Computer intruder tried to poison drinking water for a small Florida city

Bill Mount

Someone broke into the computer system of a water treatment plant in Florida and tried to poison drinking water for a municipality’s more than 13,000 residents, officials said on Monday. The intrusion occurred on Friday evening, when an unknown person remotely accessed the computer interface used to adjust the chemicals […]

Someone broke into the computer system of a water treatment plant in Florida and tried to poison drinking water for a municipality’s more than 13,000 residents, officials said on Monday.

The intrusion occurred on Friday evening, when an unknown person remotely accessed the computer interface used to adjust the chemicals that treat drinking water for Oldsmar, a small city that’s about 16 miles northwest of Tampa. The intruder changed the level of sodium hydroxide to 11,100 parts per million, a significant increase from the normal amount of 100 ppm, Pinellas County Sheriff Bob Gualtieri said in a Monday morning press conference.

Better known as lye, sodium hydroxide is used in small amounts to treat the acidity of water and to remove metals. It’s also the active ingredient in liquid drain cleaners. It higher levels, it’s toxic. Had the change not been reversed almost immediately, it would have raised the amount of chemical to toxic levels.

“This is obviously a significant and potentially dangerous increase,” Gualtieri told reporters.

So far, authorities have made no arrests but they are chasing down several leads. Gualtieri said it’s not clear if the intrusion came from inside or outside the US. Both the FBI and Secret Service are also investigating.

The first signs that anything was amiss occurred on Friday morning, when a plant operator noticed someone had remotely accessed a system that controls chemicals and other aspects of the water treatment process. Gualtieri said the operator didn’t think much of the incident since his supervisor and co-workers regularly logged into the remote system to monitor operations.

Then, around 1:30 that same day, the operator watched as someone remotely accessed the system again. The operator could see the mouse on his screen being moved to open various functions that controlled the treatment process. The unknown person then opened the function that controls the input of sodium hydroxide and increased it by 111-fold. The intrusion lasted from three to five minutes.

The operator immediately changed the setting back to the normal 100 ppm, the sheriff said. Even if the malicious change hadn’t been reversed, he said the other routine procedures in the plant would have caught the dangerous level before the water became available to residents. It takes 24 to 36 hours for treated water to hit the supply system. No poisonous water was ever released.

This is a developing story that will be updated throughout the day.

Next Post

Apple’s App Store is hosting multimillion-dollar scams, says this iOS developer

Mobile app developer Kosta Eleftheriou has a new calling that goes beyond software development: taking on what he sees as a rampant scam problem ruining the integrity of Apple’s App Store. Eleftheriou, who created the successful Apple Watch keyboard app FlickType, has for the last two weeks been publicly criticizing […]