Hackers attempt to poison Florida water supply

The cyber criminals infiltrated a treatment plant through TeamViewer and boosted Sodium Hydroxide to dangerous levels

Aerial shot of a water treatment facility

Cyber criminals tried - and failed - to poison the water supply in a Floridian city by remotely infiltrating a water treatment facility and ramping up the Sodium Hydroxide (NaOH) levels.

The computer systems of a water treatment facility, located in the city of Oldsmar, Florida, were remotely breached twice on 5 February, according to a Floridian county sheriff, Bob Gualtieri.

On the second intrusion, which lasted three to five minutes, the hackers tried to ramp up the NaOH levels but were foiled as an operator was watching the attack in real-time.

It’s been widely reported that the cyber criminals infiltrated the plant through TeamViewer, which was installed on one of the operator machines. This legitimate software allows easy access to machines remotely from anywhere - and is often used for remote IT troubleshooting and technical assistance. 

The incident took place over the course of the day, with hackers first infiltrating the Oldsmar water treatment plant at 8am. This was brief a brief intrusion, however, and didn’t alert any suspicion due to the fact that remote supervisors routinely access the system in such a way to monitor operations. 

A plant operator witnessed a second intrusion at 1:30pm later that day, watching the attacker opening various functions in the system that control the NaOH levels in the water. They manipulated the controls to boost these levels from roughly 100 parts-per-million to the potentially lethal levels of 11,100 parts-per-million. 

“What it is, is that somebody hacked into the system, not just once but twice, and controlled the system, took control of the mouse, moved it around, opened the programme and changed the levels from 100 to 11,100 parts-per-million with a caustic substance,” the sheriff Bob Gualtieri said at a press conference.

“In order to get into the system, somebody had to use some pretty sophisticated ways of doing it.”

Once the hackers exited the system, the plant operator immediately reduced the levels of NaOH. Because this was instant, there was no change to the water supply that serves roughly 15,000 residents.

Authorities in Oldsmar, located in Pinellas County, Florida, are investigating the security breach in conjunction with the FBI and other law enforcement agencies. Investigators don’t currently know whether the attack originated from inside the US or outside, nor what their motivations were.

Such an attack with potentially lethal consequences has been theorised over and war-gamed by IT and security teams across the US and the UK, but concrete examples are hard to come by. Researchers had previously warned in 2018 that smart city infrastructure contains many flaws that could allow hackers to cause havoc, turning them into a new breed of ‘supervillian’.

Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence told IT Pro his company has detected an increase in cyber incidents by novice hackers seeking to access and learn about industry systems in recent months.

“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve small populations,” he said. “Through remote interaction with these systems, actors have engaged in limited-impact operations but none of these cases has resulted in damage to people or infrastructure.” 

UK director at Orange Cyberdefense, Stuart Reed, meanwhile, said this is exactly the kind of assault on national infrastructure that cyber security experts have been fearing for years, reflecting on the potential impact such an incident might have in the UK. 

“It is frightening to think what might have happened if it was not for the vigilance of one of the plant's operators,” he said. “As the government and NHS wrestle with the pandemic, it's hard to imagine how the country could cope at this time if there was any major disruption to the UK's supply of electricity or water. 

“Nonetheless, key facilities worldwide are constantly being probed for weaknesses, and there are still significant concerns about the readiness of CNI to weather increasingly sophisticated cyber-attacks, with many facilities believed to run on out-of-date and vulnerable IT systems. 

“The incident in Florida will go down as yet another near miss, but it is clear that CNI will remain a key target for hackers - inaction can no longer be tolerated.”

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Derq moves into Qualcomm Smart Cities Accelerator Program
smart city

Derq moves into Qualcomm Smart Cities Accelerator Program

20 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021