Illinois, Texas hacks show it's easy to take over U.S. water systems

Don't drink the water; you don't know who's pwned it.

By  

Keeping the usernames and passwords of customers in a database vulnerable to the outside – and not realizing or reporting the loss of that data when it happened – indicates more than just lax security.

For the SCADA vendor it shows unforgiveable negligence toward both security and customers.

The vendor should have known it had been hacked, understood the implications of the kind of data it lost and warned customers its negligence had made vulnerable.

That it apparently did none of these thing is a crime in itself.

It's a crime with plenty of accomplices, however.

Three characters for a password? Really South Houston?

"I wouldn't even call this a hack, either. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic," pr0f posted, downplaying the accomplishment while appropriately humiliating the victim.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Photo Credit: 

ComputerworldUK

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness