Hackers breached the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting altering the levels of sodium hydroxide (NaOH) in the water to a dangerous level.
The attackers targeted the City of Oldsmar’s computer system at its water treatment plant. According to the Pinellas County Sheriff’s Office press release, the attack took place last Friday, February 5, 2021.
“The initial intrusion at 8:00 a.m. was brief and not cause for concern due to supervisors regularly accessing the system remotely to monitor the system. At 1:30 p.m., a plant operator witnessed a second remote access user opening various functions in the system that control the amount of sodium hydroxide in the water. The operator noted the remote access user raised the levels of sodium hydroxide in the water. The operator immediately reduced the levels to their appropriate amount. The initial investigation revealed that the hacker remotely accessed the treatment plant’s computer for approximately 3 to 5 minutes,” the officials said.
“At no time was there a significant effect on the water being treated, and more importantly the public was never in danger,” Pinellas County Sheriff Bob Gualtieri said at a press conference held on February 8, 2021.
The City of Oldsmar’s computer system at the water treatment plant allows for remote access by authorized users to troubleshoot any system problems from other locations. The hackers got access to this system using the TeamViewer remote access tool and briefly raised the amount of sodium hydroxide from 100 parts-per-million to 11,100 parts-per-million.
Upon detecting the intrusion the plant employee alerted his employer, who contacted the sheriff. At present, it is unknown who is responsible for the attack, the investigation continues.