No, you didn’t read that wrong. A hacker literally poisoned the water at a treatment facility in Florida. Luckily, employees became aware of the situation before it reached the drinking supply.
But this nightmare scenario makes it abundantly clear that it’s of the utmost importance that we continue to make heavy investments in cybersecurity.
Hacker Tries to Poison Drinking Water in Small Florida Town
Remember the name, “Oldsmar, Florida.” You probably won’t. But if hackers had been able to carry out their plans, it would likely be a name you would never forget.
That’s because the 15,000 residents of this town were nearly poisoned by a cybercriminal who hacked into their water treatment facility.
Sheriff Bob Gualtieri of Pinellas County said that the main ingredient in drain cleaner, sodium hydroxide, was increased 100-fold from 100 parts per million to 11,100. Those high levels could’ve made victims severely ill or worse.
Gualtieri called this “dangerous stuff.”
It’s a bad act. It’s a bad actor. It’s not just a little chlorine, or a little fluoride — you’re basically talking about lye.
Florida Senator Marco Rubio said this event should be treated as a “matter of national security.”
And he’s absolutely right. As Joe Biden pushes for more funding into national cybersecurity, events like this prove why it’s so important.
How Did This Happen?
Last Friday, an employee noticed that someone was controlling his computer. Apparently, the water treatment facility operates with software that allows supervisors to access computers remotely. But it hadn’t in some time.
According to CNN, the hacked software TeamViewer had been dormant for about six months, even though it was still on the system.
After about five and a half hours, however, the employee realized that the foreign actor was accessing different programs and changing the levels of lye.
Because of that employee’s awareness, the drinking supply in Oldsmar was not compromised by the time it reached residents.
Robert M. Lee, the CEO of the cybersecurity company Dragos Inc., told CNN that “it’s exactly what folks worry about.”
It’s Not the First Time
If 2020 was one of the most significant years ever for cybercriminals, 2021 is off to a hot start. After the massive attacks on FireEye and SolarWinds (collectively known as the Sunburst hack) last year, Joe Biden and his new regime have pushed for more cybersecurity funding.
And they absolutely should.
While the Sunburst attack was devastating and the fallout is still being assessed, it was not an outright attack on U.S. infrastructure.
The same can’t be said about the water treatment hack.
Check out this video on the SolarWinds attack:
It put American lives in danger. And it’s not the first time an attack like this has happened.
Last year, Israeli officials said hackers associated with Iran’s Islamic Revolutionary Guard Corps tried to hack the country’s water supply. They failed, and Israel responded with a cyber attack on an Iranian port.
In 2007, the U.S. and Israel collaborated to hack into an Iranian nuclear facility and shut down nearly 1,000 centrifuges.
But whether it’s nuclear facilities, water treatment plants, power plants, or even something like a traffic management facility, vital infrastructure has become more dependent on the internet.
And that makes every one of us more and more vulnerable.
While you might not be able to stop these high-level hackers from attacking these facilities, you can still do your part by protecting yourself from hackers.
And if you think a cybercriminal has attacked you, reach out to us immediately.
Featured image by rhendrix via Shutterstock.com