Last Friday at 8am, a computer operator at a water treatment plant in Florida noticed the cursor moving across his screen as if under the control of an invisible hand.
The operator accepted that, as was often the case at the plant, which supplies drinking water to the small town of Oldsmar (population 14,600), it was only its manager who scan into the system remotely.
But when the user logged in secret a few hours later and started clicking through the plant’s controls, it quickly became clear that this was not the boss.
For minutes, the inlet machine had raised 100 times the amount of sodium hydroxide entering the water supply.
In low concentrations, sodium hydroxide – also known as lye or caustic soda – is harmless and controls the acidity level of water. But in high concentrations it can be fatal, causing great damage to human tissue.
After increasing the rate off in the water from 100 parts per million to 11,100 parts, the visitor signed out of the system.
A hacker broke the system at an Oldsmar water treatment plant in Florida last Friday using a remote access program shared with plant workers in an attempt to poison a water supply
As the FBI and the Secret Service joined the investigation to identify the perpetrator, and Florida grandfather Marco Rubio warned that it was a ‘national security issue’, it seemed very similar. that the plant was inhibited by someone with malignant intentions.
The hacker has apparently taken advantage of a piece of software called TeamViewer, which allows someone to remotely control another person’s computer.
It is a program often used by IT staff to resolve a colleague’s technical issues and usually requires a password.
The event, say cybersecurity experts, highlights the appalling threat to countries’ critical infrastructure – water systems, power grids, hospitals, transport networks, even nuclear power plants – that has arisen from our exciting drive to connect everything to the internet.
Worldwide, operators of facilities such as water and electricity, and plants from dams to oil pipelines, have adopted systems that allow engineers to monitor them remotely, despite warnings from cybersecurity experts. that leaves this infrastructure, and the people it serves, dangerously vulnerable.
Officials maintain that Oldsmar citizens would be protected by automated detectors, which would have raised the alert about dangerous levels of sodium hydroxide before it entered the water supply.
But because the hacker has successfully compromised a system that was considered password protected, these authentications are not entirely certain.
Security experts say such hockey attempts are extremely widespread but usually go unnoticed or unreported.
Even relatively unprofessional hackers can gain access to software that allows them to take control of complex equipment in plants and other resources through online links.
Thousands of such control systems can be found on the Internet through specialized monitoring tools – and TeamViewer in particular is known to be easily compromised.
And these hackers aren’t just amateurs giggling in their beds. Many are well-trained international cyber-terrorists.
Authorities do not know whether the Oldsmar incident was the incident of an abusive hacker or a sinister foreign agent.
When asked if he was involved in a bioterrorism attack, county sheriff Bob Gualtieri replied sternly: ‘Yes. ‘
Small companies with very little funds to spend on cybersecurity are particularly vulnerable.
Larger utility companies often claim to be aware of the risks but have too many resources in their facilities, especially since the outbreak began, without which technology would not allow long-term workers. achieve more than they could have managed otherwise.
This is being done not just by criminal ‘bioterrorists’ or blackmailer but by governments, not only to cause immediate damage and harassment of enemies but to weaken cyber defenses against hostility and critical infrastructure in preparation for future crisis or war.
U.S. officials have long expressed fear of a possible ‘cyber Pearl Harbor’ where foreign spies will destroy U.S. infrastructure.
Security experts say that hacking efforts like this, like the one at the Florida water treatment plant, are incredibly widespread but usually go unnoticed or unreported (file photo)
Last spring, Iranian spies working for the Islamic Revolutionary Guards tried to alter the chlorine content at an Israeli city water plant, forcing the Israelis launch their own retaliatory cyber strike on a port from Iran.
Israel’s digital security chief at the time said: ‘Cyber winter is coming, and coming even faster than I expected.
‘We’re just seeing first. We remember this as a turning point in the history of today’s cyber war. ‘
In fact, it was the turn of time – and he should have known, because Israel and the US were to blame for the first such attack in 2007. , when Stuxnet, a malicious computer worm, destroyed Iran ‘s nuclear program by manipulating about 1,000 centrifuges to spin itself into pieces.
It surfaced again in 2016, when Russia was blamed for using Stuxnet to reduce Ukraine’s electricity supply.
One-fifth of the population was left without power in a terribly cold winter after hackers hacked into the power grid’s computer system. Two years later, the Ukrainians said that the Russians tried to get into a chlorine plant.
U.S. intelligence agencies claim that groups of Russian hackers have been quietly investigating American energy companies and power grids for weaknesses since 2012.
One, known as Energetic Bear or Dragonfly, has been accused by Washington officials of sneaking into Swiss, Turkish and U.S. power companies, water treatment plants and nuclear power plants over the top ten. last year.
Last spring, Iranian spies working for the Islamic Revolutionary Guards tried to alter the chlorine content at an Israeli city water plant inciting a revenge attack
One attempt, in 2017, involved a nuclear power plant in Kansas. While the company said its ‘operating systems’ were not affected, the hackers collected sensitive data including passwords and logins that experts could use for future attacks.
In the same year, hackers used a malicious computer code called Triton, developed by the Russian Institute of Scientific Chemistry and Research Mechanics, to try to dismantle an emergency locking system at a Saudi petrochemical facility.
The attempt failed but security analysts said that if it had got to the next level, the hackers would have been able to trigger a horrific business ‘crash’.
Last year, the U.S. government banned the Russian institution from doing business in the U.S.
The Russians are not the only criminals, however. Seven years ago, Iranian hackers tried to block a small dam in New York State.
They couldn’t control it because it was under repair at the time.
The ability of blackmail hacking is almost a mystery. In 2017, the WannaCry ransomware virus spread through 150 countries, targeting computers running the Microsoft Windows operating system, circulating data and requesting ransom payments in Bitcoin.
He even installed computers in the NHS, forcing administrators to take patients to hospitals with no effect. Fortunately no deaths were confirmed.
But in Dusseldorf, Germany, in September last year, a cyber attack took an offline hospital and doctors had to take a patient to another facility to try to save her life.
She died along the way and the attack is now being investigated as a murder.
Factories are becoming increasingly digital, too. In 2014, hackers took control of a German steel mill and forced the system to close abruptly without control of the blast furnace. According to a government report, this caused ‘catastrophic physical damage’.
Lesley Carhart, of digital security company Dragos, says he finds foreign government hackers rooting around in resources all the time. But for now they are spending their time, she says.
They are going to wait until they have a good reason to push buttons. ‘
How long before they think that moment has arrived?