Hackers target the Muleshoe, Texas water system – not for ransom, but as a test

Several small Texas communities have been hacked by what experts believe are Russia-based organizations to find out how vulnerable their targets are, and how they will react to an attack.

By Rhonda Fanning, David Brown & Shelly BrisbinApril 26, 2024 10:45 am, ,

According to cybersecurity experts, Texas is in the crosshairs of attempts by hackers trying to attack critical infrastructure. And it’s happening in unexpected places, like the tiny town of Muleshoe, Texas, where the water system overflowed in January after a hacker attack believed to be launched by Russians. 

Francesca Lockhart is cybersecurity clinic program lead at the Robert Strauss Center for International Security & Law at the University of Texas at Austin. She says that while ransomware – hacking into critical systems and demanding money to regain access to them – still happens, the latest hacker actions seem to be about testing the strength of infrastructure. 

Listen to the interview above or read the transcript below.

This transcript has been edited lightly for clarity:

Texas Standard: Let’s talk about what happened in January in Muleshoe. This was not widely reported, but pretty scary nonetheless. What do you understand actually transpired?  

Francesca Lockhart: It is, and this just entered the news last week. Muleshoe was one of three small Texas cities thought to be targeted by a Russian hacktivist organization and in Muleshoe, specifically, the group caused the water system serving the town to overflow. And it had to be shut down and taken over manually by operators.

It doesn’t appear that there was any tampering with the safety of the water itself, but of course that overflow had to be contained. 

Now, you mentioned three cities appear to have been attacked. One of those towns – Hale Center, population about 5,000 or so – got hit with 37,000 attempts to log into the city’s firewall over four days. You mentioned Russian hacktivists. I’ve seen some reports, including some from the Texas Tribune, saying that these hacktivists are not altogether independent, that they may be tied to the Russian government. 

That’s correct.

Hacktivist groups historically have operated independently for some kind of political motivation. But increasingly, we’re seeing the line between hacktivist organizations and nation-state threat groups blurring because these hacktivist organizations will align with, or have some kind of loyalty to, our nation-state adversaries in cyberspace, often seeming to do their bidding or act on their behalf to accomplish some of the same goals while maintaining at least a semblance of independence from our nation-state actors. 

I know that for several years, smaller Texas cities were often the target of independent hackers trying to extort money. These are the ransomware attacks that got a lot of attention a couple of years back. That does not seem to be the goal here. Does this represent a shift closer to the sort of cyber warfare that a lot of experts have been warning for for decades? 

I believe so. While ransomware is still very common and is often a way for some of these criminal groups to make a quick buck, what we’re seeing here seems to be more in line with some of the pre-positioning that we’ve seen, some of our larger and more sophisticated nation-state threat actors do.

They see where they can push the envelope, where they can get into critical infrastructure and really are trying to ascertain what that red line is – how much damage could they cause, how much havoc could they wreak – without some kind of retaliation. Without it becoming newsworthy.

That informs a broader operation of some sort.

Well, you anticipated what I was going to ask next because I was curious: Why would hacktivists go after Muleshoe – a tiny Texas town? This doesn’t seem to be really aimed so much at actual disruption. This is more, perhaps, a test of capabilities in strength and reaction – I guess a test should relations between the U.S. and its potential adversaries worsen.

I would agree with that.

And I would also say, at the end of the day, some of these groups – if they’re not necessarily known to be nation-state aligned and well-resourced – just like all criminals, they might go for the lowest hanging fruit. They might go for these target-rich, resource-challenged or critical infrastructure organizations that serve a small but essential population with an essential service, but they may not have the time, the resources, the manpower, etc., to invest in robust cyber security.

Unfortunately, that makes them easy targets. And it accomplishes the same goal of pre-positioning as would be accomplished if a larger city were targeted, but harder to get into.

As I understand it, some federal agencies sent a warning to the nation’s governors last month warning about these cyber attacks on infrastructure. I’m curious just how serious these warnings are being taken. What do you know about Texas’ defense and federal efforts as well?

Federal efforts in particular have increased dramatically in recent years.

The Cybersecurity and Infrastructure Security Agency has gone to great lengths to match critical infrastructure owner and operators with a local CISA representative in their region to advise on protective security for the physical critical infrastructure system and cybersecurity for the online element of these systems. I hope to see those efforts continue and increase, and I hope to see more critical infrastructure owner-operators take advantage of those. 

Often that effort is taken in coordination with some of the state authorities and experts in critical infrastructure protection that we have here in the state government. I can’t weigh in at this time as to what all water systems are doing in response to that warning from the EPA and the national security advisor. But I’m hopeful that that will put wind in the sails of some of these ongoing coordination and connection efforts between state operators, federal government employees and critical infrastructure owner operators. 

If you found the reporting above valuable, please consider making a donation to support it here. Your gift helps pay for everything you find on texasstandard.org and KUT.org. Thanks for donating today.