IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers attempt to poison Florida water supply

The cyber criminals infiltrated a treatment plant through TeamViewer and boosted Sodium Hydroxide to dangerous levels

Aerial shot of a water treatment facility

Cyber criminals tried - and failed - to poison the water supply in a Floridian city by remotely infiltrating a water treatment facility and ramping up the Sodium Hydroxide (NaOH) levels.

The computer systems of a water treatment facility, located in the city of Oldsmar, Florida, were remotely breached twice on 5 February, according to a Floridian county sheriff, Bob Gualtieri.

On the second intrusion, which lasted three to five minutes, the hackers tried to ramp up the NaOH levels but were foiled as an operator was watching the attack in real-time.

It’s been widely reported that the cyber criminals infiltrated the plant through TeamViewer, which was installed on one of the operator machines. This legitimate software allows easy access to machines remotely from anywhere - and is often used for remote IT troubleshooting and technical assistance. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant at 8am. This was brief a brief intrusion, however, and didn’t alert any suspicion due to the fact that remote supervisors routinely access the system in such a way to monitor operations. 

A plant operator witnessed a second intrusion at 1:30pm later that day, watching the attacker opening various functions in the system that control the NaOH levels in the water. They manipulated the controls to boost these levels from roughly 100 parts-per-million to the potentially lethal levels of 11,100 parts-per-million. 

“What it is, is that somebody hacked into the system, not just once but twice, and controlled the system, took control of the mouse, moved it around, opened the programme and changed the levels from 100 to 11,100 parts-per-million with a caustic substance,” the sheriff Bob Gualtieri said at a press conference.

“In order to get into the system, somebody had to use some pretty sophisticated ways of doing it.”

Once the hackers exited the system, the plant operator immediately reduced the levels of NaOH. Because this was instant, there was no change to the water supply that serves roughly 15,000 residents.

Authorities in Oldsmar, located in Pinellas County, Florida, are investigating the security breach in conjunction with the FBI and other law enforcement agencies. Investigators don’t currently know whether the attack originated from inside the US or outside, nor what their motivations were.

Such an attack with potentially lethal consequences has been theorised over and war-gamed by IT and security teams across the US and the UK, but concrete examples are hard to come by. Researchers had previously warned in 2018 that smart city infrastructure contains many flaws that could allow hackers to cause havoc, turning them into a new breed of ‘supervillian’.

Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence told IT Pro his company has detected an increase in cyber incidents by novice hackers seeking to access and learn about industry systems in recent months.

“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve small populations,” he said. “Through remote interaction with these systems, actors have engaged in limited-impact operations but none of these cases has resulted in damage to people or infrastructure.” 

UK director at Orange Cyberdefense, Stuart Reed, meanwhile, said this is exactly the kind of assault on national infrastructure that cyber security experts have been fearing for years, reflecting on the potential impact such an incident might have in the UK. 

“It is frightening to think what might have happened if it was not for the vigilance of one of the plant's operators,” he said. “As the government and NHS wrestle with the pandemic, it's hard to imagine how the country could cope at this time if there was any major disruption to the UK's supply of electricity or water. 

“Nonetheless, key facilities worldwide are constantly being probed for weaknesses, and there are still significant concerns about the readiness of CNI to weather increasingly sophisticated cyber-attacks, with many facilities believed to run on out-of-date and vulnerable IT systems. 

“The incident in Florida will go down as yet another near miss, but it is clear that CNI will remain a key target for hackers - inaction can no longer be tolerated.”

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

UC Irvine selects Velodyne Lidar’s traffic-monitoring solution
smart city

UC Irvine selects Velodyne Lidar’s traffic-monitoring solution

28 Sep 2021
Derq moves into Qualcomm Smart Cities Accelerator Program
smart city

Derq moves into Qualcomm Smart Cities Accelerator Program

20 Aug 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022