Hacker Boosts Toxic Chemical Level 100-Fold at Water Plant

A hacker breached computer networks at a Oldsmar, Florida, water treatment plant, remotely delivering a 100-fold boost in a chemical that is highly dangerous in concentrated amounts, Bloomberg reported.

In an attack with the potential to harm public health, the hacker on Feb. 5 gained access to a city computer and changed the level of sodium hydroxide — which is used to remove metals and control acidity — from 100 parts per million to 11,100 parts per million, according to Bob Gualtieri, who serves as the sheriff of Pinellas County.

This is a “significant and potentially dangerous increase,” Gualtieri said at a Monday press conference.

The attacker briefly entered the computer system at 8 a.m. on Feb. 5, before leaving and returning about 1:30 p.m. for approximately three to five minutes, Gualtieri said. In that window, the operator of the water plant could see the attacker on screen — “with the mouse being moved about to open various software functions that control the water being treated in the system,” Gualtieri said.

As soon as the hacker left the computer system, the operator whose computer was remotely taken over immediately lowered the level of the chemical, also known as lye. This move prevented any harm to the public and the drinking water, Gualtieri said. He said there were additional prevention measures within the water system that would have prevented tainted water from reaching the public.

It isn’t yet known if the breach originated from the U.S., or outside of the country, Gualtieri said. Oldsmar, with a population of nearly 15,000, is located about 15 miles northwest of Tampa.

Mandiant, part of the cybersecurity company FireEye Inc., has observed an increase in attacks against industrial systems in the last year, according to the firm.

“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve a limited population set,” said Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence. Through “remote interaction with these systems,” the hackers have engaged in “limited-impact operations.”

None of those instances resulted in any harm to people or infrastructure, Zafra said. “We believe that the increasing interest of low sophisticated actors in industrial control systems is the result of the increased availability of tools and resources that allow malicious actors to learn about interact with these systems,” he added.

Gualtieri’s office launched a criminal investigation with the Federal Bureau of Investigation and the U.S. Secret Service. He asked that all government critical infrastructure operators within the Tampa Bay area review and update their security systems.

Be the first to comment

Leave a Reply

Your email address will not be published.