A computer hacker attempted to poison the water supply of a city in Florida, local police on Monday, February 8.
The unknown perpetrator was able to remotely access the water treatment system of the city of Oldsmar — population 15,000 — on Friday, February 5, and increase the level of sodium hydroxide (also known as lye) by more than 100 times. The chemical is usually used in small quantities to control the water’s acidity, but if ingested in large amounts could cause burns and other problems.
An attentive plant operator noticed the increased levels of lye, prompting the worker to take action to bring the level back to normal.
Pinellas County Sheriff Bob Gualtieri said during a press conference on Monday: “The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million.”
While the plant operator clearly did great work to spot the anomaly and take corrective action, Gualtieri said systems are already in place to automatically check for tainted water, so in theory the poisoned supply would never have reached residents’ homes.
“Importantly, the public was never in danger,” the sheriff said.
Offering more details about Friday’s attack, Gualtieri explained how the worker had been using software that controls the chemicals and other operations at the water treatment plant. The software allows for remote access to allow authorized users to troubleshoot any system problems that arise.
At about 1:30 p.m., the worker noticed that someone had accessed the computer system, with the remote operator moving the mouse around the screen to open various software that controls the treatment of the water. In the space of around four minutes, the worker saw that the remote operator started altering the amount of sodium hydroxide entering the water supply. The worker could see this happening in real time, prompting them to immediately reduce the level of the chemical back to the regular amount.
Law enforcement, including the FBI, are now investigating the hack to try to determine if it was carried out from within the U.S. or outside the country.
The incident will surely come as a shock to those in charge of critical infrastructure, and provides a wake-up call to ensure proper measures are in place to prevent hackers from causing potentially untold damage. Indeed, Oldsmar Mayor Eric Seidel said during the press conference: “The important thing is to put everybody on notice … to make sure that everyone realizes that these kind of bad actors are out there, it’s happening, so really take a hard look at [your defenses].”
