Editor’s Note: This article concerns a serious incident affecting a critical infrastructure in Beaver County. We are making it available for all to read free of charge outside of our normal paywall. Please consider supporting our investigative journalism efforts by becoming a subscriber. If you have already done so, thank you, your support makes work like this possible.
Hackers claiming to be with a cyber guerilla group tied to the Iranian government took partial control of Aliquippa’s municipal water system today, BeaverCountain.com has exclusively learned.
The international hacking ring, which has said it’s targeting critical infrastructure hardware manufactured by Israeli-owned companies, shut down a pump on a supply line providing drinking water from the Aliquippa Municipal Water Authority’s treatment plant to Raccoon and Potter townships.
A stunning image containing an ominous message of responsibility appeared on the system’s control panel after the pump was incapacitated: “You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.”
The system’s controller was produced by a company called Unitronics, which currently trades on the Tel Aviv Stock Exchange.
The “Cyber Av3ngers” have taken responsibility for dozens of attacks worldwide, including those at 10 Israeli water plants over the past month alone. The group first registered a channel on the Telegram messenger app on Sept. 15. A threat actor known as “Cyber Avengers” has been active since at least 2020, although it is unknown if the groups are one and the same.
Social media accounts reviewed by BeaverCountian.com show Cyber Av3ngers’ expressing support for Palestinians and vowing war against Israel and all who support it.
Aliquippa municipal workers disabled the affected equipment and are currently relying on backup methods of maintaining water pressure to the communities.
“They did not get access to anything in our actual water treatment plant — or other parts of our system — other than a pump that regulates pressure to elevated areas of our system,” Matthew Mottes, the water authority’s chairman, told BeaverCountian.com. “This pump was on its own computer network, separated from our primary network, and is physically miles away.”
Along with the pump, the compromised network also serviced several security cameras.
“The booster station did what it was supposed to. It sent an alarm and we took control manually. Nobody was ever at risk,” Mottes stressed.
Aliquippa is currently in the process of building a new, state-of-the art water treatment plant, but is still using its antiquated facility which dates back nearly 90 years.
“Our plant was built in the 1930s by J&L Steel, and because it’s so antiquated most of our processes of treating the water are still done manually,” Mottes said. “So any kind of cyber attack like this could not affect the quality of our drinking water.”
Mottes said the pump in question was newly installed in the past few years.
The facility’s engineer, Ned Mitrovich of Lennon, Smith, Souleret Engineering Inc., is currently researching the hardware to determine if it exists anywhere else in the system, and to help warn any other municipalities that may rely on it. Robert Bible, the facility’s general manager, is speaking with law enforcement.
The municipal authority notified the FBI, the Pennsylvania Department of Environmental Protection, and the Pennsylvania State Police.
According to multiple law enforcement sources, state police dispatched troopers to the water treatment plant.
Editing by BeaverCountian.com contributing editor Lori Boone.