SPC Premium Dossier: Meet the "Silent Cyber Warrior"
The secret catalyst for doubling your money ...
Editor’s Note: This Dossier is a part of the coverage of companies and assets that are in the SPC Premium Model Portfolio. You can learn more about becoming an SPC Premium member by clicking here to unlock this full report.
In late 2012, a Chinese hacker with reputed ties to China’s People Liberation Army launched a methodical cyberattack on a U.S. water control system.
But the whole thing was actually a trap — a “sting operation” set by American cybersecurity experts.
And that water control system — called “Honeypot” (of all things) — was fake.
This story I’m sharing took place more than decade ago. But even then, cyberattacks on “critical infrastructure” — including water systems — were already surging.
Even then, utility executives and cybersecurity experts were looking for answers to questions like:
Who were the attackers … and where were they attacking from?
What methods were they using?
And what was their ultimate goal?
So a group of “white hatters” — so-called “ethical hackers” who go up against these bad actors — created the Honeypot Sting to get some of those answers.
Hackers believed they were targeting a real water system with operations in Australia, Brazil, China, Ireland, Russia, Singapore and the United States. Not only was it a ruse: The malware the white-hatters had tucked in the operating procedures would then track and identify the would-be attackers.
As Kyle Wilhoit, a Honeypot participant and researcher with Trend Micro would say at a later Black Hat Security convention, the fake system was hit by 74 attacks between March and June 2013 — more than half of them from China.
"I actually watched the attacker interface with the machine,” Wiilhoit told his audience. “It was 100% clear they knew what they were doing."
Ten of the attacks were so sophisticated that they were actually able to “destroy” the control system.
And while the sting operation got some of those desired answers, it also made Wilhoit realize that what they didn’t know was downright alarming. (Heck, it makes me shutter just to read this … and I’ve been covering espionage and Cold War-related stories like this for decades.)
He realized that other global water plants — and other utilities and other companies — had already been infiltrated. And as he told MIT Technology Review, “these attacks are happening, and the engineers likely don’t [even] know.”
Fast-forward a decade, and Wilhoit’s nightmare is a nightmare no more.
Cyberattacks on pharmacy chain Change Healthcare, on law enforcement agencies like the Royal Canadian Mounted Police and the U.S. Justice Department and auto-dealer software firm CDK Global are topping the headlines.
But hackers with connections to China, Iran and Russia are hammering away at U.S. utilities — especially those that process wastewater and process drinking water.
And if you take a step back … and study the pattern and the mindset … it’s clearly bigger and more far-reaching than most realize.
In years past — as we saw with the Honeypot Sting — hackers “probed” websites … and sometimes got more aggressive from there.
Now those hackers are waging actual operational attacks, on the whooshing valves, the filtration systems and even the software and computer systems that manage the chemical “feeds” that keep our water clean, free from bacteria and chemically balanced.
Some recent examples:
Early this year, a Russian-linked “hacktivist” went after the water systems in several Texas Panhandle towns; one system overflowed and another was forced to “unplug” and operate manually after turning aside 37,000 firewall attacks in just four days. The attacks were reported to the Feds.
Last year, the Iran-linked “Cyber Av3ngers” went after the Municipal Water Authority of Aliquippa – motivated by the Israel/Hamas war to target an Israel-made piece of equipment the utility was using.
A China-linked group known as “Volt Typhoon” is going after critical infrastructure – perhaps to plant malware that can cause major future disruptions should the U.S. and China square off. Some of the targets are in Guam, where the U.S. has a crucial military presence.
A Deep Game - And Terrifying Scenarios
It sounds trite, but we take water for granted.
You turn on the faucet, water comes out. You run the shower, water comes out. You go to wash clothes … or dishes … your car … the family dog … the water is there.
Always there …
But if you think through what’s happening, the “ripples” could reach beyond not having waste processed — or not having water at all.
The “right” hacks could crash water-processing control systems … physically damaging the pumps and valves that make those water systems work.
Other possibilities are more sinister.
Like orchestrated attacks nationwide — during periods of extreme heat or parching droughts … hurting infants, the old … the infirm. Killing our pets … our farm animals … or wiping out that year’s fruit, vegetable, wheat or soybean harvests.
Or radical shifts in the chemical ratios that make water drinkable, that kill bacteria or that just clean it up before it seeps back into the water table — radical enough to cause a widespread health hazard … or to harm or even poison thousands of innocent folks.
What I’m hinting at here isn’t all that outlandish.
Especially coming from a reporter/analyst/stock-picker son of a career engineer and defense contractor.
Yeah, I’m thinking about what’s happening more in military terms.
Going after smaller utilities — and in ways that seem to be random — is the military equivalent of “probing missions.” These aren’t designed to create massive damage today. Instead, they are ways to test the strengths and weaknesses of the “enemy” defenses — in this case, the water utilities across the United States and its territories.
So you can plan for that bigger strike tomorrow.
In sports terms, you’d call it a “scrimmage.”
You know … like a mid-week practice — for the Big Game on Sunday.
And like any Big Game … when game day arrives, the stakes will be massive.
This isn’t hype: In late May, the U.S Environmental Protection Agency (EPA) issued a formal “enforcement alert” that outlined the moves water systems need to make to protect themselves against the threat.
The EPA was triggered by the finding that 70% of the U.S. drinking water systems inspected since September violated standards in the U.S. Safe Drinking Water Act by displaying “alarming” cybersecurity vulnerabilities.
We tell folks to “find the best storylines and you’ll find the best stocks.”’
Even better is when those “best storylines” intersect.
And here we’ve got at least three interesting storylines: The New Cold War, AI and escalating cyberthreats, and the alarming global decline in clean-water supplies.
Those are the “best storylines.” So I turn next to the “best stocks” — the biggest beneficiaries of these powerful stories.
And there’s one company that occupies the perfect beneficiary nexus:
Water is the company’s core strength.
It sees and understands the threats — and the opportunities.
And its expertise ranges from the water technology itself … to the measures needed to secure those operations.
It’s been a huge player for years. And it’s positioned to be that huge player for years to come.
I (conservatively) believe this stock can more than double over the next few years — and keep powering higher from there.