Editor’s Note: BeaverCountian.com founder John Paul is uniquely qualified to report on this story and is providing an unparalleled journalistic investigation into a cyber security attack. Before becoming a journalist, John Paul was an internationally renowned computer security expert, assisting corporate and government entities, including the FBI and CIA. – Lori Boone
A Saturday cyber attack on Aliquippa’s water authority made it the first in a growing list of victims across the country to be targeted by a cyber guerilla group with ties to Iran. Now a representative purporting to be from the “Cyber Av3ngers” tells BeaverCountian.com that more attacks from his organization are on the way.
As BeaverCountian.com was first to report, water pressure to Racoon and Potter townships was briefly affected on Saturday after the “Cyber Av3ngers” shut down a pumping station belonging to the Municipal Water Authority of Aliquippa. Pennsylvania State Police responded to the scene, but referred the case to federal officials after realizing the national implications of the situation.
Federal officials believe at least four water authorities on the East Coast have been successfully targeted by the Cyber Av3ngers in the past two days, along with a public aquarium, all of which relied on hardware manufactured by Unitronics, an Israeli company that trades on the Tel Aviv Stock Exchange.
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency sent out an alert late Saturday in response to the attack, warning other agencies of potential risks to critical infrastructure.
DHS in D.C., along with FBI field offices in Pittsburgh and New York City, were among the organizations that joined members of the Pennsylvania State Police on a conference call this morning to discuss a growing threat that saw the City of Aliquippa as its ground zero.
Along with them on the call was an analyst whose responsibility was to provide intelligence back to the Israeli government.
FBI agents are taking custody of water authority hardware exploited in the attack for forensic examination. The facility shut down all computerized systems following the intrusion, and its crew has been working overtime to manually operate the facility. An investigation into the breach is expected to be led by FBI’s New York City field office, which brings to bear extensive expertise and experience in both cyber crime and terrorism.
U.S. Congressman Chris Deluzio, who represents Beaver County, did not return calls from BeaverCountian.com seeking comment.
The Cyber Av3ngers are a shadowy middle eastern hacking group whose ties to other more well-known groups remain a matter of intense speculation. An investigation by BeaverCountian.com led to a brief exchange with an individual believed to belong with the group, and exclusive access to information they have been sharing with disparate individuals who have a common goal of hurting the nation state of Israel.
Two videos sent by Cyber Av3ngers to affiliated groups foreshadowed the attacks on critical infrastructures and tipping their hat at the motivation behind them.
The first video shows Israeli Prime Minister Benjamin Netanyahu pouring himself a glass of water before drinking it. The second video contains clips of Netanyahu touting Israel’s economic achievements in the digital sector: “We’re one-tenth of one percent of the world’s population, and we get a whopping 20% of global, private investment in cyber … We’re punching 200 times above our weight.”
BeaverCountian.com could not independently authenticate footage that appeared in the group’s first video, but was able to determine the clips used in the second video are from a speech Netanyahu gave in 2018 to the American Israel Public Affairs Committee (AIPAC). Netanyahu used the speech to warn about the dangers of Iran, and to thank the United States for being a stalwart ally of Israel.
The Cyber Av3ngers seek to utilize asymmetric warfare techniques against Israel by engaging in cyber attacks targeting any governmental entity or corporation that deploys hardware manufactured by Israeli companies. The group believes it can become so disruptive to those companies’ customers they lose enough business to cause a systemic impact on Israel’s economy.
It is a lofty goal that for now appears to be beyond the group’s capabilities.
Federal officials believe the group has been unable to find ways to automate its penetrations of the critical infrastructures they are targeting, requiring a labor intensive process of attacking each one individually. The slow pace of intrusions will likely prevent the type of mass public disruption the Cyber Av3ngers are trying to achieve.
In Aliquippa, however, the group did seem to achieve their objective of shrinking the customer base of Israeli companies … at least by one. Water Authority Chairman Matt Mottes told BeaverCountian.com their system used four of the Unitronics units, all of which have now been removed from service.
“We’re looking to find a different vendor we can use to replace them with,” Mottes said.
As for what happens next? The Cyber Av3ngers told BeaverCountian.com: “Wait for us.”
Editing by BeaverCountian.com contributing editor Lori Boone.