Hacker tried to poison water supply in Florida, exposing dangerous vulnerability

Pinellas County Sheriff Bob Gualtieri said on Monday that someone hacked into the computer system for the Oldsmar, Florida water treatment plant and changed the setting for sodium hydroxide, also known as lye and caustic soda, from about 100 parts per million to 11,100 parts per million.

The hack was observed by someone working at the facility and the setting was swiftly returned to the correct level.

The sheriff explained that the system allows for remote access for authorized users. A plant operator noticed that someone remotely accessed the system on Friday morning, but did not perceive this to be an issue because his supervisor and others sometimes remotely accessed his screen, the sheriff said.

But later on Friday an operator observed remote access occurring and it was at that time that the hacker increased the sodium hydroxide setting. 

"The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase," Gualtieri said. "Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It's also used to control water acidity and remove metals from drinking water in the water treatment plants. After the intruder increased the parts per million from 100 to 11,100 the intruder exited the system and the plant operator immediately reduced the level back to the appropriate amount of 100. Because the operator noticed the increase and lowered it right away, at no time was there a significant adverse affect on the water being treated. Importantly, the public was never in danger," the sheriff noted.