An attacker hacked into a Florida city’s water treatment plan and attempted to leverage that access to poison the municipality’s water supply. 

According to WTSP-TV, an operator at the water treatment plan in the 15,000-person City of Oldsmar, Florida noticed someone controlling his mouse cursor on February 5 at around 08:00. 

The operator didn’t think much of it initially. Supervisors had used remote access software on the computer he was monitoring to troubleshoot issues in the past. 

What got the operator’s attention was when the cursor moved again and changed the setting of sodium hydroxide within the water from 100 parts per million (ppm) to 11,100 ppm. 

The University of Florida Academic Health Center noted that sodium hydroxide (lye) poisoning can result in loss of vision, severe abdominal pain and shock, among other symptoms. 

Upon seeing the change, the operator adjusted the sodium hydroxide levels back to 100 ppm.  

Local officials clarified that there were additional safety measures in place that would have also prevented the change. 

Tim Erlin, VP of product management and strategy at Tripwire, explained that the attack was therefore limited from its inception. 

While this incident will rightfully cause concern, it appears that the likelihood of real damage was minimal due to the fail safes in place. There are real impacts to be worried about, and actions to be taken, but this doesn’t appear to be a sophisticated or novel attack.  

According to The Washington Post, Pinellas County Sheriff Bob Gualtieri said that the attackers appeared to have compromised and then misused the water treatment plant’s TeamViewer software. But he stopped short of saying how the malicious actors had compromised that software, how they had gained access to the plant’s IT network and how they had ultimately pivoted to the plant’s operational technology (OT). 

WTSP-TV wrote that the water treatment plant had decided to temporarily disable TeamViewer while it worked on (Read more...)