It's bad enough that hackers are running rampant these days committing fraud, stealing millions, and exposing data, but now they are also trying to poison people.
On Monday, CBS News reported that hackers had breached the town water treatment plant in Pinellas County, (Oldsmar) Florida. As the treatment plan operator watched, someone remotely took control of the mouse and increased the amount of lye (sodium hydroxide) from 100 parts per million to 11,100 parts per million (dangerously high level).
Pinellas County Sheriff Bob Gualtieri was quoted as saying;
"This is obviously a significant and potentially dangerous increase, sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners."
According to the Centers for Disease Control (CDC), when lye is ingested in these quantities, it would have caused vomiting, chest and abdominal pain.
Thankfully, the water treatment plant operator was able to resume control and put the levels back to a safe amount. The treatment plan regularly adds lye to the water to reduce its acidity.
Data Breach Today reported that "'That remote access was brief, and the operator didn't think much of it because his supervisor and others will remotely access his computer screen to monitor the system at various times,' Gualtieri says."
Later that day, around 1:30 p.m., the threat actor returned and boosted the system's level of lye from 100 parts per million to 11,100 parts per million. The hacker was only in the system for 3-5 minutes tops but enough time to potentially cause some serious damage. If it had not been caught immediately, the incident could have resulted in disaster.
How it Happened
So far, city officials have discovered hackers used TeamViewer (remote access software) to breach the county water treatment plant's computers.
According to Data Breach Today, "'Importantly, the public was never in danger,' says Pinellas County Sheriff Bob Gualtieri during a Monday press conference. Oldsmar, Florida, which is about 17 miles northwest of Tampa, has a population of about 15,000 people."
What is TeamViewer
TeamViewer is a tool used by IT professionals and tech support operatives. It allows someone remote access and, depending on configuration settings, complete control of a remote server or computer. In the right hands, it is a fantastic tool to use to help someone in need of support. However, when abused by hackers, it hands over the keys and opens up a myriad of safety issues.
It is unclear how the water treatment plant used TeamViewer or in what capacity. No one has yet commented on how they had it configured and what security settings were used.
Most government agencies have spent the last few years security their systems to keep intruders out. Therefore, it is alarming that someone could so easily breach a water treatment plant and potentially poison thousands of people.
Depending on the level of security when accessing the water treatment plant's system, experts theorize that to do so, a threat actor would need an authorized account or use something like a brute-force attack. Many of these modern systems require two-factor or multi-factor authentication. How was that bypassed?
According to threat researchers, TeamViewer has been adequately fortified within the last five years to eliminate the possibility of computer takeovers. It is important to learn what went wrong here so that a patch can be delivered, or systems altered to repair the vulnerability.
How Did Oldsmar Respond?
According to Pinellas County Sheriff Bob Gualtieri, the entire incident was contained quickly, and county officials are working with both the U.S. Secret Service and the FBI to investigate the matter further and find the culprit(s) responsible.