These days, everything is connected to the internet. But that’s not always a great idea — particularly when it means that hackers might be able to takeover water treatment systems in an attempt to poison thousands of people.
On Monday (US time), officials for the Pinellas County in Florida fronted up at a press conference to say they had thwarted an attempt by hackers to add dangerous levels of sodium hydroxide to the water supply for the 15,000 residents of Oldsmar.
Hackers were able to remotely access the facility’s computer using TeamViewer, a popular piece of consumer software typically used for remote technical support.
An employee was watching the computer when the intrusion occurred.
“The guy was sitting there monitoring the computer as he’s supposed to and all of a sudden he sees a window pop up that the computer has been accessed,” the county’s sheriff Bob Gualtieri told Reuters.
“The next thing you know someone is dragging the mouse and clicking around and opening programs and manipulating the system.”
The employee watched as the hackers increased the amount of sodium hydroxide going into the water supply. At high levels, the corrosive chemical is dangerous to ingest.
He alerted his boss about what was happening, and they were able to stop the chemical being dumped into the water.
According to the town’s mayor, Eric Seidel, there was minimal impact and the treatment plant’s systems had backup controls that would have stopped large amounts of the chemical being introduced into the water supply without people noticing.
There is no question that cybersecurity is crucial to real world security now. Hospitals, schools, power plants, even half of Ukraine have all been rendered useless or worse by hackers in the past.
Hackers using TeamViewer to try and poison the water supply is a pretty unsophisticated method. But it shows the importance of designing systems with cybersecurity in mind.