Hacker successfully infiltrated the computer system that controls the installation επεξεργασίας νερού στην πολιτεία της Φλόριντα των ΗΠΑ και άλλαξε από απόσταση μια ρύθμιση που τροποποιούσε δραστικά τα επίπεδα υδροξειδίου του νατρίου (NaOH) στο water.
During press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an employee at a water treatment plant in Oldsmar, Florida, noticed his mouse cursor moving strangely on his computer screen.
At first, he wasn't worried. The city's water treatment plant of 15.000 people used TeamViewer remote access software to allow staff to share screens for control and to deal with issues computers. And his supervisor is often connected to the computer to monitor the facility's systems.
However, a few hours later, the shift operator noticed that his mouse was moving again. But this time there was no illusion of benign surveillance by a supervisor or an IT person. The cursor started clicking on the water treatment plant controls.
Within seconds, the intruder was trying to change the sodium hydroxide (also known as caustic soda) levels in the water supply, moving the setting from 100 parts per million to 11.100 parts per million. At low concentrations, the corrosive chemical regulates the pH level of drinking water. At high levels, it seriously damages any human tissue wherever it touches it.
Immediately the employee managed to take control of the mouse and restore concentration levels before the damage spread. According to the sheriff, the instant regulation did not have a significant effect on the water, and the population was never in danger.
The water treatment plant appears to have been breached for about 3 to 5 minutes by unknown suspects on February 5, with remote access taking place twice, at 8:00 a.m. and 1:30 p.m. It is not known if the violation took place in the US or abroad. Police said an investigation was under way into the incident.
Although early intervention prevented more serious consequences, the sabotage attempt highlights it report of critical infrastructure facilities and industrial control systems in cyberattacks.
The fact that the attacker used TeamViewer to take over the system underscores the need for secure access with multi-factor authentication.
Remote access requirements must be minimized. And if they are really needed then they should be done with predefined and strict data, such as from specific IP addresses, with secure access systems (and not through TeamViewer) and with authentication multiple factorsn.