Connect with us

Hi, what are you looking for?

News

Russian Cyber Attackers Hack Texas Drinking Water, Flood Town

Russian hackers claiming to be backed by the Kremlin are believed to have remotely accessed a Texas town’s water tower.

The suspected hack in the Texas Panhandle town in January would be the first-ever disruption of a US drinking water system by Russia, after Iran and China carried out similar attacks.

The hack in Muleshoe, a community of 5,000 not far from the New Mexico border, led to the tower overflowing with thousands of gallons for almost an hour, leading to a state of emergency to be declared.

The hacking group allied with the Russian government identified themselves as the Cyber Army of Russia Reborn (CARR).

The group posted a video on Telegram of the town’s water-control systems being manipulated, showing how they reset the controls.

‘We’re starting another raid on the USA. In this video there are a couple of critical infrastructure objects, namely water supply systems,’ the message in Russian said, capped by a smiley face emoji.

The video then shows the hackers changing values and settings for the utilities’ control systems.

The group has previously conducted DDoS attacks on Ukrainian organizations and government agencies.

It’s unclear what effects the manipulation has had, but several local officials have acknowledged the cyberattacks, while confirming some form of disruption.

The city manager for Muleshoe, instance, reportedly said in a public meeting that the attack on the town’s utility is what caused the tank to overflow.

Officials in the nearby towns of Abernathy, Hale Center and Lockney also said they’d been ‘affected,’ with the well system for the former seen in the interface shown on the Telegram screen recording

All three towns reportedly disabled the software overseeing their utilities to prevent its exploitation, but officials in each locale also insisted service to customers in each case was never explicitly interrupted.

That wasn’t the case for residents of Muleshoe, whose seminal water tower hemorrhaged water for somewhere between 30 and 45 minutes before operators were finally able to address the issue, doing so manually

Footage from the scene January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste.

The FBI is currently investigating the hacking activity, one of the officials told CNN.

A seasoned cybersecurity specialist from Google-owned Mandiant, meanwhile, told The Washington Post the hack was indeed the work of CARR – an org perhaps better known by its pseudonym of Sandworm.

The State Department has issued multimillion-dollar bounties for the capture of those associated with the group, known for briefly turning out the lights in parts of Ukraine on at least three occasions.

They were also able to hack the Olympics Opening Games in South Korea in 2018, and are credited with the creation of an advanced malware that was able to briefly shut off a Chernobyl safety system in 2017.

The nuclear power station in Pripyat, Ukraine, was destroyed by a reactor explosion in 1986, sparking the worst radiation fuel leak of all time. It now sits entombed in a huge concrete sarcophagus, but is constantly monitored to check for further leaks.

The ransomware was also used to attack systems overseeing the 2017 French Elections, US officials have said – citing billions of dollars of losses incurred as a result.

A spokesperson said that time that employees were forced to patrol the vicinity of the plant and monitor the radiation with hand-held meters.

Mandiant chief analyst John Hultquist on Wednesday said the attack in January could heighten tensions between Moscow and Washington, and shows how Sandworm – now calling itself CARR – is broadening its targets to include American infrastructure.

He also said he and his colleagues observed social media accounts being created on YouTube for CARR using servers associated with Sandworm, and that CARR had been posting Ukrainian government data stolen by Sandworm hackers on Telegram.

He also reiterated the belief that the CARR is solely a front for The GRU – the Russian intelligence agency that remained in place following the collapse of the Soviet Union.

Members of the KGB replacement were charged in for the Chernobyl attack, with the State Department framing them as members of the group.

‘We’ve been saying for a long time that CARR is just a front for the GRU,’ Hultquist told the Post as the apparent cyber attack continues to be probed.

‘Then we see them take credit for these acts in the U.S. against water utilities. Is GRU behind these attacks? If it isn’t GRU, whoever is doing this is working out of the same clubhouse. It’s too close for comfort.’

