Hackers attempted to poison the water supply for nearly 15,000 people in a town near Tampa, Fla. on Friday, by breaking into the facility’s computer system.
Announcing the attack in a press conference on Monday, the Pinellas County Sheriff said the hackers remotely accessed a software program called TeamViewer through an employee’s computer at the facility for the town of Oldsmar in an attempt to gain control of multiple systems.
“The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up that the computer has been accessed,” Sheriff Bob Gualtieri said. “The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.”
The hackers increased the levels of sodium hydroxide in the water, which is distributed into the water supply in small amounts to manage the water’s acidity, but could be dangerous to consume at increased levels.
The facility employee immediately notified his employer, who contacted the sheriff. The treatment facility’s rapid response allowed the command to be changed quickly, leading to very little impact.
Oldsmar Mayor Eric Seidel said the water treatment facility has other measures in place to prevent dangerous levels of sodium hydroxide from being distributed in the water supply.
“The amount of sodium hydroxide that got in was minimal and was reversed quickly,” Gualtieri said. The impacted facility is owned by the town, which is located 17 miles northwest of Tampa with around 15,000 residents.
The software that was targeted has been installed on devices 2.5 billion times worldwide and allows for remote technical support, according to TeamViewer’s website.
Both the FBI and Secret Service are assisting in an investigation into the hacking, and Gualtieri said they still don’t know who is behind the cyberattack.
“The important thing is to put everyone on notice,” he said. “This should be a wake-up call.”
Late last year, one of the largest cyberattacks in U.S. history allowed hackers to monitor government agencies, defense contractors, and telecommunications companies for months before the compromise was exposed. The Associated Press reported that the experts believe the likely foreign agents had plenty of time to gather information that could be problematic for U.S. national security, but the range of the hack and what data was collected is still unknown.
“The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems,” the group’s statement said. “We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted.”