BAY AREA, CA — The Federal Bureau of Investigation is looking into a hacker’s attempt to poison an unnamed San Francisco Bay Area water treatment plant in January, NBC News reported.
The hacker knew the username and password of a former employee’s TeamViewer account, which allowed them to remotely obtain access to the plant’s computers, NBC reported. The hacker deleted computer programs used to treat drinking water.
The plant discovered it had been hacked the next day, then reinstalled the water treatment programs and changed its passwords, NBC reported. There were no reports of anyone being sickened by the water.
NBC’s report marked the first time this incident was made public. The news agency said it reviewed a February report from the Northern California Regional Intelligence Center.
The method used in this attack is the same as one reported in February, when an Oldsmar, Florida water plant operator watched as his computer mouse moved around his screen and opened programs, eventually raising the levels of sodium hydroxide, or lye, by more than 100 fold to a level that could cause illness and corrode pipes, The Washington Post reported. The hacker also used TeamViewer to gain access to the employee’s screen.
Fortunately, the employee quickly reversed the lye levels and water quality was not significantly impacted, The Post reported. Nobody was sickened.
The U.S. Cybersecurity and Infrastructure Security Agency and National Security Agency recommended in July 2020 that operators of critical infrastructure take immediate action to safeguard against “foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”
These vulnerabilities have become increasingly apparent as more companies shift to remote operations and monitoring, outsource operations, and seek to accommodate a decentralized workforce, the agencies wrote.
Read more from NBC Bay Area and The Washington Post.