A hacker obtained access to the water treatment system for the city of Oldsmar, Florida, and tried to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.
Sodium hydroxide is used by water treatment facilities in lower levels to adjust acidity (pH) and remove heavy metals. But it can be very dangerous if taken in high concentrations.
The attack on the computer system at Oldsmar water treatment system occurred on Friday through a remote desktop software that permitted authorized users to troubleshoot system problems remotely.
The hackers remotely gained access to the computer of an employee at the facility through TeamViewer to gain control of other systems.
A plant operator said that they noticed someone took control of the mouse and tried to make changes in the software that controls the functions for the city’s water treatment.
The intruder spent around three to five minutes inside the system and changed the sodium hydroxide level from 100 parts per million to 11,100 parts per million.
However, the change was immediately reverted by the operator and avoided the big risk. The plant operator then cut off remote access to the system.
Eric Seidel, the mayor of the city, said that Oldsmar water treatment system is set up with redundancies that would have sounded an alarm if the water’s chemical levels reached dangerous levels.
More details about the threat actor are not known and so there hasn’t been any arrest related to the incident. The Pinellas County Sheriff’s Office, the FBI, and the Secret Service are currently investigating the incident.
This is the second incident of this kind where a hacker has accessed a water treatment facility and modified chemical levels, but the attack was not successful.