Click Here To Kill Everybody
Power Corrupts
Brian Klaas
4.8 • 2K Ratings
🗓️ 7 September 2021
⏱️ 49 minutes
🧾️ Download transcript
Summary
In early 2021, hackers infiltrated the software that controlled the city’s water supply in Oldsmar, Florida. Through dumb luck, they caught the intrusion shortly after the hacker tried to poison the city’s water.
This hack was part of a growing array of attacks against the Internet of Things, objects that used to operate offline but are now connected to the internet—and therefore vulnerable to hacking. From Wi-Fi enabled tea kettles to cars that can be taken over remotely to knocking power out for entire countries using smart thermostats, the risks are everywhere. We’re just lucky there hasn’t been an Internet of Things attack that has been on the scale of 9/11 or Hiroshima – yet.
Guests this episode include Bruce Schneier, the author of Click Here to Kill Everybody; Nicole Perlorth, a reporter for the New York Times, Ken Munro, an ethical hacker, and Chris Valasek, a hacker who remotely took over a Jeep a few years ago and now works as the Director of Product Security at Cruise.
To check out Nicole’s book, click here: https://www.bloomsbury.com/us/this-is-how-they-tell-me-the-world-ends-9781635576061/
To buy Bruce’s book, click here: https://www.schneier.com/books/click-here/
And to read about Chris’s Jeep Hack as reported in Wired, click here: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Pre order Brian's book - https://www.simonandschuster.com/books/Corruptible/Brian-Klaas/9781982154097
Support the show on Patreon at Patreon.com/powercorrupts
Transcript
Click on a timestamp to play from that location
| 0:00.0 | This was always my worst nightmare, that hackers would get into our water supply and use digital |
| 0:08.8 | means to poison the water supply. And it would really be the silent killer of attacks. And I knew |
| 0:16.4 | just from my work covering vulnerabilities and attacks over the last decade that it was entirely |
| 0:22.6 | feasible. No one had tried it yet. On Friday morning at about eight o'clock, a plant operator |
| 0:28.8 | at the Oldsmart Water Treatment Facility noticed that someone remotely accessed the computer |
| 0:34.2 | system that he was monitoring. Last February, officials in Oldsmart, Florida said that the previous |
| 0:42.7 | Friday, an engineer happened to be, thank God, sitting at his computer. When someone took over |
| 0:49.9 | the cursor attached to his mouth, even though his hand wasn't moving, and started clicking |
| 0:55.6 | around this water treatment facilities controls until they found the controls that dictate how |
| 1:03.8 | much chemical of the chemical lie, L-Y-E, goes into the water. The computer system was set up with |
| 1:11.2 | a software program that allows for remote access where authorized users can troubleshoot system |
| 1:17.6 | problems from other locations. The remote access at eight o'clock on Friday morning was brief, |
| 1:23.9 | and the operator didn't think much of it because his supervisor and others will remotely access |
| 1:29.7 | his computer screen to monitor the system at various times. The person remotely accessed the |
| 1:35.9 | system for about three to five minutes opening various functions on the screen. The hacker changed |
| 1:42.4 | the sodium hydroxide from about 100 parts per million to 11,100 parts per billion. |
| 1:51.0 | That is an amount that could have really badly thickened the population of this Florida town |
| 1:57.2 | when they were already experiencing this big surge in COVID, and so you can imagine what would happen |
| 2:04.2 | if suddenly you saw this huge influx of people rushing to hospitals at that one moment. |
| 2:12.4 | Because the operator noticed the increase in lowered it right away, at no time was there a significant |
| 2:17.3 | adverse effect on the water being treated. Importantly, the public was never in danger. |
| 2:23.9 | Fortunately, it just so happened that this guy was sitting out his computer as this cursor was |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Brian Klaas, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Brian Klaas and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.