Florida city water system hack ‘puts everyone on notice’

A criminal investigation is underway after hackers broke into the computer system of the City of Oldsmar’s water treatment plant and tried to remotely raise chemicals to unsafe levels.

On Friday, the cyber intruder attempted to add dangerous levels of sodium hydroxide into the system which supplies drinking water – from the safe setting of 100 parts per million up to 11,100 parts per million. This was thwarted when an operator saw what was happening and raised the alarm.

At a press conference on February 8, Pinellas County Sheriff Bob Gualtieri said: “At no time was there a significant effect on the water being treated, and more importantly the public was never in danger.”

Sodium hydroxide is also known as lye or caustic soda. The chemical is used at low concentrations to regulate the PH level of potable water but at high levels it is highly corrosive and damaging to human tissue.

Gualtieri said it would have taken between 24 and 36 hours for contaminated water to hit the supply system and that there are redundancies and checks in place which would have prevented the water from being released.

But Mayor Eric Seidel warned: “The redundancies that we have in place work, but everybody should be on notice…these bad actors are out there.”

Gualtieri said he had been in touch with other city and county officials in the area, noting: “The thing I want to stress is that this type of activity and this hacking of critical infrastructure is not necessarily limited to just water supply systems. It can be anything, it could be sewer systems, it could be a whole variety of things and could really be problematic. We want to make sure that we’re paying close attention to all of it.”

Remote access

Oldsmar has a population of around 15,000. The attack happened on Friday, February 5 and the city’s computer system was remotely accessed at 8.00 am and 1.30 pm by an unknown party.

The Sheriff has said that the hacker appears to have gained entry via remote access software TeamViewer, which the plant uses to allow monitoring and troubleshooting from off-site.

At first, the plant operator was not concerned when he saw the computer mouse moving strangely on the screen as supervisors regularly access the system remotely. When he later saw an unknown remote user raising the levels of sodium hydroxide in the water, he immediately reduced the levels to their appropriate amount and notified a supervisor.

The initial investigation suggests that the hacker accessed the treatment plant’s computer for three to five minutes.

The investigation continues and includes the FBI, the Secret Service and the Sheriff’s Office’s Digital Forensics Unit. The Sheriff said Monday there were leads but no suspects. He said it was unclear whether the attack came from within the US or externally, and it was unknown why Oldsmar’s system had been targeted.

A spokesperson for TeamViewer told Cities Today: “TeamViewer is aware of reports regarding an unauthorised remote access to the Oldsmar water treatment facility and we are monitoring the situation very closely. We don’t have any indication that our software or platform has been compromised.

“As a global remote connectivity provider, we have leading security measures and state-of-the-art authentication options in place. TeamViewer stands ready to support relevant authorities in their investigation of the technical details such as how the cyber criminals potentially obtained login credentials, which are set and encrypted solely on the device. Generally, TeamViewer condemns any malicious behaviour on its platform.”

When asked about the incident at the daily White House press briefing yesterday, Press Secretary Jen Psaki said: “The FBI and Secret Service, are [undertaking] an investigation.  We’d certainly defer to them on any specific details of their findings of that investigation.”

She added: “The President, the Vice President, and members of our national security team are focused on elevating cybersecurity as a threat. That has only increased over the past several years. That’s why they’ve made it an across-government focus and [President Biden] has elevated positions in the White House and other parts of our government.”

Image Nikirov | Dreamstime.com