Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Hunt for hackers who seized Florida city’s water supply in online attack to poison it

Breach led to a 'significant and potentially dangerous' increase of sodium hydroxide, the main ingredient in drain cleaners

Justin Vallejo
New York
Monday 08 February 2021 17:54 EST
Comments
Hacker attempted to poison Florida city’s water supply, police say.mp4

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A hacker has attempted to poison a city in Florida's water supply, police said on Monday.

According to authorities, a hacker gained access to the panel that remotely controls the water treatment system in the City of Oldsmar and attempted to increase the chemicals in the water to a dangerous level.

"The hacker changed the sodium hydroxide from about one hundred parts per million to 11,100 parts per million," Pinellas County Sheriff Bob Gualtieri said at a press conference, explaining that the chemical increase would have meant the level of sodium hydroxide in the water reached a level that would be dangerous for human consumption.

Asked if the hack was an attempted bioterror attack on the country’s critical infrastructure, Mr Gualtieri said those responsible would have needed “sophisticated” tools to breach the system.

"What it is is someone hacked into the system not just once but twice ... opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance. So, you label it however you want, those are the facts."

Mr Gualiteri said it was a significant and potentially dangerous increase of sodium hydroxide, the main ingredient in drain cleaners.

The chemical is also used to control acidity and remove metals from drinking water. Oldsmar has its own well fields that require a plant for treatment of water before it is suitable for public consumption.

Police said the hack occurred on Friday, 5 February at about 8 am when a hacker remotely accessed a computer system that controls the chemicals and other operations at the facility.

“The remote access … was brief and the operator didn’t think much of it because his supervisor and others would remotely access his computer screen to monitor the system at various times,” Mr Gualtieri said.

The hacker accessed the system again at 1.30 pm for about three to five minutes, during which they changed the chemical levels in the water treatment plant to 11,100 parts per million.

After the hacker exited the system, the operator immediately returned the chemical back to the regular levels.

“Because the operator noticed the increase and lowered it right away, at no time was there a significant adverse effect on the water being treated. Importantly, the public was not in danger,” Mr Gualtieri said.

Even if the increase had not been immediately reversed, authorities said it would have taken up to 36 hours for it to hit the water supply system, while also being checked and stopped before being released for consumption.

Steps were taken to block remote access, while a criminal investigation was launched in conjunction with the Federal Bureau of Investigations and the Secret Service.

Police have not identified any suspects or determined if the breach came from within the United States or another country.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in