Florida officials say the hacker gained remote access to a local water treatment center, trying to increase the amount of sodium hydroxide in the water to “potentially dangerous” levels. Fortunately, no one harmed by this cyber age equivalent to poisoning the well, and the problem was quickly resolved. However, police are still searching for those responsible, and it is uncertain whether the attack came from outside the United States.
The attack happened Friday, Feb. 5, on the OldsmarWater Treatment Plant, a town of about 15,000 people in the northern part of Tampa Bay, Florida. Speaking at a news conference Monday, officials said an operator of the city’s water treatment system first tried to access the system on Friday morning, but assumed it their supervisor who had remote access to the computer.
Another violation was made later in the afternoon. At around 13:30, the operator said that they had noticed that their mouse cursor had opened the minimum software bits on the computer with their screen. Although the hackers had remote access to the computer system for only less than five minutes, they were able to increase the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.
“This is certainly a significant and potentially dangerous increase,” Pinellas County Sheriff Bob Gualtieri told reporters at the news conference. Sodium hydroxide, also known as lye, is a chemical that used to control the acidity of water, but it also used in a number of industries and manufacturers, especially as the main ingredient in liquid drain cleaners and oven cleaners. In the case of high concentrations, it can cause irritation to the eyes, skin and mucous membranes as well as temporary damage to the hair. “I’m not a chemist, but I can tell you what I know … It’s not a good thing if you put that amount in drinking water,” Gualtieri said.
Police are working with the FBI and intelligence agencies to find a person or persons responsible for security breaches. They say they have some lead, but no suspects have identified so far. It is also unclear why Oldsmar’s water treatment system targeted. However, Gualtieri insisted that the situation was immediately recognized and resolved by the operator, adding, “The public never in danger.” This is because it took at least 24 hours for the public to have access to drinking water, at which time the problem could solved.
Authorities have highlighted that many government services, not just public water works, could be at risk of similar cyberattacks. A woman died last year at Dusseldorf University Hospital in Germany after a severe cyberattack disable her computer system.