A hacker who tried to poison the water supply of a small town in Florida managed to break into the plant’s computer system because the facility was using an outdated version of Windows and had a network weak cybersecurity, according to the FBI.
Authorities are still looking for the suspect who violated the system at the Bruce T. Haddock water treatment plant in Oldsmar on February 4 using a remote access program shared by workers at the ‘factory.
In the aftermath of the attack, the Cyber Division of the FBI this week sent a note to law enforcement and businesses warning them of potential computer vulnerabilities.
Federal investigators noted that the Oldsmar plant was still running Windows 7 – a computer system Microsoft has not updated in a year.
“Cyber actors likely accessed the system by exploiting weaknesses in cybersecurity, including poor password security and an outdated Windows 7 operating system to compromise the software used to remotely manage water treatment,” note the FBI, obtained by ABC News, noted.
Authorities are still looking for the suspect who violated the system at the Bruce T. Haddock water treatment plant in Oldsmar (above) on February 4 using a shared remote access program by factory workers.
“The actor also likely used TeamViewer desktop sharing software to gain unauthorized access to the system.”
The FBI advised that computer systems should be upgraded or risk having vulnerabilities that hackers could exploit.
The hack into the Oldsmar factory, located about 15 miles from Tampa, happened just two days before the Super Bowl was staged in the city.
This raised the alarm bells about the vulnerability of the country’s water supply systems to more sophisticated intruder attacks, given that treatment plants are typically cash-strapped and lack the cybersecurity depth of the market. power grid and nuclear power plants.
During the Oldsmar attack, the hacker used a remote access program shared by factory workers to briefly increase the amount of sodium hydroxide by a factor of one hundred.
The chemical, which is often found in grain cleaning products, is used to reduce acidity, but at high concentrations it is very caustic and can burn.
A factory worker first noticed unusual activity around 8 a.m. on Friday when someone briefly accessed the system – named TeamViewer – but didn’t think about it because coworkers regularly accessed the system remotely, according to Pinellas County Sheriff Bob Gualtieri.
Federal investigators noted that the Oldsmar plant was still running Windows 7 – a computer system Microsoft has not updated in a year
The hack into the Oldsmar plant, located about 15 miles from Tampa, sounded the alarm on the vulnerability of the country’s water supply systems to more sophisticated intruder attacks.
But around 1:30 p.m., someone accessed it again, took control of the mouse, pointed it to the software that controls the water treatment, and increased the amount of sodium hydroxide.
The sheriff said the intruder was active for three to five minutes. When they left, the plant operator immediately restored the correct chemical mixture.
“The guy was sitting there watching the computer like he’s supposed to and all of a sudden he sees a window pop up saying the computer has been accessed,” Gualtieri said.
“The next thing you know is to drag the mouse, click and open programs, and manipulate the system.”
Other safeguards in place – including manual monitoring – would likely have detected the change within the 24 to 36 hours it took before it reached the water supply, the sheriff said.
Oldsmar officials have since disabled the remote access system and said other protective measures were in place to prevent the increased chemical from entering the water.
Gualtieri insists the public has never been in danger, but admitted the intruder had brought “sodium hydroxide to dangerous levels”.
Pinellas County Sheriff Bob Gualtieri (right) and Mayor Eric Seidel (left) announced the news of the hack on Monday. Gualtieri insists the public was never in danger, but admitted the intruder brought “sodium hydroxide to dangerous levels”
He said the water went into reservoirs before reaching customers and “would have been captured by secondary chemical control.”
He was unsure whether the hacker was domestic or foreign – and said no one linked to a factory worker was suspected. He said the FBI and the Secret Service were helping with the investigation.
How the hacker entered remains unclear, he said, although it is possible the hacker may have created administrator credentials.
Experts say municipal water and other systems have the potential to be easy targets for hackers, as local governments’ IT infrastructure tends to be underfunded.
Jake Williams, CEO of cybersecurity firm Rendition Infosec, said engineers have been creating safeguards “since before remote control via cyber was a thing,” making it highly unlikely that the breach could have led to “a waterfall of chess” altering the water of Oldsmar.
There has been a slight increase in attempts to hack water treatment plants over the past year, cybersecurity firm FireEye said, but most were by novices, many tripping over systems using a computer. sort of search engine for industrial control systems called Shodan.
The serious threat comes from nation-state hackers like Russian agents accused of the months-long SolarWinds campaign that plagued U.S. agencies and the private sector for at least eight months and was discovered in December.
While U.S. officials have called SolarWinds a serious threat, they also call it cyber espionage, rather than an attempt to do damage.