Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think there is alot more going on here than just some encrypted files.

The interim IT manager had to setup a new website for the city w/ new email addresses?

They lost control of DNS and registration of their domain, it seems.

SCADA systems for water pumps were inoperable.

Online payments no longer functioned.

This seems like a very premeditated attack to me.



Knowing all the "flat" networks I've seen that all sounds par for the course. Segmentation is still exotic (and met with either disdain or blank stares by software vendors). The attack damaged all those systems because, very likely, they were all accessible to each other and under one locus of control (probably a single Active Directory domain).


More than likely the SCADA systems themselves were fine, but the PCs for managing those systems were AD joined and people couldn't login to actually run the management software.

Its very common in custom hardware setups to have a standing system that interfaces with the physical hardware and PLC and then the user friendly software for instructing that controller on what you want to be on a PC talking to it over serial or the network. Obviously if the computer is inaccessible you can't adjust settings, but the system continues to run fine.


Right, but the story states otherwise.


SCADA functioning is not dependent on AD.

The AD server should be able to be destroyed without preventing the water supply from functioning.

I know of three small municipalities in my area (smaller than this town), and the utilities are not part of the flat network.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: