An unknown hacker gets access to the computer system for the water treatment plant in the city of Oldsmar, Florida, and raised the chemical parameters to dangerous levels.
City officials revealed the attack news today in a press conference.
This incident of invasion occurred on Friday, February 5, at the time when a hacker accessed a computer system. This computer system was meant for the remote control of water treatment plant and related operations.
Firstly, the hacker accessed this system early in the morning at about 8 am. Then again, in the afternoon, it accessed for one more time at 1:30 pm. This time intrusion was longer.
The second intrusion was made for almost five minutes. This time, it was detected by an operator while he was monitoring the system. He saw the moving cursor on the screen and the hacker access the software which is responsible for water treatment.
HACKER MODIFIED LYE LEVELS
“Sodium hydroxide (NaOH), also known as lye, is the main component in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water in the water treatment plant,” Oldsmar Sheriff Bob Gualtieri told.
“The hacker manipulated the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase,” he added.
According to the Oldsmar city staff, No tainted water was delivered to residents as the attack was caught in time before any lye levels could be distributed.
It was reported by Sheriff Gualtieri that the hacker disconnected as soon as they manipulated the lye levels, and a plant operator set the chemical level back to normal immediately.
Officials didn’t allocate the attack to any specific hacker group or entity. The timing of the attack is also helping as the city of Oldsmar is located near the Tampa urban center, which hosted the Super Bowl LV game on Sunday.
NOT THE FIRST TIME
It happened for the second time that a hacker accessed a water treatment plant and significantly changed the chemical levels.
Years back, in 2015-2016, a similar incident was reported at a random water treatment plant. However, investigators reported that intruders, at that time were unaware of their actions, so they made random changes. Thus, investigators regarded the attack as an accident, instead of an intended attack.
A series of attacks occurred earlier this year, however, no significant consequences were recorded. Israeli administration, in the spring and summer of 2020 revealed attacks on local water treatment plants, water pumps, and agricultural irrigation systems.
Tel Aviv officials, blaming intrusion on the Iranian government, said that hackers intended to have access to the management panels of various types of advanced water management systems and wanted local organizations to make changes to the passwords.
As per officials and local media reports, none of the attacks could be successful.