With regard to news that hacker remotely accessed control system for water treatment plant in Florida to increase lye level, it's no surprise these are accessible online. Have been for yrs. But it sounds like they maybe didn't have 2-factor authentication set up to protect it
Here's a story I wrote in 2012 about critical industrial control systems accessible over the internet and easily discovered through a Shodan search wired.com/2012/01/10000-…
And in 2013 I wrote about a researcher who used Masscan to find systems using port 5900 (the port used by VNC and TeamViewer remote-management software). He found 30,000 connected systems that did not require authentication to access them wired.com/2013/11/intern…
Note that Florida authorities said there were "redundancies" in place that would have prevented the lye from getting to drinking water. Safety systems do detect things like this, but safety systems, depending on how they're configured, can *potentially* also be subverted.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Wife of US diplomat who killed teen in UK while driving on wrong side of road was working for a US intelligence agency, as was her husband, her lawyer says, and that’s why she fled the UK after the accident. washingtonpost.com/world/europe/a…
Previously it had only been known that her husband was working for US gov at a Royal Air Force base in Croughton, England — a base known to be used by US intel agencies. The revelation raises questions about whether she should have had diplomatic unity to avoid prosecution in UK.
A 1995 agreement w/ US stipulates that American staff at Croughton base can’t claim diplomatic immunity to avoid prosecution. British gov was told the woman was the spouse of a diplomat. But if she was an intel employee at Croughton, she should not have been allowed to leave UK.
Russian doctor who treated Navalny after poisoning has died suddenly in the intensive care unit where Navalny was treated. Reports say his blood pressure shot up to 250 suddenly, before he died of a heart attack dailymail.co.uk/news/article-9…
The news of the Russian doctor's death reminds me of this clip from last month, showing another doctor and ally of Navalny playing the piano as police raided her apartment
This piece says that the 55 yr old Russian doctor who died this wk had lost all his family members in a year, including both parents. The implication is that he was under a lot of stress and this may have led to the heart attack. content.novayagazeta.ru/news/2021/02/0…
Interesting piece. John Sullivan (aka Jaydenx) posted one of most compelling videos of insurrection that showed him alternating between being part of mob and telling police he was media covering it (he told Capitol police repeatedly in vid that they should not resist the crowd)
“There has never been a clean way to delineate professional journalists from everyone else...Defining [it] too narrowly risks excluding freelancers and correspondents from nontraditional outlets; defining it too broadly could mean including anyone w/ a cell phone and YouTube acct
SolarWinds hackers who breached federal court system “probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants”
“Until recently, even the most secretive material—about wiretaps, witnesses and national security concerns—could be filed electronically. But that changed” after SolarWinds breach. Under new rules highly sensitive documents have to be printed out and hand-delivered to courthouse
“Criminal, civil and bankruptcy filings are believed to have been compromised, but not the Foreign Intelligence Surveillance Court system, which handles national security surveillance warrants, according to the court employees.”
Former Buzzfeed employee known as “Baked Alaska” who participated in the Capitol insurrection also allegedly participated in a vote fraud scheme in 2016 that tricked thousands of people into thinking they could cast vote for Hillary by phone nytimes.com/2021/01/27/nyr…
“As a result of the misinformation campaign, prosecutors said, at least 4,900 unique phone numbers texted the number in a futile effort to cast votes for Mrs. Clinton.”
“The co-conspirators were not named in the complaint, but one of them was Anthime Gionet, a far-right media personality known as ‘Baked Alaska,’ who was arrested after participating in the Jan. 6 riot at the U.S. Capitol, according to a person briefed on the investigation”
Former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over 4+ yrs, particularly in homes of attractive women to spy on them while they undressed, slept, or had sex buzzfeednews.com/salvadorhernan…
The ADT technician did this simply by adding his personal email address to ADT Pulse accounts - Pulse lets customers check their security cameras remotely. He claimed he had to add himself to acct to test security system, but other times he simply added without telling customers
ADT is facing three federal lawsuits so far over this for allegedly failing to “implement adequate procedures that would prevent non-household members from adding non-household email addresses" to the customer accounts.