Fancy Bear Attacks Model Train Infrastructure
The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) blamed Russia’s General Staff Main Intelligence Unit (GRU) 85th Main Special Service Center military unit 26165, a group also known as “Fancy Bear”, for attacking a piece of simulated critical infrastructure—Mr. Thompson’s model railroad. Sam Thompson, a retired high school English teacher living in Iowa City, Iowa, was targeted by nation-state actors that compromised his model railroad control system and caused significant disruption and damage to the Thompson rail network. Mr. Thompson has spent the last 22 years developing his model railroad layout, landscapes, and computer-driven train management system. The entire system can be monitored and controlled over the Internet, allowing Mr. Thompson to enjoy his hobby for switching problems from his winter abode in Florida. Unfortunately, the Fancy Bear attackers mistook Mr. Thompson’s computerized management system as a legitimate, fully-scale train operation and attacked it mercilessly. They targeted Thompson’s basement data center used to manage his rail network, email accounts, house automation components, and WiFi-enabled toaster. CISA issued a warning to other train enthusiasts to strengthen their defenses. Damage to Mr. Thompson’s model railroad is estimated at $35.