Special Report: Hacker Intrusion of Florida Treatment Facility Attempted to Raise Levels of Caustic Lye in Water Supply

Little is known about the intrusion aside from the hacker's unauthorized entry via TeamViewer, Sheriff brands the attack "sophisticated" although some infosec pros disagree

A press conference hosted by Pinellas County, Florida, Sheriff Bob Gualtieri, which included Mayor Eric Seidel and City Manager Al Braithwaite of the 15,000-person City of Oldsmar, laid out details of an intrusion of the city’s water treatment system during which a hacker tried to change the city’s water supply levels of sodium hydroxide from 100 parts per million to 11,100 parts per million. Sodium hydroxide, also known as lye or caustic soda, the main ingredient in drain cleaners, regulates the PH level of water in low concentrations. In high concentrations, it’s deadly.

The hacker used remote access software called TeamViewer to gain entry to the system and began remotely operating a mouse on a targeted computer, an activity noticed by an IT staff member watching the screen, who initially thought it was his supervisor working remotely. Later, the employee spotted the changes to the sodium hydroxide levels and returned them to normal.

Officials say even if the altered levels hadn’t been noticed, alarms and redundancy in the system would have barred contamination of the water supply and ensuing mass casualty.

Beyond these bare-bones details, little is known about the attack. The attacker could be a nation-state or a script kiddie. “We don’t right now whether the breach originated in the United States or outside the country,” Gualtieri said in his press conference. Many cybersecurity experts downplayed the idea that the attack was a sophisticated one, particularly given the ease of entry via TeamViewer.

But, it’s not easy to navigate around an industrial control environment, as a column I wrote last year in the wake of eerily similar attacks on Israel’s water supply, outlines. “It’s not just an accident when you are taking [sodium chloride] from 100 parts per million to 11,100 parts per million,” Gualtieri said during the conference. “In order to get into the system, somebody had to use pretty sophisticated ways of doing it.”

What is clear is that underfunded local water systems — there are 70,000 total in the U.S. — tend to lack cybersecurity expertise and generally need more tools, guidance, and money to ensure better security.

Moreover, water systems would be well equipped if they follow certain security fundamentals laid out by their expert organizations..

Gualtieri said that his office is asking all governmental entities in the Tampa Bay area with critical infrastructure components to actively review their computer security protocols and make any necessary updates consistent with the most up-to-date practices. Meanwhile, the FBI and the Secret Service are involved in investigating the incident.

Related: Sky NewsRaw StoryDevdiscourse News DeskThe VergeDaily MailWiredReddit - cybersecurityDigital Trends, The Hill: CybersecurityEngadgetFast CompanyFast CompanyUbergizmoiTnews - SecurityThe IndependentSecurityWeekNBC NewsForbesMy Sun CoastABC.net.auNew York TimesBleeping Computer, CBSNews.comNewsweek, The RegisteriTnews - SecurityDigital JournalChannel News AsiaDark ReadingZDNetTribLIVE Today's StoriesThe GuardianAP Top NewsThe GuardianReuters: World NewsDataBreaches.netRaw StoryNew on MIT Technology ReviewWashington ExaminerMotherboardMediaiteArs TechnicaRT USASecurity AffairsBusiness InsiderSC Magazine, TelegraphCNN.comGizmodoBBC News, Graham CluleyNew York PostMashableSiliconANGLEThe SunNews.com.au, Mercury NewsCyberscoopSouth China Morning PostSlashdotFuturismCyberscoopSlashdot

Photo by John Cameron on Unsplash