OLDSMAR, Fla. — For a second time Friday, an operator at Oldsmar's water treatment plant noticed the curser on his computer screen moving around. It was during this instance, the Pinellas County sheriff said, that the hacker on the other end made changes to the plant's systems and controls.
The water supply's levels of sodium hydroxide or lye -- the main ingredient in drain cleaner -- were adjusted from 100 parts per million to 11,100 parts per million. At such a high level, it is considered corrosive to any human tissue it touches. The operator was able to quickly fix it.
"If you put that amount of that substance in the drinking water, it’s not a good thing," Sheriff Bob Gualtieri said.
The sheriff's office, along with the FBI and U.S. Secret Service, is investigating the breach as it's not yet known whether a person who attempted to manipulate the system is inside the country or abroad.
Here are five things we know about the hack right now:
Is the water safe?
Yes.
At no time was the public in any danger, said Gualtieri during a Monday briefing. The plant operator was able to reduce the levels of sodium hydroxide to the appropriate amount.
It would have taken about 24-36 hours for the chemical to reach the city's population and prior to that, officials say automated PH testing safeguards would have sounded an alarm to operators.
Why is sodium hydroxide in the water system?
Sodium hydroxide, also known as caustic soda or lye, is used by municipal water treatment facilities to control water acidity and limit pipe corrosion.
It also works to remove heavy metals from the water, according to the American Chemistry Council.
How did the hacker get in?
The person used software that allows its user to remotely access the water treatment plant's systems. Plant supervisors typically use the program to troubleshoot from other locations.
Remote-access software TeamViewer was installed at the Oldsmar plant, Gualtieri told Reuters. Hackers have used the software in other incidents, said Lesley Carhart, a principal threat analyst at industrial control system security firm Dragos, speaking with Wired Magazine. It allows unsophisticated hackers to control computer equipment from afar.
A password was required to access the system, Felicia Donnelly, the assistant city manager, told Motherboard in an email.
The software has since been disabled to ensure a breach like this doesn't happen again, Oldsmar City Manager Al Braithwaite said.
Have similar intrusions happened?
Remote-access software similar to TeamViewer was used by a Russian hacker group in December 2015 to open circuit breakers in Ukrainian electric utilities, according to Wired. Power reportedly was shut off to a quarter-million civilians.
The New York Times reports Russian hackers gained control of some systems at an American power plant in 2017, with the U.S. engaging in its own cyberattacks against the country.
How much of a concern are infrastructure intrusions?
They're a big deal.
"The important thing is to put everyone on notice and I think that’s really the purpose of today is to make sure that everyone realizes that these bad actors are out there," Oldsmar Mayor Eric Seidel said.
Carhart, speaking with Wired, says it's likely people are gaining access to remote systems often but rarely do they have an impact on the real world. She says water treatment and sewage plants are some of the most vulnerable critical infrastructure targets in the U.S.
According to the Times, while larger utility companies have security protectors in place, smaller companies and municipalities might not.
- 'This is dangerous stuff': Hacker increased chemical level at Oldsmar's city water system, sheriff says
- When will the Buccaneers' Super Bowl championship parade be held?
- They're going to Disney World! Brady and Gronk set to visit the 'most magical place on Earth'
- US Air Force performs trifecta flyover at Super Bowl LV in Tampa
- 'We f---ing did it': Super Bowl streaker linked to YouTuber with history of similar stunts
- Meet the Glazer family: The Tampa Bay Buccaneers owners for the last 26 years
►Breaking news and weather alerts: Get the free 10 Tampa Bay app
►Stay In the Know! Sign up now for the Brightside Blend Newsletter