Water Treatment Trouble


Hey all, Detective Cy here again!

While doing some research on cybersecurity crimes, I recently discovered that the number of municipalities that are hacked has been increasing every year! This is a serious issue, as malicious actors can drastically alter the dynamic of a municipality’s systems the moment they are compromised. In fact, one municipality very recently fell victim to just such an attack!

A group of hackers was able to infiltrate the water treatment plant’s computer network. This gave them the ability to manipulate the local water filter controls, which could have led to countless residents becoming sick. In order to help protect the people of the township, I began an investigation into how the hackers got control of the system.

After interviewing municipality personnel, I discovered that an employee had noticed his computer was being controlled by an external user one morning. The employee ignored this strange occurrence, since the municipality allows supervisors to access employee computers remotely. Later that day, the same employee noticed a program on their monitor stating that the water filter levels had been changed.

Once I had access to the computer in question, I was able to trace the attack back to an email the employee had received the previous day. They had clicked on a malicious link within the email, which downloaded a malware program onto their computer.  The hacker was then able to access the municipality’s systems and change the water filter levels, putting the residents in harm’s way.

Having discovered the source of the crime, I quickly contacted law enforcement. Fortunately, the Sheriff and his team were able to resolve the issue before any lasting harm could be done. Yet, the initial chaos demonstrated how vulnerable their system was to external attack.  Even worse, the municipality was forced to spend a substantial amount of time and money on recovering their systems.

Thankfully, there are a few steps you can take to prevent your municipality from becoming a victim of a similar attack. Remember to always check the sender of every email you receive to ensure they are from a reliable source. You should also hover your cursor over any links in an email before clicking on them. This will help confirm that the link isn’t directing you to an unknown, and possibly malicious, source.

Lessons Learned:

  • Always verify the sender of emails you receive. If necessary, you can call the sender or reply to the email.
  • Always hover your cursor over links in an email to ensure the URL is legitimate and not masking an unknown site.
  • Never click links in an email unless you trust the sender.

Report suspicious emails to your IT department.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email


blog image
Detective Cy

The Overdue Deception

Hello all, Detective Cy here! Did you know that cybercrimes that target municipalities come in a variety of deceptive forms?

Detective Cy

The Gift Card Grift

Hello all, Detective Cy here! Did you know that there has been a significant increase in cyber-attacks since the beginning