Hackers attempt to poison Florida water supply

The cyber criminals infiltrated a treatment plant through TeamViewer and boosted Sodium Hydroxide to dangerous levels

Aerial shot of a water treatment facility

Cyber criminals tried - and failed - to poison the water supply in a Floridian city by remotely infiltrating a water treatment facility and ramping up the Sodium Hydroxide (NaOH) levels.

The computer systems of a water treatment facility, located in the city of Oldsmar, Florida, were remotely breached twice on 5 February, according to a Floridian county sheriff, Bob Gualtieri.

On the second intrusion, which lasted three to five minutes, the hackers tried to ramp up the NaOH levels but were foiled as an operator was watching the attack in real-time.

It’s been widely reported that the cyber criminals infiltrated the plant through TeamViewer, which was installed on one of the operator machines. This legitimate software allows easy access to machines remotely from anywhere - and is often used for remote IT troubleshooting and technical assistance. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant at 8am. This was brief a brief intrusion, however, and didn’t alert any suspicion due to the fact that remote supervisors routinely access the system in such a way to monitor operations. 

A plant operator witnessed a second intrusion at 1:30pm later that day, watching the attacker opening various functions in the system that control the NaOH levels in the water. They manipulated the controls to boost these levels from roughly 100 parts-per-million to the potentially lethal levels of 11,100 parts-per-million. 

“What it is, is that somebody hacked into the system, not just once but twice, and controlled the system, took control of the mouse, moved it around, opened the programme and changed the levels from 100 to 11,100 parts-per-million with a caustic substance,” the sheriff Bob Gualtieri said at a press conference.

“In order to get into the system, somebody had to use some pretty sophisticated ways of doing it.”

Once the hackers exited the system, the plant operator immediately reduced the levels of NaOH. Because this was instant, there was no change to the water supply that serves roughly 15,000 residents.

Authorities in Oldsmar, located in Pinellas County, Florida, are investigating the security breach in conjunction with the FBI and other law enforcement agencies. Investigators don’t currently know whether the attack originated from inside the US or outside, nor what their motivations were.

Such an attack with potentially lethal consequences has been theorised over and war-gamed by IT and security teams across the US and the UK, but concrete examples are hard to come by. Researchers had previously warned in 2018 that smart city infrastructure contains many flaws that could allow hackers to cause havoc, turning them into a new breed of ‘supervillian’.

Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence told IT Pro his company has detected an increase in cyber incidents by novice hackers seeking to access and learn about industry systems in recent months.

“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve small populations,” he said. “Through remote interaction with these systems, actors have engaged in limited-impact operations but none of these cases has resulted in damage to people or infrastructure.” 

UK director at Orange Cyberdefense, Stuart Reed, meanwhile, said this is exactly the kind of assault on national infrastructure that cyber security experts have been fearing for years, reflecting on the potential impact such an incident might have in the UK. 

“It is frightening to think what might have happened if it was not for the vigilance of one of the plant's operators,” he said. “As the government and NHS wrestle with the pandemic, it's hard to imagine how the country could cope at this time if there was any major disruption to the UK's supply of electricity or water. 

“Nonetheless, key facilities worldwide are constantly being probed for weaknesses, and there are still significant concerns about the readiness of CNI to weather increasingly sophisticated cyber-attacks, with many facilities believed to run on out-of-date and vulnerable IT systems. 

“The incident in Florida will go down as yet another near miss, but it is clear that CNI will remain a key target for hackers - inaction can no longer be tolerated.”

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021