Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Blog News

Hackers try to poison water supply in Florida

Not all hackers are interested in emptying your bank account: some launch attacks on a much larger scale. In Florida, perpetrators tried to poison a water plant supplying 15,000 people. While the attack was detected in its early stages and nobody was hurt, it's not the first time hackers targeted critical infrastructure. So what happened in Florida, and how worried should you be?

Carlos Martinez

Carlos Martinez

Feb 12, 2021 · 3 min read

Hackers try to poison water supply in Florida

What do we know about Florida’s water supply attack?

Unidentified hackers managed to remotely access the computer system of Oldsmar water treatment plant and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. Officials said that such an increase is very dangerous and could have seriously sickened the residents.

The attack was detected by an employee who noticed that somebody was controlling his computer remotely. Luckily, the hack was stopped before any harm was done.

Experts say that hackers accessed a remote water management system by using credentials stolen through phishing or social engineering attacks. In light of the recent hack, the Oldsmar Water Department has stopped using a program called Team Viewer, which allows remote access to its systems.

It’s still unclear who the perpetrator behind the Oldsmar attack was. Investigators speculate that it could be anybody from bored teenagers to state actors. However, this is not the first time hackers targeted critical infrastructure.

Notable cyberattacks on critical infrastructure

  • In 2013, Iranian hackers attacked a small dam only 25 miles away from New York City. They broke into the dam’s command and control system through a cellular modem. In case of a successful attack, hackers could have released the water from the damp. Luckily, they didn’t go that far.
  • In 2015, a cyberattack cut the power for 225,000 people in Western Ukraine for 6 hours. The hack was conducted in the middle of winter, when temperatures in the country are typically below 0 degrees Celsius (32 degrees Fahrenheit). Hackers used spear phishing and social engineering to steal credentials and access the network. Experts suspect that the Russian government was behind the attack, as they were seeking ways to destabilize the country at the time.

  • A year later, hackers struck the Ukraine’s power system again and left a part of its capital, Kyiv, without electricity. An investigation has revealed that perpetrators were hiding in the network for six months before conducting the attack.
  • In 2017, a series of attacks were launched against power plants in the US. While the hacks didn’t cause any damage, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that foreign hackers were stealing user credentials to access their networks.
  • In 2019, the US was accused of launching an attack on Russia’s electric power grid. There is no information about the scale of the hack, though it’s clear that the attack was just a show of power.

Stepping into an age of cyber warfare

Throughout history, wars were fought on physical battlefields, but that's not the case in the 21st century. Cyber espionage became a common practice with state hackers targeting government institutions and companies in foreign countries.

While a data breach might cause sensitive information to be stolen, attacks against power grids or water supplies can do much more damage. If a city is left without electricity, even for an hour, it could have lethal consequences. Every minute matters when a person in critical condition is waiting for an operation at a local hospital.

The recent events of the water treatment plant in Oldsmar illustrate that sometimes we could be in real danger without even knowing it. Infrastructure attacks are no longer an anomaly; this is the new reality we have to face.