posted on May, 10 2021 @ 08:18 AM
A lot of people don't realize that bluetooth can be hacked, and a lot of industrial equipment comes with bluetooth functionality. Most places I've
worked never use the bluetooth, so whenever I would see it I would turn it off. It's useless in my opinion, but some companies think it's a good idea
for people to be able to use their cell phones to control equipment.
I haven't seen any reliable information about this hack other than it's ransomware, so that makes it seem it was some dummy who clicked an e-mail they
shouldn't have, or possibly connected their cell phone to a computer like a dumbass.
IT definitely didn't do their job in setting up their network to prevent such a thing from happening.
Computers that are connected to critical equipment should be unable to be accessed by an open network. There should be a front end firewall, a
VLAN/DMZ, and ideally completely and physically disconnected from every other network. I loved working at locations where I had to physically connect
my toughbook to a piece of equipment.
It's nice to be able to connect remotely, but the vast majority of the time remote access was a pain in the ass and not set up correctly, and I found
most of the time I could get through by getting around the security protocols which were almost always expired or bootlegged.
So, all that being said it doesn't surprise me much that they got hacked.
And being that the pipeline was built in the 60s I wouldn't be surprised one bit if they were using obsolete equipment and using Unix on some
equipment or upgraded to Windows 95 and never since.