In a sophisticated cyber-attack, a hacker accessed the computer systems of the water treatment facility in a US city and modified drinking water chemical levels to dangerous parameters in an attempt to poison the city of nearly 15,000 residents.
Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners, used to control water acidity and remove metals from drinking water in the water treatment plant.
“The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase,” Bob Gualtieri, Sheriff of Oldsmar city in Florida state in the US, was quoted as saying in local media reports on Monday.
The intrusion took place on February 5 when the hacker remotely accessed a computer system that was set up to allow for the remote control of water treatment operations.
According to a report in Tampa Bay Times, local and federal authorities including the FBI were investigating the attempt to poison the city of Oldsmar.
The city’s water supply was not affected.
“A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it,” Gualtieri said.
The city officials on Monday emphasized that “several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack”.
Though some cities get water through Pinellas County, Oldsmar provides water directly to its businesses and roughly 15,000 residents.
The computer system at the water treatment plant was set up to allow authorized users to remotely access it for troubleshooting.
Contact with sodium hydroxide can kill skin and cause hair loss and ingestion can be fatal.
In November last year, a water utility in Illinois was targeted by suspected Russian hackers and the attempt was foiled.