The Pinellas County (Florida) Sheriff's Office has reported that the computer system at the City of Oldsmar's industrial drinking water treatment plant was compromised by cybercriminals who altered the concentration of sodium hydroxide (NaOH), colloquially known as lye, in the water. A very dangerous chemical compound in high concentrations.
The security incident, which occurred on 5th of February and lasted between 3 and 5 minutes, was based on remote, unauthorised access to the supervisory control and data acquisition (SCADA) system, allegedly taking advantage of lax cybersecurity measures, in terms of passwords and outdated operating systems.
The data released so far reveals that the intrusion was carried out via TeamViewer, a software that allows you to connect remotely to another device, which was installed on one computer at the plant.
According to Sheriff Gualtieri, the incident did not have a significant effect on the water as it was detected by an operator who immediately reversed the concentration levels and denied remote access to the system. Also, the public was never at risk due to the presence of redundant warning equipment measuring the chemical composition and the fact that the water did not reach the supply system.
The Pinellas County Sheriff's Office, the FBI and the USSS (Secret Service) continue to investigate.