Hacker Attacked a Water Plant in Florida

This is a “significant and potentially dangerous increase,” Gualtieri said at a Monday press conference. The attacker momentarily entered the computer system at 8 a.m. on Feb. 5, before leaving and returning at about 1:30 p.m. for roughly three to five minutes, Gualtieri said. In that window, the operator of the water plant could see the attacker on screen, “with the mouse being moved about to open various software functions that control the water being treated in the system,” Gualtieri said. 

When the hacker left the computer system, the operator whose computer was remotely taken over promptly brought down the level of the chemical, otherwise called lye. This move forestalled any harm to people in general and the drinking water, Gualtieri said. He said there were extra counteraction measures inside the water system that would have kept polluted water from reaching the public. It isn’t yet known whether the break originated from the U.S., or outside of the country, Gualtieri said. Oldsmar, with a population of almost 15,000, is situated around 15 miles northwest of Tampa.

“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve a limited population set,” said Daniel Kapellmann Zafra, manager of analysis at Mandiant Threat Intelligence. Through “remote interaction with these systems,” the hackers have engaged in “limited-impact operations.” None of those examples brought about any damage to individuals or infrastructure, Zafra said. “We believe that the increasing interest of low sophisticated actors in industrial control systems is the result of the increased availability of tools and resources that allow malicious actors to learn about interactions with these systems,” he added.