Source: https://www.abc.net.au/news/2021-02-09/hackers-remotely-gain-access-to-a-florida-city-water-treatment/13134818

Key points:

  • Hackers increased the amount of sodium hydroxide in the water
  • An employee whose computer was hacked noticed and alerted his employer
  • The water treatment facility was able to quickly revert the command

Hackers have broken into a water treatment facility that serves the town of Oldsmar in Florida and attempted to poison the water supply.

The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility to gain control of other systems, Sheriff Bob Gualtieri said.

“The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up, [telling him] that the computer has been accessed,” he said.

“The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.”

The hackers then increased the amount of sodium hydroxide, also known as lye, being distributed into the water supply.

The chemical is typically used in small amounts to control the acidity of water, but at higher levels it can be very dangerous.

It can cause irritation, burns and other complications if consumed in large quantities.

The plant employee noticed the change and alerted his employer, who called the sheriff.

The water treatment facility was able to quickly revert the command, leading to minimal impact.

“The amount of sodium hydroxide that got in was minimal and was reversed quickly,” Sheriff Gualtieri said.

The affected water treatment facility is a public utility owned by the local town, and has its own internal IT team, he said.

The FBI and Secret Service have been called in to assist in an investigation.

Sheriff Gualtieri said he does not know who is responsible for the cyberattack.

“The important thing is to put everyone on notice,” he said.

He said the city’s water supply was not affected and the public was “never in danger”.

“At no time was there a significant adverse effect on the water being treated,” Sherriff Gualtieri said.

Officials said other safeguards in place likely would have caught the change before it reached the water supply.

The remote-access system the hacker was able to use has since been disabled.

The treatment plant that was targeted provides water to businesses and about 15,000 residents, authorities said.

 

If you’d like discuss your water safety requirements, contact us here.

Connect with us on Facebook or LinkedIn to stay up to date.