Hackers on Friday gained unauthorized entry into the computer system controlling a water treatment facility in the city of Oldsmar, Florida and sought to add a “dangerous level” of additive to the water supply, according to a report from the Tampa Bay Times.
The incident first took place on February 5th at Oldsmar’s water treatment facility when around 8 a.m. a plant operator noticed someone remotely accessing the computer system he was monitoring. This system is responsible for controlling the chemicals and other operations of the water treatment plant.
Since the computers are set up for allowing remote access to supervisors to troubleshoot from different locations, the operator did not think much of the incident. However, it happened again that afternoon at about 1:30 p.m., as the operator could see someone taking control of the mouse and opening various software functions that control the water treatment.
The hacker spent around five minutes in the system and briefly increased the amount of sodium hydroxide, also known as lye, in the water from 100 parts per million to 11,100 parts per million. After the second attempt, the plant operator at the water supply plant immediately reset the levels of sodium hydroxide to normal.
“This is obviously a significant and potentially dangerous increase sodium hydroxide also known as lye is the main ingredient in drain cleaners. It’s also used to control water acidity and remove metals from drinking water,” Pinellas County Sheriff Bob Gualtieri said during a news conference on Monday.
“In these mega quantities, it’s a caustic substance. I’m not a chemist, but it is the primary ingredient in liquid drain cleaners. It’s lye. I want to stress, it would have been caught. But if you want to put that amount of substance in the drinking water, it’s not a good thing. The amount of sodium hydroxide that got in was minimal and was reversed quickly.”
Oldsmar Officials said other safeguards in place to prevent the increased chemical would have likely caught the change before it was released to the public.
Gualtieri added, “At no time was there a significant adverse effect on the water being treated. Importantly, the public was never in danger. Even if the plant operator had not quickly reversed the increased amount of sodium hydroxide, it would’ve taken between 24 and 36 hours for that water to hit the water supply system.”
The Oldsmar plant supplies water to businesses and about 15,000 residents. Oldsmar officials have since temporarily disabled remote access programme to the water system.
The FBI along with the Secret Service and the Pinellas County Sheriff’s Office are trying to determine who is behind the hack. Gualtieri said he does not know who is responsible for the cyberattack.
“The important thing is to put everyone on notice. Obviously, these investigations are very complicated. We don’t know right now if the breach originated within the United States, or outside the country. We also do not know why the Oldsmar system was targeted and we have no knowledge of any other systems being unlawfully accessed,” Gualtieri added.