When Russian Hackers Hit the Panhandle

Never think your town is too small or too remote to get hacked. As Mike Cypert , city manager of Hale Center says, it can happen anywhere.

"Everybody is vulnerable, no matter who you are or how good you think your stuff is," said Cypert, a self-described farm-boy closing in on retirement.

Hale Center has about 2,000 residents and lies a half-hour north of Lubbock along I-27. Earlier this year, someone tried to break through its computer firewall 37,000 times over four days. And that revelation drew Cypert into an international investigation targeting a Russian hacking operation.

Hackers often use programs that generate millions of passwords and IP addresses, he explained. Sooner or later, some combination of those allows hackers to infiltrate an organization’s computer system.

That’s probably how an unauthorized individual penetrated the Supervisory Control and Data Acquisition (SCADA) systems of two Panhandle municipal water utilities in January. SCADA systems use software and hardware to monitor and control industrial processes, like water treatment, in real-time. Many SCADAs allow workers to monitor and adjust operations remotely through a network or Internet connection. That linkage creates a vulnerability.

Hale Center’s SCADA provider called Cypert to warn him to immediately disconnect the city's SCADA from the internet. He did. But without the Internet connection, city staff couldn’t monitor its water utility remotely.

Cypert asked his IT expert to examine the city’s network. He wanted to ensure it was secure so that the city could find a way to allow the SCADA to send alerts and alarms until remote monitoring could be restored. The IT worker logged into the firewall and realized a previous consultant had left an administrative portal open.

The men reviewed the firewall’s activity data and saw that someone had been trying to hack into the computer system. Cypert noticed one IP address turned up repeatedly in the data. An online search showed the IP address was linked to a device in St. Petersburg, Russia.

Cypert sent the SCADA provider a screenshot with the information, and soon Cypert was talking with investigators from the FBI and U. S. Department of Homeland Security. Last month, the U.S. Department of Justice (DOJ) unsealed an indictment against Aleksandr Viktorovich Ryzhenkov, accusing him of hacking into several Texas organizations.

The indictment claimed that the Russian national had used ransomware, phishing campaigns, malware, and software and hardware vulnerabilities to hack into organizations’ computer systems since at least 2017, according to a DOJ news release. An independent IT expert told Cypert that the data from Hale Center may have helped connect Ryzhenkov with specific Texas cyberattacks.?

Cypert has a key piece of advice for other public managers: lengthen and strengthen passwords. He recommends creating passwords that are at least 15 characters long. If it includes a common word, drop a letter off the beginning or end of the word – for example, use “arget” instead of “target”. He also suggests having a firewall that’s independent of routers.

He wishes the state would prepare a list of best practices to help small communities defend themselves against cyberhacks; he doesn’t find the state-mandated cybersecurity training helpful. He also recommends using services provided by the Texas Department of Information.

Last, the U.S. Department of Homeland Security oversees the Cybersecurity and Infrastructure Security Agency , or CISA. It's website has extensive resources, including definitions of common terms, organizational self-assessments, descriptions of recent threats and other topics. It even publishes guidance about securing water systems and other utilities.