The cyber intruder got into Oldsmar’s water treatment system twice on Friday – at 8 a.m. and 1:30 p.m. – through a dormant software called TeamViewer. The software had not been used for about six months, but was still on the system.
“How they got in, whether it was through a password or something else, I can’t tell you,” Gualtieri said.
However, Oldsmar’s assistant city manager Felicia Donnelly told CNN that a password was required to operate the system remotely.
Once inside, the hacker adjusted the level of sodium hydroxide or lye to more than 100 times the normal level, Gualtieri said. The operator of the system noticed the intrusion and immediately lowered the level back. At no point was there a significant adverse effect on the city’s water supply and the public was never in danger, he said.
The identity of the hacker, or hackers, is not yet known.
“Nobody knows anything, so all the discussions we have at the moment are pure speculation,” said Gualtieri.
Gualtieri praised the operator who spotted the attack on Friday, saying current and former employees were interviewed after early consideration of an insider threat. There are currently no suspicions or indications that this is the case, he said.
Questions about hack refinement
Robert M. Lee, the CEO of Dragos Inc., an industrial cybersecurity company, said these types of attacks are exactly what keeps industry experts up at night.
“It wasn’t particularly sophisticated, but it’s exactly what people are concerned about, and as one of the few examples of someone trying to hurt people, it’s a big deal for that reason,” Lee said.
Gualtieri, however, rejected speculation that the attack was not sophisticated.
“It could be that someone has somehow compromised the password and the password got out. Or it could be pretty sophisticated if you have someone doing what hackers do: all the time looking for potential vulnerabilities and administrator credentials,” he said.
Gualtieri said the potential danger of such an attack should spark a discussion about remote access to software, adding that he had never seen such an attack.
“This is a new one for us,” said the sheriff.
Israel contacts US researchers
Gualtieri said the province is coordinating with the FBI and the US Secret Service, but the province is leading the investigation and is using an in-house lab to forensic analysis of the attack.
Asked why the Secret Service is involved, Gualtieri pointed to their work on computer fraud and agreed that Sunday’s Super Bowl in Tampa “definitely has something to do with it,” as the attack took place on Friday. The attack has been reported to the FBI Joint Terrorism Task Force, of which the Secret Service is part, “so they were involved at the time”.
Florida Senator Marco Rubio said on Monday he wants the hacking to be handled as a national security measure.
Israel’s National Cyber Directorate (NCD), the cybersecurity government agency, said on Wednesday that they had contacted counterparts in the US investigating the Oldsmar hack.
The Israel National Cyber Directorate has reached out to its US equivalents about the matter (in Oldsmar, FL) as part of the standard and accepted cyber information exchange, which is intended to learn from other matters in the field. the world and to methods of resistance, ‘the institution said in a statement.
Last April, Israeli water supplies were the target of an attack that NCD chief Yigal Unna described as a “turning point in the history of modern cyberwarfare.” He said the facilities were the target of a “synchronized and organized attack targeting our water systems.”
Had the attack been successful, Unna said, it would have caused significant damage to civilians’ water supplies. He also seemed to suggest that the hack targeted the flow of chlorine into water treatment plants, which could be detrimental to public health.
In his presentation in May 2020 for an online CyberTech conference, the head of the NCD did not say who he thinks was behind the attack in Israel, but noted that it was not accompanied by the kind of ransom requirements or attempt to win financially that would be expected if it was performed by cyber criminals.