Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System

enaph

Level 29
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,857

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water.

During a press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an operator managed to catch the manipulation in real-time and restored the concentration levels to undo the damage.

"At no time was there a significant effect on the water being treated, and more importantly the public was never in danger," Sheriff Gualtieri said in a statement.

The water treatment facility, which is located in the city of Oldsmar and serves about 15,000 residents, is said to have been breached for approximately 3 to 5 minutes by unknown suspects on February 5, with the remote access occurring twice at 8:00 a.m. and 1:30 p.m.

The attacker briefly increased the amount of sodium hydroxide from 100 parts-per-million to 11,100 parts-per-million using a system that allows for remote access via TeamViewer, a tool that lets users monitor and troubleshoot any system problems from other locations.

"At 1:30 p.m., a plant operator witnessed a second remote access user opening various functions in the system that control the amount of sodium hydroxide in the water," the officials said.


Sodium hydroxide, also known as lye, is a corrosive compound used in small amounts to control the acidity of water. In high and undiluted concentrations, it can be toxic and can cause irritation to the skin and eyes.

It is not immediately known if the hack was done from within the U.S. or outside the country. Detectives with the Digital Forensics Unit said an investigation into the incident is ongoing.

Although an early intervention averted more serious consequences, the sabotage attempt highlights the exposure of critical infrastructure facilities and industrial control systems to cyberattacks.

The fact that the attacker leveraged TeamViewer to take over the system underscores the need for securing access with multi-factor authentication and preventing such systems from being externally accessible.

"Manually identify software installed on hosts, particularly those critical to the industrial environment such as operator workstations — such as TeamViewer or VNC," said Dragos researcher Ben Miller. "Accessing this on a host-by-host basis may not be practical but it is comprehensive."

"Remote access requirements should be determined, including what IP addresses, what communication types, and what processes can be monitored. All others should be disabled by default. Remote access including process control should be limited as much as possible."
 

Minimalist

Level 10
Verified
Well-known
Oct 2, 2020
451
Breached water plant employees used the same TeamViewer password and no firewall

The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.
 

Minimalist

Level 10
Verified
Well-known
Oct 2, 2020
451
Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top