A hacker who last week tried to poison a Florida city’s water supply used a remote access software platform that had been dormant for months, Pinellas County Sheriff Bob Gualtieri told CNN on Tuesday.
The cyber-intruder got into Oldsmar’s water treatment system twice on Friday — at 8 a.m. and 1:30 p.m. — through a dormant software called TeamViewer. The software hadn’t been used in about six months but was still on the system.
“How they got in, whether it was through a password or through something else, I can’t tell you that,” said Gualtieri.
However, Oldsmar’s assistant city manager, Felicia Donnelly, told CNN that a password was required for the system to be controlled remotely.
TeamViewer, which is based in Germany and has more than half a million customers around the world using commercial licenses, said that there was no indication of suspicious activity.
“Based on cooperative information sharing, a diligent technical investigation did not find any indication for suspicious connection activity via our platform,” TeamViewer spokesperson Martina Dier told CNN on Wednesday.
Once inside the system, the hacker adjusted the level of sodium hydroxide, or lye, to more than 100 times its normal levels, Gualtieri said. The system’s operator noticed the intrusion and immediately reduced the level back. At no time was there a significant adverse effect to the city’s water supply, and the public was never in danger, he said.
The identity of the hacker, or hackers, isn’t yet known. Gualtieri praised the operator who spotted the attack on Friday and said current and former employees have been interviewed after early consideration of an insider threat. There are currently no suspicions or indications that’s the case, he said.
The incident highlights how some critical infrastructure systems are vulnerable to hacking because they are online and use remote access programs, sometimes with lax security.