OLDSMAR, FL- During a news conference on Monday, February 8th, Pinellas County Sheriff Bob Gualtieri announced that a hacker gained unauthorized entry to the system that controls the water treatment place of a Florida city of 15,000 and tried to taint the water supply with a caustic chemical.
According to cybersecurity experts, this type of hacking exposes a type of danger that has grown as systems become both more computerized and accessible via the internet.
Reportedly, the hacker who breached the system at the city of Oldsmar’s water treatment plant used a remote access program shared by plant workers and briefly increased the amount of sodium hydroxide by a factor of one hundred (from 100 parts per million to 11,100 parts per million).
Sodium hydroxide, also called lye, is used to treat water acidity. However, the compound is also found in cleaning supplies such as soaps and drain cleaners and in larger quantities, it can cause irritation, burns, or other complications.
Gualtieri said that a supervisor at the water plant saw the chemical being tampered with, as he saw a mouse controlled by the intruder move across the computer screen changing settings and was able to intervene and immediately reverse it.
Florida water plant was hacked via TeamViewer, but the facility hadn’t used TeamViewer in six months.
“the TeamViewer program remained in place but unused, providing the door through which the intruder entered and gained full access to the system.”https://t.co/KdaBqC8dIz
— Robert McMillan (@bobmcmillan) February 9, 2021
The plant worker first noticed the unusual activity around 8 a.m. on Friday, February 5th when someone briefly accessed the system, but thought little of it because co-workers regularly access the system remotely.
However, later that day around 1:30 p.m., someone accessed it again, took control of the mouse and directed it to the software that controls water treatment, proceeding to increase the amount of sodium hydroxide.
Gualtieri reiterated that the public was never in danger, but that the intruder did take the “sodium hydroxide up to dangerous levels.” He said the intruder was active for three to five minutes and when the exited, the plant operated immediately restored the proper chemical mix.
Since the incident, Oldsmar officials have disabled the remote-access system and said other safeguards were already in place to prevent the increased chemical from getting into the water.
Some of these safeguards like manual monitoring, would have caught the change in the 24 to 36 hours it took before it would have reached the water supply.
FBI Cyber Unit Trying To Determine Who Hacked Florida Water Plant https://t.co/5mB2KEaGGC
— The Florida Voice (@TheFlaVoice) February 9, 2021
According to experts, municipal water and other systems have the potential to be easy targets for hackers because local governments’ computer infrastructure tends to be underfunded.
Robert M. Lee, CEO of Dragos Security and a specialist in industrial control system vulnerabilities, said remote access to industrial control systems such as those running treatment plants has become increasingly common. He said:
“As industries become more digitally connected we will continue to see more states and criminals target these sites for the impact they have on society.”
Florida water treatment plant hacked. Could’ve gotten ugly. https://t.co/iNopv9BeSY
— South Coast Politics (@PoliticsCoast) February 9, 2021
What concerns experts most is the potential for state-backed hackers intent on doing serious harm targeting water supplies, power grids, and other vital sources. Tarah Wheeler, a Harvard Cybersecurity Fellow, said communities should take every precaution possible when using remote access technology on something a critical as a water supply. She said:
“The systems administrators in charge of major civilian infrastructure like a water treatment facility should be securing that plant like they’re securing the water in their own kitchens.”
“Sometimes when people set up local networks, they don’t understand the danger of an improperly configured and secured series of internet-connected devices.”
Investigators said it was not immediately clear where the attack came from, whether the hacker was domestic or foreign. The FBI along with the Secret Service and the Pinellas County Sheriff’s Office are currently investigating the case… Via – Law Enforcement Today