Hacked Florida water plant used same password for all computers

The water treatment plant in Oldsmar, Florida that was hacked on February 5, was using an outdated Windows operating system and a single password for all its computers, it was revealed on Thursday.

An advisory released by authorities in Massachusetts said the hackers that infiltrated Florida's Bruce T Haddock Water Treatment Plant exploited weaknesses in the system: the computers used to monitor the water plant were connected directly to the internet, used an outdated Windows operating system and had the same software access password.

It confirmed that the unidentified hackers gained access to the plant's supervisory control and data acquisition system via remote access software programme TeamViewer.

"All computers used by water plant personnel were connected to the system and used the 32-bit version of the Windows 7 operating system," it said. "Further, all computers shared the same password for remote access and appeared to be connected directly to the internet without any type of firewall protection installed."

Windows 7 was released in 2009.

Massachusetts authorities obtained their information from the Federal Bureau of Investigation, the Department of Homeland Security, the US Secret Service and the Pinellas County Sheriff's Office.

The FBI is running an investigation but has not yet identified the hackers, nor has it revealed if the attack was foreign or domestic.

After gaining remote access last Friday, the hackers raised the levels of sodium hydroxide in the water plant from about 100 parts per million to 11,100 parts per million for a few minutes, investigators told ABC.

But a plant manager who noticed the hack was able to thwart it before any serious damage occurred.

"The amount of sodium hydroxide that got in was minimal and was reversed quickly," Pinellas County Sheriff Bob Gualtieri told Reuters on Monday. He called the hack "a wake-up call".

In a column for The Hill this week, Chris Krebs, former director of the DHS Cybersecurity and Infrastructure Security Agency, said the hack showed how "dire the nation's cybersecurity challenge is".

“Unfortunately, that water treatment facility is the rule rather than the exception. When an organisation is struggling to make payroll and to keep systems on a generation of technology created in the last decade, even the basics in cybersecurity often are out of reach,” Mr Krebs said.

Teamviewer said it was running its own investigation into the hack.

While you're here

David Frum: What Joe Biden has to fix - and preserve - from the Donald Trump era

Michael Young: Joe Biden must establish a post-American order in the Middle East

Firas Maksad: For the Middle East, Joe Biden is no Barack Obama

While you're here

Jean-Loup Samaan: Nato's new strategy seems to be all about China

Sholto Byrnes: Washington tells South-East Asians to pick a side

C Uday Bhaskar: It's worth asking if the 'Quad' Asia's new Nato?

C Uday Bhaskar: What is India's Indo-Pacific strategy?

Why seagrass matters

Carbon sink: Seagrass sequesters carbon up to 35X faster than tropical rainforests
Marine nursery: Crucial habitat for juvenile fish, crustations, and invertebrates
Biodiversity: Support species like sea turtles, dugongs, and seabirds
Coastal protection: Reduce erosion and improve water quality

Living in...

This article is part of a guide on where to live in the UAE. Our reporters will profile some of the country’s most desirable districts, provide an estimate of rental prices and introduce you to some of the residents who call each area home.

KILLING OF QASSEM SULEIMANI

National Editorial: Suleimani has been killed, now we must de-escalate

Mina Al Oraibi: Air strike casts a long shadow over the decade ahead

Jack Moore: Why the assassination is such a monumental gamble

Matthew Levitt: Iran retains its ability to launch terror attacks

Damien McElroy: A CEO tasked with spreading Iran's influence

Hussein Ibish: Trump's order on solid constitutional ground

Simon Waldman: Cautious Israel keeping a low profile

Trump v Khan

2016: Feud begins after Khan criticised Trump’s proposed Muslim travel ban to US

2017: Trump criticises Khan’s ‘no reason to be alarmed’ response to London Bridge terror attacks

2019: Trump calls Khan a “stone cold loser” before first state visit

2019: Trump tweets about “Khan’s Londonistan”, calling him “a national disgrace”

2022: Khan’s office attributes rise in Islamophobic abuse against the major to hostility stoked during Trump’s presidency

July 2025 During a golfing trip to Scotland, Trump calls Khan “a nasty person”

Sept 2025 Trump blames Khan for London’s “stabbings and the dirt and the filth”.

Dec 2025 Trump suggests migrants got Khan elected, calls him a “horrible, vicious, disgusting mayor”

At this rate, Lebanon may not survive to see its 100th birthday

Tamkeen's offering

Option 1: 70% in year 1, 50% in year 2, 30% in year 3
Option 2: 50% across three years
Option 3: 30% across five years

The%20specs

%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3ETwin-turbo%2C%20V8%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3E8-speed%20automatic%20and%20manual%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E503%20bhp%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E513Nm%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3Efrom%20Dh646%2C800%20(%24176%2C095)%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3Enow%3C%2Fp%3E%0A

UAE v IRELAND

All matches start at 10am, and will be played in Abu Dhabi

1st ODI, Friday, January 8

2nd ODI, Sunday, January 10

3rd ODI, Tuesday, January 12

4th ODI, Thursday, January 14

Ni Jian: Why China and the UAE are brothers

Lin Yaduo: This is the time for facts, not fear

Bill Gates: How the world can end the pandemic

Profile box

Company name: baraka
Started: July 2020
Founders: Feras Jalbout and Kunal Taneja
Based: Dubai and Bahrain
Sector: FinTech
Initial investment: $150,000
Current staff: 12
Stage: Pre-seed capital raising of $1 million
Investors: Class 5 Global, FJ Labs, IMO Ventures, The Community Fund, VentureSouq, Fox Ventures, Dr Abdulla Elyas (private investment)

The National Archives, Abu Dhabi

Founded over 50 years ago, the National Archives collects valuable historical material relating to the UAE, and is the oldest and richest archive relating to the Arabian Gulf.

Much of the material can be viewed on line at the Arabian Gulf Digital Archive - https://www.agda.ae/en

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”