Security News > 2021 > February > Hacker Tried Poisoning Water Supply After Breaking Into Florida's Treatment System
Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide in the water.
"At no time was there a significant effect on the water being treated, and more importantly the public was never in danger," Sheriff Gualtieri said in a statement.
The water treatment facility, which is located in the city of Oldsmar and serves about 15,000 residents, is said to have been breached for approximately 3 to 5 minutes by unknown suspects on February 5, with the remote access occurring twice at 8:00 a.m. and 1:30 p.m. The attacker briefly increased the amount of sodium hydroxide from 100 parts-per-million to 11,100 parts-per-million using a system that allows for remote access via TeamViewer, a tool that lets users monitor and troubleshoot any system problems from other locations.
"At 1:30 p.m., a plant operator witnessed a second remote access user opening various functions in the system that control the amount of sodium hydroxide in the water," the officials said.
The fact that the attacker leveraged TeamViewer to take over the system underscores the need for securing access with multi-factor authentication and preventing such systems from being externally accessible.
"Remote access requirements should be determined, including what IP addresses, what communication types, and what processes can be monitored. All others should be disabled by default. Remote access including process control should be limited as much as possible."