+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A hacker tried to poison the water supply in a Florida community that serves 15,000 people, officials said

Feb 9, 2021, 05:16 IST
Business Insider
The water treatment plant pictured here is not the location of the facility mentioned in this story.AP Photo/Rich Pedroncelli
  • A Florida town of 15,000 people was the target of a cyberattack at the local water treatment plant.
  • The hacker tried to raise the amount of sodium hydroxide, also known as lye, in the water by 11,000%.
  • A plant operator noticed the breach and quickly reversed it; now an investigation is underway.
Advertisement

The FBI, US Secret Service, and local authorities are investigating the source of a cyberattack that targeted the water supply in a Florida town about 17 miles northwest of Tampa, the Pinellas County Sheriff Bob Gualtieri said.

The water treatment system in Oldsmar, a town of just 15,000, was remotely accessed by an unknown individual on February 5. According to Gualtieri, the hacker attempted to change the sodium hydroxide content in the system from 100 to 11,100 parts per million - a 11,000% increase.

"This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners," Gualtieri said.

Water treatment facilities use sodium hydroxide to counteract highly-acidic water levels that usually come from regions with high amounts of limestone. The chemical is safe in small, controlled amounts but can result in rashes and burns if highly concentrated amounts make contact with the skin.

Gualtieri said an operator at the Oldsmar facility recognized the security breach early in the morning when they noticed a remote user was accessing a part of the water treatment system. This was not entirely surprising as supervisors are known to troubleshoot problems from remote locations, authorities said.

Advertisement

But around 1:30 p.m., the operator noticed that the system was once again being accessed remotely - this time, the employee said they watched the unknown remote user open the water treatment software and increase the sodium hydroxide levels in the system.

The employee who witnessed the change immediately reverted the levels back to normal before any damage could be done.

"At no time was there a significant adverse effect on the water being treated," Gualtieri said. "Importantly, the public was never in danger."

Gualtieri said that if the attack had not been noticed, it would have taken 24 to 36 hours for the hacker's changes to fully take effect, but the sheriff, mayor, and city manager each made a point to say there are protocols in place that would have prevented a catastrophe.

"Even had they not caught them, those redundancies have alarms in the systems that would have caught the change in the pH level anyway," said Oldsmar Mayor Eric Seidel.

Advertisement

As of Monday, investigators were not yet able to identify the hacker and do not know if the attack originated in the US.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article