Texas
Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System
When Mike Cypert got the call that utilities in remote Texas communities were being hacked, he raced across his office to unplug the computer that ran his city’s water system.
Hale Center is a dusty, cotton-growing burg of 2,000 about five hours drive northwest of Dallas. After the alert from a software vendor in January, Cypert, the city manager, said he found thousands of attempts to breach Hale Center’s firewall, some coming from an internet address that traced back to St. Petersburg, Russia.
Within minutes of the discovery, Cypert said he reported the episode to agents from the FBI and US Department of Homeland Security, who were already looking into related incidents in nearby Texas towns. One of the hacks caused a water tank in another city to overflow.
The attacks in Texas are the latest example of hackers — some of them tied to US adversaries — targeting America’s sprawling network of water utilities. In November, an Iranian-backed group attacked Israeli-made digital controls commonly used in the water and wastewater industries in the US, affecting organizations across several states. That same month, the North Texas Municipal Water District, which supplies water to more than 2 million customers, was the victim of a ransomware attacks.
Chinese state-sponsored hackers also attacked a water utility in Hawaii, the Washington Post reported in December.
“The water sector is poorly resourced and is under siege from three fronts. This is now Iran, China and Russia,” said John Hultquist, chief analyst at Mandiant Intelligence.
A spokesperson for the FBI declined to comment. The Department of Homeland Security didn’t immediately respond to a request for comment.
Read More: Iranian-Linked Hacks Expose Failure to Safeguard US Water System
Researchers at Mandiant, a unit of Google Cloud, found potential connections between the attacks on water utilities in Texas and one of Russia’s most notorious hacking groups, known as Sandworm. The group has been accused of repeatedly turning out the lights in Ukraine and hacking the 2018 Olympics Opening Games in South Korea. The US government says it is part of Russia’s military spy agency, but the ties between Sandworm and the Texas attacks are less than certain. “We’ve never seen them cross the line in the US like this before,” Hultquist said.
Among the other victims of the recent hacks was the city of Muleshoe, a 5,000-person community in northwest Texas. A resident called the city on January 18 to report a water tank overflowing. City staff found that they’d largely lost control of the system, took it offline and called the company that provides Muleshoe’s industrial control software, City Manager Ramon Sanchez said at a public meeting the next month that was covered by the Plainview Herald. The vendor told city officials that other area communities were seeing similar problems, Sanchez said at the meeting.
Sanchez didn’t respond to messages seeking comment.
That same day, a social media account called “CyberArmyofRussia_Reborn” posted a video that appears to show hackers manipulating Muleshoe’s industrial control system. Mandiant and other cybersecurity researchers believe Sandworm created and control CyberArmyofRussia_Reborn, which Hultquist described as a hacktivist persona. It’s possible that other cyber attackers are using its platforms, he said.
Andy Bennett, the chief technology officer of cybersecurity firm Apollo Information Systems, said there are various reasons why hackers might target small-town water systems. They could provide a “testing ground” for hacking tools intended for bigger targets, he said, or give foreign countries a way to scare Americans.
“Small-town America feels safe,” said Bennett, a former cybersecurity official for the state of Texas,”and if the water supply is in jeopardy, it undoes that.”
US intelligence officials are still debating whether Sandworm was involved in the Texas water utility breaches, according to people familiar with the situation who didn’t want to be named due to the sensitivities.
The Russian Embassy in Washington declined to comment.
US officials are especially worried about attacks by nation-state hackers on critical sectors of the US economy, like defense, dams, energy, financial services and water systems. Last year, the Environmental Protection Agency dropped plans to require states to assess water facilities’ cyber defenses. Republican lawmakers in three states called the oversight illegal, accusing the EPA of overreach. The White House said it would work with Congress to beef up the environmental watchdog’s authority.
The attacks on Texas utilities targeted at least two other communities. In Abernathy, hackers entered through a virtual network connection, but city staff caught them within 30 seconds and cut off the attackers as they were trying to change passwords, City Manager Donald Provost told Bloomberg News. Lockney’s city manager, Buster Poling, Jr., said his staff also caught the attack early and that it “really did not affect the city.”
Hale Center’s Cypert said he learned that other towns had been attacked when the city’s industrial control software vendor called telling them to “lock down.” Hale Center uses the same vendor as Muleshoe and a handful of other area communities, he said.
When the warning came in, Cypert said he rushed to unplug the ethernet cable from the computer that operates the water system. Hale Center wasn’t breached, but Cypert said in reviewing its security, the city’s IT contractor found what appeared to be a brute force attempt to crack Hale Center’s firewall — 37,000 tries in four days.
The attempts on Hale Center’s firewall came from IP addresses around the world but one was repeated over and over, Cypert said. The investigation traced it back to St. Petersburg and the city’s industrial control vendor, Morgeson Consulting in Lubbock, quickly got Cypert on a conference call with FBI agents already investigating the Muleshoe attack, he said.
Morgeson Consulting’s owner didn’t immediately respond to an email seeking comment.
Cypert said he later sent the FBI data from the attempts on its firewall. The city’s IT contractor, Ben Warren, also walked the investigators through some of the technical details, he said. The agents were impressed by Warren’s technical acumen and offered the city manager a piece of advice, Cypert recalled.
“Hang on to him,” they said, referring to Warren.
Copyright 2024 Bloomberg.
Topics
Cyber
Texas
Russia
“Radical Islamist terrorist groups are anti-American, and the infiltration of these dangerous individuals into Texas must be stopped,” said Texas A-G regarding terrorist org. CAIR.
Air traffic controllers lost communication for about 10 minutes with a small Mexican Navy plane carrying a young medical patient and seven others before it crashed off the Texas coast, killing at least five people, Mexico’s president said Tuesday.
