Around 8am on Friday morning, an employee of a water treatment plant in the 15,000-person city of Oldsmar, Florida noticed that his mouse cursor was moving strangely on his computer screen, out of his control, as local police would later tell it. Initially, he wasn't concerned; the plant used the remote access software TeamViewer to allow staff to share screens and troubleshoot IT issues, and his boss often connected to his computer to monitor the facility's systems.
But a few hours later, police say, the plant operator noticed his mouse moving out of his control again. This time there would be no illusion of benign monitoring from a supervisor or IT person. The cursor began clicking through the water treatment plant's controls. Within seconds, the intruder was attempting to change the water supply's levels of sodium hydroxide, also known as lye or caustic soda, moving the setting from 100 parts per million to 11,100 parts per million. In low concentrations the corrosive chemical regulates the PH level of potable water. At high levels, it severely damages any human tissue it touches.
According to city officials, the operator quickly spotted the intrusion and returned the sodium hydroxide to normal levels. Even if he hadn't, the poisoned water would have taken 24 to 36 hours to reach the city's population, and automated PH testing safeguards would have triggered an alarm and caught the change before anyone was harmed, they say.
"Did this come from down the street or outside the country? No idea."
Bob Gualtieri, Pinellas County Sheriff
But if the events described by local officials are confirmed—they have yet to be corroborated firsthand by external security auditors—they may well represent a rare publicly reported cyberintrusion aimed at actively sabotaging the systems that contr ..
Support the originator by clicking the read the rest link below.
