
    118. 118.

      Adam L Silverman

      February 9, 2021 at 12:12 pm

      @KrusherKing: I’ve been there, I was just being a smartass.

      Reply
    119. 119.

      Adam L Silverman

      February 9, 2021 at 12:13 pm

      @wenchacha: They’re both pretty solid. But there are times that Nance gets too far ahead of the information because it fits the analytical structures he’s built and is promoting.

      It happens to everyone now and then.

      Reply
    120. 120.

      Adam L Silverman

      February 9, 2021 at 12:16 pm

      @The Moar You Know: I was being a bit facetious about the cat and the toddler. I don’t think that’s very plausible or probable either.

      Reply
    121. 121.

      Boris Rasputin (the evil twin)

      February 9, 2021 at 12:43 pm

      @Adam L Silverman: Wouldn’t you like to know?

      Reply

    Leave a Comment Cancel reply

    Your email address will not be published. Required fields are marked *

    If you don't see both the Visual and the Text tab on the editor, click here to refresh.

    Clear Comment

    To reply to more than one person, click the X to save & close the box.

    Primary Sidebar

    Do Something!

    Call Your Senators & Representatives
    Directory of US Senators
    Directory of US Representatives

    Vaccine Venting Here!
    I Got the Shot!  (Month 2)
    I Got the Shot!

     

    🎈Ways to Support Our Site

    Become a Balloon Juice Patreon
    Donate with Venmo, Zelle or PayPal
    Shop Amazon via this link to support Balloon Juice ⬇  

    Recent Comments

    • Another Scott on Yesterday Was a Pretty Big Day (Mar 7, 2021 @ 12:33pm)
    • NetheadJay on Yesterday Was a Pretty Big Day (Mar 7, 2021 @ 12:33pm)
    • trollhattan on Yesterday Was a Pretty Big Day (Mar 7, 2021 @ 12:33pm)
    • 🐾BillinGlendaleCA on Yesterday Was a Pretty Big Day (Mar 7, 2021 @ 12:31pm)
    • trollhattan on Yesterday Was a Pretty Big Day (Mar 7, 2021 @ 12:31pm)

    Team Claire, and Family

    Claire Updates
    Claire is Home!

    Balloon Juice Posts

    View by Topic
    View by Author
    View by Month & Year

    Featuring

    John Cole
    Silverman on Security
    COVID-19 Coronavirus
    Medium Cool with BGinCHI
    Furry Friends

    Calling All Jackals

    Site Feedback
    Submit Photos to On the Road
    Nominate a Rotating Tag
    Meetups: Proof of Life
    2021 Pets of Balloon Juice Calendar

    Culture: Books, Film, TV, Music, Games, Podcasts

    Noir: Favorites in Film, Books, TV
    Book Recommendations & Indy Recs
    Mystery Recommendations
    Netflix Favorites
    Amazon Prime Favorites
    Netflix Suggestions in July
    Longmire & Netflix Suggestions

    Twitter

    John Cole’s Twitter

    [custom-twitter-feeds]

    Site Footer

    Come for the politics, stay for the snark.

    • Facebook
    • RSS
    • Twitter
    • Comment Policy
    • Our Authors
    • Blogroll
    • Our Artists
    • Privacy Policy

    Copyright © 2021 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

    Insert/edit link

    Enter the destination URL

    Or link to existing content

      No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.
        Share this ArticleLike this article? Email it to a friend!

        Email sent!