Hacker has successfully infiltrated the computer system that controls the water treatment plant in the US state of Florida and remotely changed a regulation that drastically modified the levels of sodium hydroxide (NaOH) in the water.
During press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an employee at a water treatment plant in Oldsmar, Florida, noticed his mouse cursor moving strangely on his computer screen.
At first, he did not worry. The city's 15.000-person water treatment plant used remote software accessς TeamViewer για να επιτρέψει στο προσωπικό να μοιράζεται οθόνες για έλεγχο και για να αντιμετωπίζει themecomputers. And his supervisor is often connected to the computer to monitor the facility's systems.
However, a few hours later, the shift operator noticed that his mouse was moving again. But this time there was no illusion of benign surveillance by a supervisor or an IT person. The cursor started clicking on the water treatment plant controls.
Within seconds, the intruder was trying to change the sodium hydroxide (also known as caustic soda) levels in the water supply, moving the setting from 100 parts per million to 11.100 parts per million. At low concentrations, the corrosive chemical regulates the pH level of drinking water. At high levels, it seriously damages any human tissue wherever it touches it.
Immediately the employee managed to gain control of the mouse and restore concentration levels, before the damage extended. According to the sheriff the temporary regulation did not significantly affect the water, and the public was never in danger.
The water treatment plant appears to have been breached for about 3 to 5 minutes by unknown suspects on February 5, with remote access taking place twice, at 8:00 a.m. and 1:30 p.m. It is not known if the violation took place in the US or abroad. Police said an investigation was under way into the incident.
Although timely intervention prevented more serious consequences, the sabotage attempt underscores the exposure of critical infrastructure and industrial surveillance systems to cyber-attacks.
The fact that the attacker leveraged TeamViewer to take over the system highlights the need for secure, controlled access identity multifactorial.
Remote access requirements must be minimized. And if they are really needed then they should be done with predefined and strict data, such as from specific IP addresses, with secure access systems (and not through TeamViewer) and with authentication multiple factorsn.