Water treatment plants constantly monitor and adjust the chemical makeup of the water many people use every day in an attempt to make it clean and safe. Last Friday however, hackers accessed a computer in a water processing plant in Oldsmar, Florida’s and made a dangerous change to the water’s chemical composition. The plant reportedly caught and fixed the issue quickly, but it’s a worrisome event.
According to the Oldsmar police, the intrusion took place on Friday, February 5th, and hackers were able to gain remote access to a computer in the plant at least twice. It was during the second instance, however, that the hacker actually made changes to the plant’s operations. Authorities estimate the hacker had access for three to five minutes, and during that time, they adjusted the level of sodium hydroxide in the water from a normal 100 parts per million all the way up to 11,100 parts per million.
It was likely a quick change to make. Simply adding those two additional numbers at the beginning of the value likely only took a fraction of a second, but it represents a dangerous change to the water at the treatment facility. Sodium hydroxide—often referred to as lye—is colorless and odorless, which makes it harder to detect for the average person than something like chlorine. It’s not harmful in small amounts, but higher concentrations become dangerous.
According to Noah Technologies, a supplier of chemicals for research purposes, the effects can be quite severe: “This material has a markedly corrosive action upon all body tissue causing burns and frequently deep ulceration, with ultimate scarring. Mists and vapors of this compound cause small burns, and contact with the eyes rapidly causes severe damage to the delicate tissue. Ingestion causes very serious damage to the mucous membranes or other tissues with which contact is made.”
The plant corrected the imbalance right away, according to the authorities. The affected water would have taken between 24 and 36 hours to start reaching the drinking water supply, and there are reportedly other safeguards down the line that likely would have caught the problem before it made its way to the public. The exact nature of those safeguards is secret, however, to prevent bad actors from bypassing them.
According to a statement given to Wired, the hackers busted into the system by compromising software called TeamViewer, which allows remote operators to control connected workstations from afar. This kind of remote access is common in a number of industries from industrial applications to typical offices. The facility has reportedly stopped using the software in question, but hasn’t commented further on other security measures it has taken in light of the breach.[Related: How a foreign country hacks a power grid]
Due to the serious nature of the hack, federal law enforcement is now involved with the case and other agencies with connected infrastructure around the country have been advised to keep a close watch over their systems for attacks like this one.
As more and more processes and facilities gain remote and automated capabilities, this kind of attack becomes more of a concern. Many facilities often cordon off their internal networks from the internet as a whole in order to try and prevent creating points of ingress that hackers can attack. That can limit functions like remote access, which is increasingly common as reduced budgets lead to smaller staffs. Eventually, perhaps an autonomous robot dog that remotely patrols the plant will be there to catch potential threats like this one.