Authorities initially believed the plane had landed safely at its destination in Galveston, near Houston, before learning it had gone down Monday afternoon, Mexican President Claudia Sheinbaum said. The cause of the crash remains under investigation. A search-and-resuce operation in waters near Galveston pulled two survivors from the plane’s wreckage, Mexico’s Navy said, while one remained missing.
Four of the eight people aboard were Navy officers and four were civilians, including a child, Mexico’s Navy said. Two of the passengers were affiliated with a nonprofit that helps transport Mexican children with severe burns to a hospital in Galveston.
“My condolences to the families of the sailors who unfortunately died in this accident and to the people who were traveling on board,” Sheinbaum said in her morning press briefing, without elaborating on a possible cause. “What happened is very tragic.”
U.S. Coast Guard Petty Officer Luke Baker said at least five aboard had died but did not identify which passengers.
The plane crashed Monday afternoon in a bay near the base of the causeway connecting Galveston Island to the mainland. Emergency responders rushed to the scene near the popular beach destination about 50 miles (80 kilometers) southeast of Houston.
Sky Decker, a professional yacht captain who lives about a mile (1.6 kilometers) from the crash site, said he jumped in his boat to see if he could help. He picked up two police officers who guided him through thick fog to a nearly submerged plane. Decker jumped into the water and found a badly injured woman trapped beneath chairs and other debris.
“I couldn’t believe. She had maybe 3 inches of air gap to breathe in,” he said. “And there was jet fuel in there mixed with the water, fumes real bad. She was really fighting for her life.”
He said he also pulled out a man seated in front of her who had already died. Both were wearing civilian clothes.
It’s not immediately clear if weather was a factor. The area has been experiencing foggy conditions over the past few days, according to Cameron Batiste, a National Weather Service meteorologist. He said that at about 2:30 p.m. Monday a fog came in that had about a half-mile visibility.
Mexico’s Navy said the plane was helping with a medical mission in coordination with the Michou and Mau Foundation. In a social media post, the foundation said: “We express our deepest solidarity with the families in light of these events. We share their grief with respect and compassion, honoring their memory and reaffirming our commitment to providing humane, sensitive, and dignified care to children with burns.”
Teams from the Federal Aviation Administration and National Transportation Safety Board were at the crash site Monday, the Texas Department of Public Safety said, and a spokesperson for the NTSB said the agency was gathering information about the crash. The Galveston County Sheriff’s Office said officials from its dive team, crime scene unit, drone unit and patrol responded the crash.
A small Mexican Navy plane transporting a 1-year-old medical patient along with seven others crashed Monday near Galveston, killing at least two people, officials said.
Emergency officials rescued four people and were searching for two that were inside the aircraft, Mexico’s Navy said in a statement to The Associated Press. Four of the people aboard were Navy officers and four were civilians, according to the Navy. It was not immediately clear which ones were missing and which had been killed.
Two of the people aboard were members from the Michou and Mau Foundation, which is a nonprofit that provides aid to Mexican children who have suffered severe burns.
The crash took place Monday near the base of a causeway near Galveston, along the Texas coast about 50 miles southeast of Houston.
Mexico’s Navy said in a statement that the plane was helping with a medical mission and had an “accident.” It promised to investigate the cause of the crash.
The Navy is helping local authorities with the search and rescue operation, it said in a post on the social media platform X.
Teams from the Federal Aviation Administration and National Transportation Safety Board have arrived at the scene of the crash, the Texas Department of Public Safety said on X.
The Galveston County Sheriff’s Office said officials from its dive team, crime scene unit, drone unit and patrol were responding to the crash.
“The incident remains under investigation, and additional information will be released as it becomes available,” the sheriff’s office said in a post on Facebook, adding that the public should avoid the area so emergency responders can work safely.
Galveston is an island that is a popular beach destination.
It’s not immediately clear if weather was a factor. However, the area has been experiencing foggy conditions over the past few days, according to Cameron Batiste, a National Weather Service meteorologist.
He said that at about 2:30 p.m. Monday a fog came in that had about a half-mile visibility. The foggy conditions are expected to persist through Tuesday morning.
Hawaii4 minutes ago
Episode 39 of the ongoing Halemaʻumaʻu eruption is underway at Kīlauea | Maui Now
Idaho10 minutes ago
How often does Boise get a ‘White Christmas’?
Illinois16 minutes ago
SCOTUS blocks deployment of National Guards to Illinois
Indiana22 minutes ago
Cignetti Mum on Indiana Football’s Replacements for Injured Starter Stephen Daley
Iowa28 minutes ago
Iowa State football running back Carson Hansen to leave Cyclones
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia1 year ago
99th annual Pony Swim held in Virginia
Education2 years ago
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
News5 hours ago
A 3-D Look Inside Trump’s Revamped Oval Office
Politics6 hours ago
Trump admin sues Illinois Gov. Pritzker over laws shielding migrants from courthouse arrests
World7 hours ago
Europeans show solidarity with Denmark after Trump’s Greenland threat
News7 hours ago
Explosion at a Pennsylvania nursing home kills at least 2, governor says
Videos15 hours ago
What does Christmas look like for Ukraine? | Global News Podcast
-
Iowa1 week agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Maine1 week agoElementary-aged student killed in school bus crash in southern Maine
-
Maryland1 week agoFrigid temperatures to start the week in Maryland
-
New Mexico1 week agoFamily clarifies why they believe missing New Mexico man is dead
-
South Dakota1 week agoNature: Snow in South Dakota
-
Detroit, MI1 week ago‘Love being a pedo’: Metro Detroit doctor, attorney, therapist accused in web of child porn chats
-
Health1 week ago‘Aggressive’ new flu variant sweeps globe as doctors warn of severe symptoms
-
Maine1 week agoFamily in Maine host food pantry for deer | Hand Off