Of Muleshoes & Rumors of (Cold) War

05 May, 2024

I was in Birmingham, England researching my Masters thesis when I saw Live Free or Die Hard for the second time in theaters. With slightly-colder-than-room-temperature Diet Coke in tow—at the time the “English pig dogs”¹ charged extra for ice in their fountain drinks—I sat down to become immersed in this Hollywood action franchise installment equivalent of a "Timex watch in a digital age”.² I love this film. I love the conceit. I love the villain. And I loved the fact that McClane’s new challenge was based on a Wired article from ten years before the film was released.

The film was released two days before the official release of the first mainstream smartphone, the iPhone, and the internet had been available for public use for 16 years. Between the streamlining of computers and the transition from Web 1.0 to 2.0 around 2004, we exceeded our ability to maintain security for the inevitable rise of public digital consumption. We have never fully bridged that massive digital maw between endless venture capitalist innovation (or mostly these days the mere rumor of innovation, but nothing that could truly be considered innovative, just derivative) and security safeguards from bad actors. When John Carlin first wrote of the Defense Department's war games and “Day After” scenarios, we were still discovering what exactly the internet was. If Carlin’s tone seemed to drip with that of a doomsayer, just imagine how much more doomed we have become in the proceeding 27 years with algorithms, pocket and watch computers, global, private corporations outsourced to remotely operate local infrastructures, the hoards of Russian “hacktivists” and Swifties.³

Back in February in the year of our Lord 2024, four towns back in my homeland of the Texas Panhandle/South Plains—or “north Texas” as CNN reported⁴—reported cyber interference in their water management systems through the software used for remote access to their local infrastructure systems. The hack led to a water tower in the town of Muleshoe, Texas overflowing for around two hours expending tens of thousands of gallons of water onto the landscape and roads below.⁵ Nearby, a water main in Lockney, Texas blew though there is no confirmation that this particular event was driven by the same hacks that led to the overflowing tower.⁶ Hale Center and Abernathy also had attempts on their infrastructure software around the same time, but were able to avoid any further issues. None of these cyberattacks caused major trouble for the local citizens of these towns and their water service continued unabated during the attacks. (This lack of concern about tens of thousands gallons of water spilling out and my knowledge that the Ogallala Aquifer is ever-closer to being depleted causes much cognitive dissonance however).

Andy Greenberg wrote about the larger context surrounding these very localized cyber attacks and their potential links to the Kremlin’s Sandworm unit—Russia’s aggressive military cyberattack force—in his piece for Wired. In the article, he follows the breadcrumbs that lead many to think that the hacker group Cyber Army of Russia Reborn who are presumed to be responsible for these incidents is tied to the broader Russian military complex. The question this article and the others linked here have asked is just how closely tied this group is to Sandworm. The videos they shared on the messaging app Telegram seem to show their relatively limited knowledge of how the infrastructure software actually works. It mostly just looks like they are just randomly clicking on buttons like a 6-year-old whacking a mole at a carnival.

Some say that there might have been a grassroots cell of Sandworm that has gone on to create largely unstructured and more chaotic havoc as they mess around with low-hanging fruit, i.e. small towns and suburbs whose cybersecurity isn’t to the level of the military industrial complex nor do they have the annual income to create levels of security that could navigate the threats of global hacking. These attacks were not isolated to the United States either, but their activities were connected to tinkering with a wastewater plant in Wydminy, Poland and the Courlon Sur Yonne hydroelectric dam in France. The latter video was uploaded shortly after French President Macron stated his plans to send military personnel to Ukraine. It appears that Muleshoe, Texas has gained unwitting global sister towns.

Greenberg seems to be the only reporter I have scrounged up that has found the seeming amateurishness of these attacks to be potentially more terrifying than the typical nationally-sanctioned cyberwarfare between countries. The other thought I have as I watch these videos of the hackers running digitally roughshod with these infrastructure controls is that I would almost rather a nationally-sanctioned hacker who knew what he/she was doing rather than the adult-equivalent of the 6 year old mole-whacker gone rampant on the innocent denizens of the carnival. It is no longer crazy to think that the inciting incident of 1983’s WarGames actually has some real-world precedent now.

And to think that just like computing, the internet and social media, cyberwarfare has become mainstreamed to the point of there being legitimate threats to national power grids and water systems in urban metroplexes seems, well, quaint is alarming to say the very least. It seems that the only emergency stopgap to bridge the void between innovation and security is to localize control. The four towns in the Panhandle that were affected by the hacktivists did the only thing they had the resources to do: they reverted to manual control. Admittedly, it seems from the interviews with their city managers and mayors that they ultimately learned the wrong lesson from the whole ordeal.

Dorothy Denning who was, at the time, a professor of Computer Science at Georgetown University told Carlin that “[t]he threat is distributed but the government's first response is, 'OK, who's going to be in charge?' It's the age-old hierarchical approach, and I'm not sure whether it will work this time. The problem is that the technology leaps ahead of the security, and that's going to be with us forever. What we need to do is come to grips with our vulnerability and do the best we can.”

Come to grips with our vulnerability and do the best we can. Not to put too fine of a point on it, but if it seemed we were fucked in 1997, we can presume to be doubly (throuply, if you are so inclined to puns) so now.

What makes us so apt to keep going back to the same digital wells to save us when there has been little to date that has given us any quantitative proof that the security has been capable of of doing anything for us other than damage control? Silicon Valley has won the battle of spin so completely that rural and local imaginations are held hostage by nothing more than glorified bandages that will continue to be ripped off time and time again to expose the vulnerabilities these jurisdictions will mostly likely continue to have. Even the private cybersecurity companies like Mandiant—which features prominently in much of the reporting around these hacks—are owned by Google and other tech giants. They only have so much motivation to put money into security, because it’s not sexy and it’s not profitable.

It seems that local and rural towns are better served by doing exactly what they do when their software and logistics “solutions” fail them. They unplug. That is essentially the answer right there. Go to manual, local control. They need to rebel against the increasingly abstracted world of the digital by going back to closed systems with real human labor. The problem with AI and other digital revolutions is not that machines will take jobs away, but that they will just make our work more tedious and excremental and much more open to bad actors including, it seems, the remaining vestiges of the Cold War. And these technologies are consistently making us less skilled and less harmonious with the labor we do already.

It seems to me that the city managers and mayors in these local jurisdictions need to reformulate their local imaginations. They need to see that sometimes the mechanical Timex watch is once again needed in a world that feels ever more unanchored from reality and outsourced to the digital realms.