“Mouse moved on its own” – How hacker tried to poison city’s water supply

Share:

Share on facebook
Share on twitter
Share on linkedin

How a hacker hacked and almost poisoned a city’s water supply, being picked up only when an official “saw the mouse move” on his computer screen!


A hacker recently gained access to a Florida city’s water treatment system in an attempt to pump a “dangerous” amount of the chemical lye into residents’ water supply.

Officials from the city of Oldsmar said the hacker was able to briefly increase the amount of sodium hydroxide, or lye, in the water before the attack was thwarted.

The hack was noticed when a plant operator who was monitoring the system noticed the mouse on their computer screen moving on its own, according to the Tampa Bay Times.

The operator watched as the remote hacker accessed the software that controls water treatment, and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

Lye is commonly used in small amounts to control the acidity of water, but the corrosive compound – found in many household cleaning products, including liquid drain cleaner – is very dangerous at higher volumes.

The hacker then left the system, and the operator immediately changed the concentration back to normal.

Oldsmar officials said other safeguards would have prevented the city’s residents from being directly harmed by the chemical.

It would have taken more than a day for the poisoned water to enter the water supply, allowing time for public warnings, and the system would likely have caught changes to the acidity of the water.

The hacker reportedly ab/used the TeamViewer remote access program –used by plant workers to monitor the facility’s systems and troubleshoot IT issues – to gain access to the target computer.

It isn’t clear how exactly the hacker was then able to break into the operational systems that control the plant’s physical equipment, given these systems are generally run separately from IT networks.

However, Oldsmar officials admitted the water plant’s operational systems were accessible from outside the plant, a configuration security experts advise against. They said it appeared the hacker was able to access the operational systems from the internet.

TeamViewer has been uninstalled following the attack, the officials said, and they have warned other local government organisations to shore themselves against a similar attack.

The FBI and the Secret Service along with the city’s own investigators are looking into the incident. 

While the attack sounds bizarre, in actual fact this type of attack is not altogether unique. Critical infrastructure operators are prime targets for hackers given the potential for mass disruption alongside their propensity to run older IT systems that contain significant vulnerabilities.

Often these systems are also exposed to the internet, making them discoverable with search tools like Shodan.

In 2015, for instance, Russian-backed hackers hijacked a similar remote access program to turn off the power for hundreds of thousands of Ukrainian citizens.

Unsurprisingly, officials in Oldsmar are somewhat shaken. Mayor Erik Seidel said: “We want to make sure that everyone realises these kind of bad actors are out there. It’s happening. So really take a hard look at what you have in place!”

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.