US law enforcement agencies are investigating a cyberattack that targeted the water plant of Oldsmar, a small town outside Tampa, Florida. Local officials say the town’s water treatment systems were remotely accessed by an unknown malicious actor on February 5. The individual tried to poison the water supply by increasing the sodium hydroxide content from 100 to 11,100 parts per million.
The attacker infiltrated the plant’s computer systems twice. A plant operator spotted the first attempt around 8 am. A remote user’s presence in the system did not raise any red flags since supervisors often troubleshoot issues remotely.
Around six hours later, the same worker noticed that the systems were accessed once more and the remote user was increasing the sodium hydroxide to hazardous levels.
The chemical, also known as lye or caustic soda, is a common ingredient in household cleaners and soaps. When ingested in high amounts, it causes immediate and often fatal corrosion of the digestive system.
Luckily, the employee was able to reduce the levels to normal immediately.
In a press conference on Monday, Pinellas County Sheriff Bob Gualtieri said the water supply was not affected in the end.
“At no time was there a significant adverse effect on the water being treated,”the sheriff said. “Importantly, the public was never in danger.”
Further in the press conference, Mayor Eric Seidel highlights that residents were not in immediate danger since it would have taken the chemicals more than a day to enter the town’s water supply.
“The protocols that we have in place, monitoring protocols, they work — that’s the good news,” the mayor said. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level. The important thing is to put everyone on notice. There’s a bad actor out there.”
Local police and FBI are investigating the attack.