A hacker tried to poison a Florida city's water supply

midian182

midian182

Posts: 9,730   +121
Staff member
WTF?! Most hacks have an end goal of financial gain, causing disruption or stealing data, but an incident at a Florida city had a more sinister aim: poisoning the water supply. Local and federal law enforcement are now investigating the failed hack, which saw the perpetrator or perpetrators gain remote access to the local water treatment plant.

According to Reuters, someone gained remote access to TeamViewer on an employee’s computer at the facility in Oldsmar, Florida, located about 25 minutes north of Tampa, on Friday. The worker saw a popup window informing them of the intrusion before the mouse pointer started moving around the screen and opening systems.

The hackers accessed software used to control the amount of sodium hydroxide, also known as lye, that’s added to the city’s water. The chemical is used to manage the acidity of the water, and anything other than trace amounts can be extremely corrosive and damaging to human tissue—it’s commonly found in drain and oven cleaners.

The person or persons behind the attack briefly increased the sodium hydroxide concentration from 100 parts per million to 11,100 parts per million.

The Tampa Bay Times reports that a supervisor who was working remotely at the time saw the change and reversed it. The city’s Mayor, Eric Seidel, assured residents that the plant has several safeguards that would have prevented a dangerous amount of lye from being added to the water. Officials say that even if the hacker had been successful, it would have taken more than a day before the water entered the city’s supply.

The Pinellas County Sheriff’s Office, the FBI, and the Secret Service are investigating the incident. It’s unclear who was behind the attack and where it originated.

Image credit: Salvador Aznar

Permalink to story.

https://www.techspot.com/news/88570-hacker-tried-poison-florida-city-water-supply.html

 
It's more logical to write "organic tissue" not "human tissue". Dog drinking contaminated water would die just the same as human with the difference that nobody would care.

Anyway find him/her and fill that scum with sodium hydroxide until he/her pops. That's the best kind of solution instead of wasting tax dollars to prosecute.
 
  • Like
Reactions: krisstarr and Mister_K
Once again, a crime like this which has the potential to injure or kill innocent civilians deserves nothing less than life in prison or the death penalty. The person doing this cannot claim they didn't know what they were doing or that that they didn't know it would harm anyone. Doing this to a few of the criminals and making the sentencing VERY public won't stop them all, but it will make more than a few reconsider their actions.

AND quite frankly, NO public utility should ever be directly connected on the internet!
 
  • Like
Reactions: 0dium, Danny101, bviktor and 2 others
Uncle Al said:
Once again, a crime like this which has the potential to injure or kill innocent civilians deserves nothing less than life in prison or the death penalty. The person doing this cannot claim they didn't know what they were doing or that that they didn't know it would harm anyone. Doing this to a few of the criminals and making the sentencing VERY public won't stop them all, but it will make more than a few reconsider their actions.

AND quite frankly, NO public utility should ever be directly connected on the internet!
Click to expand...

This sounds more like a kid thinking 'hey look what I can do' as they made a HUGE change in the numbers, someone trying to see if they could do it might make a small change in preparation for a multi-pronged attack to distract the people watching things so they don't notice until it's too late when they make the huge change.
 
  • Like
Reactions: Chemicalfaerie
Way to go, soo this water treatment plant couldn't even be bothered to require 2FA authentication for their teamviewer login?

I'm willing to bet they are even using the free version of TV illegally and installed it without IT's consent.

Also the "hacker" wouldn't be that hard to find, I'm sure teamviewer has records on that kinda thing.
 
lipe123 said:
Way to go, soo this water treatment plant couldn't even be bothered to require 2FA authentication for their teamviewer login?

I'm willing to bet they are even using the free version of TV illegally and installed it without IT's consent.

Also the "hacker" wouldn't be that hard to find, I'm sure teamviewer has records on that kinda thing.
Click to expand...

If you're using a direct IP connection then that bypasses TV's servers so no logging there, though hopefully the PC app logs all IP connections so the trace should be a little easier, assuming the attacker wasn't using VPN(s).
 
The hacker leaned it from Batman Begins...! The Hollywood movie theme consequences hard at work...!
 
Reminds me of Die Hard 4: Live Free or Die Hard. That movie's core plot line is frighteningly close to real life.
 
trparky said:
Reminds me of Die Hard 4: Live Free or Die Hard. That movie's core plot line is frighteningly close to real life.
Click to expand...

I actually really enjoy that movie, in fact I actually watched it yesterday for probably the dozenth time. Sure, it's rather stupid towards the end with the jet fighter, but who doesn't like a bit of unrealistic action scenes in their movies from time to time?
 
Neatfeatguy said:
I actually really enjoy that movie, in fact I actually watched it yesterday for probably the dozenth time. Sure, it's rather stupid towards the end with the jet fighter, but who doesn't like a bit of unrealistic action scenes in their movies from time to time?
Click to expand...
It's an action flick, so yes. However, like I said before, the core plot line is very much nightmare fuel for today's highly connected world. I remember watching it for the first time and the first thought that came to my mind was... that could actually happen.
 
I work in water treatment and for them to increase the dose from 100ppm to 11,100ppm the dosing pump would have to normally run at <1% speed which wouldn't be the case. Generally you want a pump running at 30 - 70% capacity but they could definitely have increased the pH to well above safe levels.

Goes to show security definitely needs fixing. Very few of our control systems can be accessed remotely and have safeguards in place.
 
stewi0001 said:
I'm still not a fan of having important systems connected to the internet.
Click to expand...
You can have them connected to the internet but they need to be at least secured with certificates, VPNs and 2FA as protections against unauthorized intrusions. Where I work even if you have one our login credentials you still can't access data/systems without additional authentication. Most of the state and local systems are not properly hardened after repeated warnings.
 
I'd like to hear if they ever get anywhere with this. If they are even able to find the source of origin of the hacker, etc.. even if they do it seems like they won't be able to do anything about it anyways, as it will most likely originate out of the country. I know its a big difference between this and scam callers, but nothing makes me think they can will do more about it. I'd like to be proven wrong.
 
DrSuess said:
You can have them connected to the internet but they need to be at least secured with certificates, VPNs and 2FA as protections against unauthorized intrusions. Where I work even if you have one our login credentials you still can't access data/systems without additional authentication. Most of the state and local systems are not properly hardened after repeated warnings.
Click to expand...
I get that and I admit that network engineering isn't my strong suit. However, I also believe the saying, "If there is a will, there is a way." If it is connected to the internet in anyway then that means they do not have to be there in person to tamper with it.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Debris from the International Space Station confirmed to have hit a Florida home
Replies
15
Views
2K
Endymio
Endymio
Daniel Sims
Scientists find water on an asteroid's surface for the first time
Replies
1
Views
149
ScottSoapbox
S
midian182
Russia-backed hacking group suspected of attack on US water system
Replies
11
Views
107
PurpaFur
PurpaFur

Latest posts

Back