Hacking

Hackers attempted to poison the water supply of a US city

Pinellas Sheriff revealed that attackers tried to raise levels of sodium hydroxide, by a factor of more than 100, in the Oldsmar’s water supply.

The scenario described by Pinellas Sheriff Bob Gualtieri is disconcerting, an attacker attempted to raise levels of sodium hydroxide, also known as lye, by a factor of more than 100, in Oldsmar’s water supply.

The ingestion of water with high level of sodium hydroxide can be fatal.

The incident took place on Friday and local authorities, along with the FBI and the Secret Service, are still investigating the hack. The attackers gained access to the city’s water treatment system and altered the amount of sodium hydroxide, also known as lye.

The city’s water supply was not affected because a remote supervisor noticed the anomalous change in the concentration of the chemical substance and reverted it. Gualtieri pointed out that the water supply chain is also protected by other safeguards that prevent any manipulation and they’ve disabled the remote-access system used in the attack.

“Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday. The chemical is used in small amounts to control the acidity of water but it’s also a corrosive compound commonly found in household cleaning supplies such as liquid drain cleaners.” reported the Tampa Bay Times.

“The city’s water supply was not affected. A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.”

The Pinellas County Sheriff’s Office is investigating, along with the FBI and the Secret Service, Gualtieri said.

It is not clear why attackers have chosen the City of Oldsmar, but authorities have already alerted other municipalities of the risk of similar attacks on water treatment systems and other critical infrastructure.

An operator at the water facility noticed access to the control systems about 8 a.m. Friday, but it did not throw an alert because the supervisor remotely accessed the system regularly.

But at about 1:30 p.m. something strange has happened, someone accessed the system, took control of the mouse, and used the software that controls water treatment for three to five minutes. The intruder increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

The plant operator noticed the manipulation and reverted it immediately.

“Importantly, the public was never in danger.” sheriff added.

“The protocols that we have in place, monitoring protocols, they work — that’s the good news,” said Oldsmar Mayor Eric Seidel. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.

“The important thing is to put everyone on notice,” he said. “There’s a bad actor out there.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, water supply)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply…

15 hours ago

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report…

23 hours ago

City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services.…

1 day ago

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Ukraine’s security service (SBU) detained two individuals accused of supporting Russian intelligence in spreading propaganda…

1 day ago

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively…

2 days ago

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution…

2 days ago

This website uses cookies.