On Monday officials in Pinellas County, Florida held a press conference in which they made an announcement that an unidentified hacker had remotely gotten into a panel that controls the water treatment system for the city of Oldsmar, and then greatly bumped up the amount of sodium hydroxide (a.k.a. lye) in the water supply. 

Pinellas County Sheriff Bob Gualtieri said that the increase was spotted by an operator who then reversed it. Per his claim, the hacker made a dramatic increase by changing the amount of the hydroxide from “one hundred parts per million, to 11,100 parts per million.”

Small amounts of sodium hydroxide are added to the drinking water supplies of some cities to bump up pH levels, and to keep pipes from becoming corroded.

Gualtieri added that the levels inputted by the hacker are “dangerous.” Let us note here that, if large amounts of it are ingested, lye can be deadly. 

Gualtieri was asked if this hacker’s attempt should be counted as bioterrorism, to which he remained impartial. Instead he went with the call-it-whatever-you-want-but-this-is-what-happened-route.

“What it is is someone hacked into the system not just once but twice … opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance,” he said, according to Vice. “So, you label it however you want, those are the facts.”

“The person who remotely accessed the system for about three to five minutes, opening various functions on the screen,” Gualtieri added. “One of the functions opened by the person hacking into the system was one that controls the amount of sodium hydroxide in the water.”

The city’s water system was reportedly broken into around 8 a.m. on Friday morning (February 5). At that time a plant operator realized someone had gotten remote access to a system he was monitoring, but thought little of it because supervisors commonly use remote access to troubleshoot. This was said to be a brief instance of remote access, but the same thing happened later on in the afternoon, at around 1:30 p.m., which is the time that the hacker messed with the sodium hydroxide levels. 

Very important (especially on the off-chance you’re a resident) nothing actually happened to the water at that time. For those wondering what would’ve occurred if the operator missed the change, it was reported that several additional fail-safes and alarms were in place. 

“The intruder exited the system, and the plant operator immediately reduced the level back to the appropriate amount of one hundred,” said Gualtieri. He also added that steps were taken to prevent further remote access. 

A criminal investigation has been opened by the local Sheriff’s office. Also the FBI and Secret Service are looking into it.