The US secret service and other law enforcement agencies are investigating after a hacker reportedly tried to add a dangerous amount of a toxic chemical to Oldsmar water system in Florida.
A plant operator working remotely watched on his computer screen as someone took control of the cursor, directed it to software controlling water treatment, worked inside it for three to five minutes and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million, local police chief Bob Gualtieri was reported as saying by local newspaper Tampa Bay Times
As soon as the attacker left the system the operator changed the concentration back to normal.
The hacker used TeamViewer software, employed for IT remote control, desktop sharing, online meetings, web conferencing and file transfer between computers, according to reports of an interview with Gualtieri.
Gualtieri said: “At no time was there a significant adverse effect on the water being treated. Importantly, the public was never in danger.”
Oldsmar mayor Eric Seidel added: “The important thing is to put everyone on notice. There’s a bad actor out there.”
The city’s authorities have disabled the remote-access system used in the attack.
No arrests have been made, though investigators have some leads, said Gualtieri. It is unknown if the hacker was operating from within or outside the US and why Oldsmar was targeted.
Other area municipalities have been alerted to the attack and encouraged to inspect the safeguards to their water treatment systems and other infrastructure, he added.
Oldsmar city officials emphasised several other safeguards are in place to prevent contaminated water entering the water supply, which was unaffected by the hack.
Sodium hydroxide, known as lye, is used in small amounts to control water’s acidity. It is also a compound found in drain cleaners and other household cleaning products.
The very corrosive chemical can cause irritation to the skin and eyes, a temporary loss of hair and, if swallowed, can cause damage to the mouth, throat and stomach as well as induce vomiting, nausea and diarrhoea.
“Water, electricity, nuclear plants and transport are being probed for weaknesses all the time not just because of the potential for mass disruption but also because they are often running on out-of-date and vulnerable IT systems” said Joe Tidy, cyber reporter for the BBC, in a blog about the incident.