[dialamac]

Love that it was a “hacker” rather than a bored teenager or some casual idiot, or even a disgruntled former or current employee. Invoking the hacker term I guess is supposed to make it absolve gross negligence in even the most basic security practices. It makes me sad to think this spin actually works.

[tgsovlerkhgsel]

This is basically "some kid turned a control valve to fully open".

The question to ask is "why was the valve next to a public road with no fence and no lock?

[neolog]

What does the age or casualness of the hacker have to do with anything?

[guerrilla]

It has to do with how responsibility is percieved here. Different rhetoric will have different results for the same facts.

[crystalmeph]

If the system is open to a l33t scr1pt k1dd13 who’s hacking knowledge consists of copy-pasting from 2600 articles, it speaks to a system that would stand no chance against a well-resourced adversary. This kind of thing may well be a new kind of front the next time we get into a shooting war “over there.”

[young_unixer]

It's an indicator for the level of incompetence of the hacked party.

[runarberg]

I guess the issue is with the word ‘hacker’. I guess using a more descriptive and accurate word like attacker, vandal, or terrorist is more apt here.

[jobigoud]

Attacker and terrorist convey the same thing as hacker, that it was not negligence but a very motivated enemy. Vandal works better.

[runarberg]

Hacker is someone that finds a way to use a thing out side of the designed purpose. There is no value judgement in the word alone, and the word does not say whether the hacker is hacking with an intent to do harm. This is normally not how news media frames criminals, as they tend to use words which assign guild to the guilty, (like criminal, thieve, burglar, sexual predator, etc.). Attacker, vandal, and terrorist all do that, while hacker doesn’t.

[justaman]

If it calls attention to vulnerable infrastructure in the US, good. We need to put a lot more tax dollars into securing these systems.

[amelius]

It will only call attention if the relevant municipalities are fined for negligence and/or the responsible managers punished.

[toomuchtodo]

Only if those dollars are used effectively.

If you’re just checking a checkbox and not actually securing the system, you’re no better off.

[brendoelfrendo]

Right, but the concern is that if we focus too much on the "hacker" and not enough on the vulnerable infrastructure, we may spend all our tax dollars chasing computer criminals instead of preventing computer crime. As a general rule, I don't like blaming the victims of a crime for falling victim... but the real victims here are the people downstream of the water supply, and we shouldn't absolve industry or infrastructure operators of negligence because some scary hacker attacked them.

[suyash]

Or it could be a state actor from another country who executed a well planned attack.

[not2b]

I would think a state actor would be stealthier. But I suppose it could be a test of defenses against such an attack.

[ogre_codes]

This was my gut instinct too. Some high school kid or just a random hacker who stumbled across it is just as likely as anything else.

[gowld]

A random hacker is a hacker.

[jobigoud]

The threat model is different. Any such system should not be vulnerable to someone that is not even trying very hard and is not an insider attacker.

[amenghra]

I thought we had all agreed that "Chinese hackers" was the correct term to use /s.

[nix23]

You forgot Russians/N.Koreans or Iranians...it's a flavor question.