Florida water hack revealed
Hackers have attempted to poison the water supply of a town in the US.
A malicious actor reportedly took control of a plant operator’s computer at the water treatment facility in Oldsmar, Florida.
The operator said he saw his mouse pointer dash around his screen over the course of a few minutes, until it found the software that controls the water’s levels of sodium hydroxide, also known as lye.
The hacker attempted to raise the levels of sodium hydroxide by more than 100 fold, up to a level that could sicken residents and corrode pipes. The level would have been pumped from about 100 parts per million to 11,100 parts per million.
Luckily, the operator was able to undo the change moments later, preventing potential catastrophe.
The town of Oldsmar uses chemicals to make water that it extracts from the ground drinkable.
Sodium hydroxide can balance the pH of the water, which is often fairly acidic when first comes out. The sodium hydroxide is also used to prevent pipes from deteriorating, but massive levels of the chemical would have the opposite effect, potentially increasing corrosion.
The water management facility also has alarm systems and checkpoints in place that would have caught the change in the pH of the water if the plant operator had not been able to fix the hacker’s changes.
“At no time was there a significant adverse effect on the water being treated,” Pinellas County Sheriff Bob Gualtieri said at a news conference following the event.
“Importantly, the public was never in danger.”
But the attempt appears to have exposed some flaws in the cybersecurity of some vital physical systems.
The plant operator said he did not initially think anything was amiss when he mouse started moving on its own, as supervisors commonly used the TeamViewer software to “monitor the system.”
TeamViewer spokesperson Patrick Pickhan says the company is “monitoring the situation” and condemns “any malicious behavior” on its software.
The company claims it was not hacked.
“We don’t have any indication that our software or platform has been compromised,” Mr Pickhan said.
“TeamViewer stands ready to support relevant authorities in their investigation of the technical details such as how the cyber criminals potentially obtained login credentials, which are set and encrypted solely on the device.”
The local sheriff’s office says it has opened an investigation in partnership with the FBI and Secret Service.