There’s no limit to what hackers can try to achieve in today’s day and age. Unfortunately, there are no ethical or moral bounds to their actions either. A recent attack on a water treatment facility in Oldsmar, Florida is a testament to the horrifying realities of cybercrime.
The IT system of the water treatment plant in Oldsmar was breached and remotely accessed by a threat actor. The hacker then continued to surge the levels of sodium hydroxide of the water reserves with the intention to poison the entire supply, a truly malicious motive. The outcome of this attack could have been disastrous but was prevented from happening as the damage was quickly detected and fixed.
On February 5th, at around 8:00 am, an operator at the facility detected the spike in the sodium hydroxide, or lye, levels in the water. According to Bob Gualtieri, the Pinellas County Sheriff, the computer system that monitors and controls the chemical levels in the water was hacked and remotely controlled to alter the water’s chemical composition.
Since the operator’s supervisors regularly checked on the chemical levels with remote access, the operator did not pay heed to the fault at first. However, he was alarmed to see that the mouse on the computer was also being remotely controlled to alter the water treatment by interacting with the various systems accessible from the computer system. This phenomenon helped the worker in identifying the problem at hand.
The Deadly Aspects of Cybercrime
According to Gualtieri, the level of sodium hydroxide, which is originally used to balance the acidity of water and remove the metals from the supply, was increased to 11,100 ppm ( parts per million) from 100 ppm, a dangerous and hazardous tweak.
The operator at the scene quickly changed the level of the chemical back to normal and informed their supervisors about the attack. This particular case was even taken by the FBI and the United States Secret Service after they were notified about the seriousness of the attack. According to Gualtieri, the authorities and his team investigated the attack over the following weekend in an effort to trace the attack back to the culprit.
According to reports, the attack was launched just two days prior to the NFL Super Bowl LV that was being held near Tampa Bay. Despite accumulating some decent leads, the identity and whereabouts of the hackers remain unknown and the motive behind this outrageous cyberattack is still a mystery.
Taking Cybercrime Seriously
Cybersecurity no longer applies only to the theft of data, money, or information, but it has also brought the possible dangers to critical infrastructure to the forefront of discussions regarding cyberwarfare. When critical infrastructure such as electricity, water, and healthcare are compromised, it becomes an issue of public interest and safety.
Therefore, the security experts suggest that improvements and fixes in security architecture behind critical infrastructure should be prioritized in order to prevent such attacks from happening again.