Threat actors modified the concentration of LYE to dangerous parameters.

LYE Level Modified:

Anonymous actors accessed computer systems of the Water Treatment facility in the city of Oldsmar, Florida and changed the chemical levels to dangerous parameters.

On Tuesday, at a press conference officials stated, “At no time was there a significant effect on the water being treated, and more importantly the public was never in danger.”

Follow Us on: Twitter, Instagram, Facebook to get latest security news!

Where hackers increased the the concentration of Sodium Hydroxide (NaOH), also known as lye and caustic soda.

A main ingredient in household products such as liquid drain cleaners, very dangerous if ingested in high concentrations. However, the lower levels used by water treatment facilities to adjust acidity (pH) and remove heavy metals.

Attack Flow:

The attacker first gained access to a remote system — set up to allow for the remote control of water treatment operations.

And then again accessed a second system which happened a prolonged intrusion.

But an operator who was monitoring the system identified the second intrusion.

Where he saw the the hacker move the mouse cursor on the screen and access software responsible for water treatment.

The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million.

Not the First Time:

On the other hand, similar attack happened earlier in 2016, where hackers modified the water treatment parameters by accident.

According to the officials report, Detectives assigned to the Digital Forensics Unit are investigating an unlawful computer software intrusion at the City of Oldsmar’s water treatment plant.