|
Getting your Trinity Audio player ready...
|
An Iranian-hacking group claimed it infiltrated California Water Service’s systems, obtaining customer data and boasting that it had the ability to turn off water service in response to U.S. forces allegedly attacking a reservoir in Iran.
Cal Water said it had no evidence of any network being compromised.
The water provider serves 2 million people statewide, across 23 districts that include Menlo Park, Atherton, Los Altos, San Mateo and Livermore. It is part of the publicly traded California Water Service Group, which has customers in five states.
The cybersecurity group Dataminr reported that the Handala Hack Team claimed to have breached Cal Water’s systems on June 11 and released a five gigabyte sample of data the hackers said they obtained.
Dataminr said that the sample included customer data including names, service addresses, phone numbers, account numbers and payment history. Handala also appeared to breach a system used for GPS tracking of Cal Water crews in at least seven Cal Water districts, including San Mateo.
“Our investigation remains ongoing, but our preliminary findings indicate that there are no known operational disruptions to our water and wastewater systems, including the billing platform,” Cal Water spokesperson Yvonne Kingman said in a statement.
In a public blog post on June 11, the Handala Hack Team said the hack was retribution for a recent U.S. military operation. “Only two days ago, (President Donald Trump) destroyed the water sources of the oppressed people of Sirik with multimillion-dollar rockets, inflicting forced thirst and suffering in 50-degree (Celsius) heat.”
The group said the attack is a warning and claimed it had the capability to shut off water service. “We could have easily cut off the water to American cities just as your foolish president did, but our path and our school are different,” it wrote.
However, some cyber security experts said that there is no evidence that Handala can turn off water and said the group has a history of overstating its capabilities.
“The boast about choosing to spare the water supply reads as the psychological operation itself,” Sean Malone, chief information security officer at BeyondTrust told Security, an industry publication.
“Iranian threat actors are known to overstate their impact,” Dataminr spokesperson Jeff Gordon told this news organization. Gordon said that Handala claimed it had authenticated access to facilities in San Mateo, Bakersfield and Visalia.
Dataminr advised that Handala, which is suspected to be affiliated with the Iranian Ministry of Intelligence, sometimes escalates attacks, including to data destruction, after an initial claim. In April, several federal agencies warned that Iranian groups were targeting U.S. utilities and water suppliers.
