Search
Close this search box.

“Mouse moved on its own” – How hacker tried to poison city’s water supply

Share:

How a hacker hacked and almost poisoned a city’s water supply, being picked up only when an official “saw the mouse move” on his computer screen!


A hacker recently gained access to a Florida city’s water treatment system in an attempt to pump a “dangerous” amount of the chemical lye into residents’ water supply.

Officials from the city of Oldsmar said the hacker was able to briefly increase the amount of sodium hydroxide, or lye, in the water before the attack was thwarted.

The hack was noticed when a plant operator who was monitoring the system noticed the mouse on their computer screen moving on its own, according to the Tampa Bay Times.

The operator watched as the remote hacker accessed the software that controls water treatment, and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

Lye is commonly used in small amounts to control the acidity of water, but the corrosive compound – found in many household cleaning products, including liquid drain cleaner – is very dangerous at higher volumes.

The hacker then left the system, and the operator immediately changed the concentration back to normal.

Oldsmar officials said other safeguards would have prevented the city’s residents from being directly harmed by the chemical.

It would have taken more than a day for the poisoned water to enter the water supply, allowing time for public warnings, and the system would likely have caught changes to the acidity of the water.

The hacker reportedly ab/used the TeamViewer remote access program –used by plant workers to monitor the facility’s systems and troubleshoot IT issues – to gain access to the target computer.

It isn’t clear how exactly the hacker was then able to break into the operational systems that control the plant’s physical equipment, given these systems are generally run separately from IT networks.

However, Oldsmar officials admitted the water plant’s operational systems were accessible from outside the plant, a configuration security experts advise against. They said it appeared the hacker was able to access the operational systems from the internet.

TeamViewer has been uninstalled following the attack, the officials said, and they have warned other local government organisations to shore themselves against a similar attack.

The FBI and the Secret Service along with the city’s own investigators are looking into the incident. 

While the attack sounds bizarre, in actual fact this type of attack is not altogether unique. Critical infrastructure operators are prime targets for hackers given the potential for mass disruption alongside their propensity to run older IT systems that contain significant vulnerabilities.

Often these systems are also exposed to the internet, making them discoverable with search tools like Shodan.

In 2015, for instance, Russian-backed hackers hijacked a similar remote access program to turn off the power for hundreds of thousands of Ukrainian citizens.

Unsurprisingly, officials in Oldsmar are somewhat shaken. Mayor Erik Seidel said: “We want to make sure that everyone realises these kind of bad actors are out there. It’s happening. So really take a hard look at what you have in place!”

Picture of Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →