Russians Take Down Water Follies Hackers

The Russian government today posted a video purported to be of special operations soldiers taking out a Syrian hacker group. In an accompanying statement the Russians said that the building holding the Burj Shemali Group was in Damascus, Syria. Reportedly, this was the group responsible for last weekend’s attack on the water park in Delano, GA that killed three people and sent hundreds to the hospital. The Russian statement went on to say: “While our law enforcement personnel will continue to work with their international partners on ransomware and other cyber-crimes, the attack last week on the American water park was an act of international terrorism that cannot be tolerated. We staged our attack on the terrorist compound yesterday with the cooperation of the Syrian government. Let this send a message to cyber-terrorists around the world that their actions will not be tolerated by the international community.” John Jay, spokesperson for the Department of Foreign Affairs, confirmed that the Russians had informed the government that they had identified the persons responsible for the Water Follies attack and were providing information about the group to US investigators. “Our embassy in Berlin, Germany received a package last night containing hard drives that the Russians had taken from the computers in the Syrian raid,” Jay told reporters. Jay had no comment when asked about the amount of force that the Russians employed in their operation in Syria. Johnathan Quest, spokesperson for the Federal Bureau of Inquiry, confirmed that the Legal Attaché in Berlin had received the hard drives from the Russian and had hand delivered them to the FBI headquarters. “We will be doing a forensic analysis of the drives to determine if they had been used in the attack,” Quest reported. Quest also reported that the server provided to the Bureau by the Russians last week did contain files indicating that it had served as the command-and-control server for the attack on the water park. “It appears that the Burj Shemali Group, used this server for other operations as well,” Quest reported, “We are expanding our research on the actions of this group, and we have notified a number of friendly governments about potential ongoing operations against facilities in their countries.” When asked why the server that was purportedly used by the Burj Shemali Group had been located in Moscow, Quest explained that it was not unusual for international criminals to use servers in third-party countries in an effort to throw off investigators. “This server was reportedly located in a commercial facility and was being leased by a dummy corporation controlled by the Syrian group,” Quest said, “The Russians told us that the facility owner had fully cooperated with the FKR, the Russian government’s cyber investigation force.” Gen Turgidson, the Director of the National Critical Infrastructure Security Operations Center (CI-SOC), who was still using the Delano City Hall for the Center’s daily news conferences because of the attack on their server farm told reporters that a research team from the CI-SOC would be assisting the FBI analysis. When asked why he thought that the Russians were being so helpful the General told reporters that there had been an attempt by the water park attackers to make it look like the Russians were responsible for the attack. “While there is not much we can do about the Russian’s turning a blind eye towards Russian cyber-criminals attacking companies in this country,” Turgidson explained, “The killing of American citizens in an American city would not be something that the President could ignore.” An aide to Turgidson that could not be named explained on background that some people in the intelligence community thought that the Syrian attack had been guided by an unofficial Iranian group that was advising elements of the Syrian government. There is some hope that information on the hard drives provided by the Russians will contain some proof of that activity. Such activity by the Iranians would interfere with the Russian control of the Syrian military. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More