An attacker/hacker successfully managed to invade the computer framework that controls the water treatment service in the U.S. province of Florida and remotely manipulated a setting that radically modified the concentration of sodium hydroxide (NaOH) in the water.
In a press conference that took place yesterday, Pinellas County Sheriff Bob Gualtieri said that an operator figured out how to get the control in real-time and restored the concentration level to fix the harm.
Sheriff Gualtieri said in a proclamation that, “at no time was there a significant effect on the water being treated, and more importantly the public was never in danger.”
The water treatment office, which is situated in the city of Oldsmar and serves around 15,000 residents is said to have been penetrated for roughly 3 to 5 minutes by anonymous suspects on February 5, with the remote access happening twice at 8:00 a.m. furthermore, 1:30 p.m.
The assailant momentarily escalated the concentration of sodium hydroxide from 100 parts-per-million to 11,100 parts-per-million utilizing a framework that supports remote access through TeamViewer which is an instrument that allows clients to screen and investigate any framework issues from different areas.
The officials stated, “At 1:30 p.m., a plant operator witnessed a second remote access user opening various functions in the system that control the amount of sodium hydroxide in the water.”
Sodium hydroxide, otherwise called lye, is a destructive compound utilized in modest quantities to control the acidity of water. In high and undiluted concentration, it very well may be poisonous and can create irritation on the skin and in the eyes.
It isn’t yet known whether the hack was done from inside the U.S. or from outside the country. Analysts with the Digital Forensics Unit said that an examination concerning the event is ongoing.
Although an early intercession deflected more critical consequences, the damaging endeavor features the exposure of basic framework offices and modern control frameworks to cyberattacks.
The way that the assailant utilized TeamViewer to assume control over the framework highlights the requirement for protecting access with multi-factor authentication and keeping such frameworks from being remotely available.
Ben Miller, Dragos researcher, said, “Manually identify software installed on hosts, particularly those critical to the industrial environment such as operator workstations — such as TeamViewer or VNC. Accessing this on a host-by-host basis may not be practical but it is comprehensive.”
“Remote access requirements should be determined, including what IP addresses, what communication types, and what processes can be monitored. All others should be disabled by default. Remote access including process control should be limited as much as possible.”