The group previously went by the names Telebots, Voodoo Bear and Iron Viking. They are also known as Unit 74455.

U.S. Attorney Scott W. Brady for the Western District of Pennsylvania described Sandworm’s actions as ‘representing the most destructive and costly cyber-attacks in history.’

Brady added, ‘The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.’

‘Time and again, Russia has made it clear: They will not abide by accepted norms, and instead, they intend to continue their destructive, destabilizing cyber behavior,’ said FBI Deputy Director David Bowdich in 2022.

The Biden administration has also that intelligence indicated that new state sponsored Russian cyber attacks were forthcoming.

The Kremlin, meanwhile, has kept mum about its alleged connection to the terror group, rejecting accusations that Russia and Russian special services were responsible for any ‘hacking attacks, especially against the Olympics.’

Feds’ and town officials’ investigation into the January incident, as of writing, remains ongoing.

The investigation comes weeks after state governors that foreign hackers are carrying out disruptive cyberattacks against water and sewage systems throughout the country, with both National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan warning that ‘disabling cyberattacks are striking water and wastewater systems throughout the United States.’

‘Disabling cyberattacks are striking water and wastewater systems throughout the United States,’ the march statement from the White House read, citing two countries in particular.

‘These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.

‘We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks.

The letter singled out alleged Iranian and Chinese cyber saboteurs, with Sullivan and Regan citing a recent case in which hackers accused of acting in concert with Iran’s Revolutionary Guards had disabled a controller at a water facility in Pennsylvania.

They also called out a Chinese hacking group dubbed ‘Volt Typhoon’, which they said had ‘compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.’

A few days later, Vladimir Putin’s sinister global cyberwarfare strategy has been unmasked after a huge trove of secret files were leaked.

The documents reveal how a company with links to the FSB, the Russian intelligence service, aids the Kremlin’s agenda by attacking its enemies in digital warfare.

READ 20 COMMENTS
  • The Admiral says:

    Who’s watching the store???????????? There were no alarms going off? Sounds like a shit show with no one watching the Hen House. What a way to find out you just got fucked by the competition.

  • Jerry Matt Fares says:

    LOOKS LIKE THE NEW 21ST CENTURY WEAPON OF WAR, wonder if we have the same capabilities ?

  • Michael T says:

    Who designed that shitty control system? It should have interlocks in place that are not affected by software.
    A couple float switches near the top of the tank should have been installed. One at 90 to 95& to show that it has enough water and is operating properly, and a second to disconnect the power to the pumps when it reaches 100% Software should only allow control between those two points. It should then monitor the level, and run when the power is the cheapest, wherever possible. It should shut the pumps off at 99%. so the limit switches are constantly used. A weekly or monthly test should allow them to trip for test, which would reset the system. The only access to the software should be read only, to prevent hacking.
    There should also be a manual override to power down the pumps, in an emergency.

  • Tacitus Kilgore says:

    Why is the water system in a small town connected to the internet, it should not have to be, the system can be automated but it doesn’t make sense unless the government is involved in it’s operation.

  • Jim Jessup says:

    Does anybody out there remember the old TV show HEE-HAW. This reminds me of the type of thing that slovenly, rumpled sweater wearing broadcaster “Charlie Ferguson” would report on KORN news.

  • TOP STORIES

    News

    Viewers hoping that former President Donald Trump would engage in one final war of words with Vice President Kamala Harris were left disappointed by...

    News

    Zachary Apotheker, the Border Patrol whistleblower who appeared in James O’Keefe’s film titled, “Line In The Sand” received a memo from US Customs and...

    News

    The storm has passed; another is on the way. But as Hurricane Milton looms large in headlines as it prepares to hit Florida, families...

    News

    Update: Univision’s Enrique Acevedo has refuted claims that Harris used a teleprompter during her Town Hall event. “The prompter displayed my introduction (in Spanish)...

    >