On 5 February 2021, the computer systems of a water treatment facility in Oldsmar, Florida, were remotely attacked by cyber-criminals as they attempted to poison the water supply.
The attackers – who reportedly infiltrated the systems via TeamViewer – were trying to increase the Sodium Hydroxide (NaOH) levels of the water to make it lethal if consumed – fortunately, the attack was foiled by a systems operator.
The attacker’s first attempt occurred at 8am but didn’t attract any unusual attention from the systems operators. It was on the second attempt however – which took place at 1:30pm the same day – that operators were alerted to a serious scale breach and could watch the attempted attack in real-time to stop it.
Chris Risley, CEO at Bastille – a global provider of enterprise threat detection – remarked: “The water treatment system hack is troublesome because this underscores how vulnerable cities are to critical infrastructure intrusion.
“There’s widespread recognition of the need to eliminate potential intrusions and attacks, but limited adoption and enforcement of security policies to combat bad actors.
“The water supply poisoning attempt was scary, but not surprising. They may eventually catch the culprit because the attack came in over the Internet and Internet addresses can sometimes be traced back to the perpetrator.”