Lethal Cyberattack Stopped Before Poisoning Water Supply in Florida

February 10, 2021Joshua Skovlund
florida sheriff discusses cyberattack


A quick-thinking water treatment technician stopped a cyber-based terrorist attack on the residents of Pinellas County on Florida’s Gulf Coast. On Friday, an unidentified hacker gained access to the Oldsmar, Florida, water treatment plant computers and adjusted the levels of sodium hydroxide, aka lye, to dangerously high levels. Thanks to the technician’s immediate actions, the setting was lowered back to normal range before any major damage could take place.

Sen. Marco Rubio of Florida said the cyberattack should be considered a national security concern, and he is asking the Federal Bureau of Investigation to investigate the apparent terrorist attack. Andrea Aprea, a public affairs specialist with the FBI’s Tampa Division, confirmed that they are working jointly with the Pinellas County Sheriff’s Office and the City of Oldsmar. 

Pinellas County Sheriff Bob Gualtieri announced the cyberattack on Monday during a press conference. He said that on Friday morning, a technician at the water plant facility noticed someone remotely access the system for a brief period before disconnecting. Gualtieri said the technician didn’t think much of it because the system had been set up with remote connection software for supervisors and others who needed remote access to the system during COVID-19 pandemic restrictions. 

At about 1:30 p.m. the same day, the same unknown individual or another hacker gained access to the system and the technician could see the mouse cursor moving around the screen, opening different windows. Then, the hacker boosted the level of sodium hydroxide from 100 parts per million to 11,100 ppm, a lethal amount. The technician who observed the changes quickly adjusted the sodium hydroxide level back to 100 ppm.

Gualtieri said, however, that even if the technician had missed the attack, early warning sensors throughout the entire water system would have alerted officials of the changing alkalinity, and the water could have been shut off before reaching the city. He asserted that the public was never in any danger because of these safety features.

Oldsmar City Manager Al Braithwaite said they’ve “anticipated that this day was coming” and have trained for it, but he wasn’t aware of any previous attempts before Friday’s cyberattack. 

The cyberattack in Oldsmar, about 15 miles west of Tampa, Florida, is a direct attack on critical infrastructure. Local, state, and federal law enforcement are putting all hands on deck to track down the hacker who infiltrated the system. 

Andrew Crerar, a development operations engineer who supports the infrastructure of government and military projects, told Coffee or Die Magazine that he believes there are three different types of bad actors possible with an incident such as the attack on the Oldsmar city water facility. 

oldsmar florida
The Oldsmar, Florida, water treatment facility, site of a cyberattack on Friday, Feb. 5, 2021. Screenshot via YouTube.

First, Crerar referred to a type of attacker known as a “script kiddie.” This is the most rudimentary possibility, he said, meaning a mischievous, entry-level hacker who uses preexisting tools to hack into various systems — who isn’t directly trying to commit an act of terror but more or less seeing how far they can get.  

“Script kiddies are people who get on the internet and they basically get scripts and packages that already exist, and they’re usually motivated by just kind of seeing what they can do,” said Crerar. “Granted, they can cause some serious damage — it’s not that they shouldn’t be taken seriously.”

Second, Crerar cited the possibility of an insider attack committed by a current or former disgruntled employee who still has remote access and wants revenge. He explained that some facilities don’t change their system passwords often enough, which creates security risks.

The third possibility, according to Crerar, is that an experienced foreign or domestic hacker intentionally breached the system to commit an act of terror. Crerar went on to explain that these types of attacks are becoming more and more frequent. He gave an example of the recent breaches in the Department of Defense’s systems that led to stolen DOD personnel information. 

“This stuff is becoming more and more common because basically, the battlefield is shifting,” said Crerar. “Terrorism isn’t about who’s got the biggest gun as much anymore but who can control the information and who can control the digital space. They usually have a distinct advantage.”

The Tampa Police Department and the Department of Homeland Security did not respond to inquiries at the time of publication.

Read Next: Experts: Brazen Cyberattack Against US Agencies Bears Hallmarks of Russian Cyber Tradecraft

Joshua Skovlund
Joshua Skovlund

Joshua Skovlund is a former staff writer for Coffee or Die. He has covered the 75th anniversary of D-Day in France, multinational military exercises in Germany, and civil unrest during the 2020 riots in Minneapolis. Born and raised in small-town South Dakota, he grew up playing football and soccer before serving as a forward observer in the US Army. After leaving the service, he worked as a personal trainer while earning his paramedic license. After five years as in paramedicine, he transitioned to a career in multimedia journalism. Joshua is married with two children. His creative outlets include Skovlund Photography and Concentrated Emotion.

More from Coffee or Die Magazine
9 Killed In Army Black Hawk Helicopter Crash In Kentucky

Nondice Thurman, a spokesperson for Fort Campbell, said Thursday morning that the deaths happened the previous night in southwestern Kentucky during a routine training mission.

March 30, 2023Associated Press
richard stayskal act military medical malpractice
DOD Denies Most Stayskal Act Malpractice Claims

Master Sgt. Richard Stayskal was diagnosed with lung cancer long after military doctors missed a tum...

March 29, 2023Maggie BenZvi
ukraine lessons learned
Opinion & Essay
Nolan Peterson: Lessons From Russia's Invasion of Ukraine

After living in and reporting from Ukraine the last nine years, conflict journalist Nolan Peterson h...

March 28, 2023Nolan Peterson
ukrainian wounded soldiers
‘On Tour In Hell’: Wounded Ukrainian Soldiers Evacuated

With bandaged heads and splinted limbs, the wounded soldiers are stretchered into the waiting medica...

March 27, 2023Associated Press
US oil mission
US Launches Airstrikes in Syria After Drone Kills US Worker

While it’s not the first time the U.S. and Iran have traded airstrikes in Syria, the attack and the ...

March 24, 2023Associated Press
The Gift jason dunham
‘The Gift’ Explores the Life and Legacy of Medal of Honor Recipient Jason Dunham

"The Gift" tells the story of the first Marine to receive the Medal of Honor after the Vietnam War. ...

March 24, 2023Mac Caltrider
uss milius
US Denies Chinese Claim It Drove Away American Destroyer

The U.S. Navy's 7th Fleet said that a statement from China's Southern Theatre Command that it had fo...

March 23, 2023Associated Press
The Speed Project: Vet Team To Run in Lawless, Invite-Only Ultramarathon

For the first time, a team of (mostly) US veterans and active-duty service members will run in The S...

March 23, 2023Jenna Biter
  • About Us
  • Privacy Policy
  • Careers
Contact Us
  • Request a Correction
  • Write for Us
  • General Inquiries
© 2023 Coffee or Die Magazine. All Rights Reserved