By Neirin Gray Desai For Dailymail.Com
01:20 03 Aug 2023, updated 02:27 03 Aug 2023
- The NYPD counterterrorism unit is allegedly monitoring messaging platform Telegram for communications about a device called the Flipper Zero
- It is a $169 device that can be used to open gates, garage doors and hotel rooms
- An internal memo expresses concern it could be used to attack substations
The NYPD and other law enforcement agencies across the country fear that a consumer hacking tool will be used by radical extremist groups to attack electrical substations, internal documents reveal.
A bulletin published by a law enforcement task force in South Dakota, obtained by the Daily Dot, indicates that police departments are monitoring extremist channels on the messaging platform Telegram for suspicious references to the Flipper Zero – a $169 ‘hacking’ device.
The Flipper Zero can be used to open remote-controlled gates by emulating signals sent by nearby devices. Alternatively, it can send a variety of signals with the aim of transmitting the correct one by chance in what is referred to a ‘brute-force’ attack.
Since its widespread release in 2022, dozens of videos have gone viral on social media showing the device being used to open gates, hotel room doors, and even hacking gas station price signs.
‘The NYPD Intelligence and Counterterrorism Bureau (ICB) assesses that racially and ethnically motivated violent extremists (REMVEs) may seek to exploit the hacking capabilities of a new cyber penetration tester,’ reads the bulletin, issued by the South Dakota Fusion Center on April 6.
The ICB notes that groups such as ‘domestic and international hackers, hobbyists, doomsday preppers’ are also suspected of having criminal uses for the Flipper.
The bulletin states that various substations are protected by such gates, but that not all would be vulnerable to Flipper Zero attacks.
It also refers to refers to recent substation attacks in North Carolina and Washington State and material disseminated by the extremist publication The Hard Reset.
‘REMVEs continue to prioritize the targeting of critical infrastructure, particularly after the July 2022 release of the accelerationist propaganda publication, The Hard Reset,’ it reads.
‘Notably, in December 2022, unidentified assailants targeted substations in North Carolina and Washington State in separate attacks. Many substations are secured by barriers and gates that appear similar to those that can be bypassed with the Flipper Zero; however, these types of barriers are not inherently susceptible to Flipper Zero attacks.’
Speaking to the Daily Dot, the CEO of Flipper Devices, Pavel Zhovner, said the Zero was intentionally restricted top limit the scope of potential misuse.
‘Flipper Zero is a tool designed for hardware geeks and researchers. We have taken multiple precautions and intentionally limited its functionality to the point where it can’t be used against any kind of modern access control system,’ he said.
‘We condemn any nefarious applications. In contrast, we see Flipper Zero as a protective device, enabling researchers to detect and highlight outdated hardware for it to be replaced.’
He also pointed out that the bulletin itself acknowledges that many substations would be impervious to attacks using the Flipper Zero.
Flipper has been targeted before over the sale of the controversial device.
In late 2022, it announced that 15,000 devices had been seized by US Customs and Border Protection without explanation, but the units were eventually be released.
The US power grid was physically attacked 107 times in the first eight months of 2022, more than in any other year in the last decade.
The damage, caused mainly by gunfire, triggered power outages affecting tens of thousands of Americans.
An intelligence memo issued in October by the California State Threat Assessment Center detailed dozens of examples of domestic radical plots. Many were associated with far-right and neo-Nazi groups that see the county’s vulnerable power grid as a means to cause chaos.
In December, attacks on two substations in Moore County, North Carolina, left nearly 50,000 without power some for days.
In days after the Moore County attacks authorities were investigating former Army Captain Emily Grace Rainey, who led a group during the January 6 riots and is also director of the group Moore County Citizens for Freedom.
After a post on Facebook indicating she knew something about the attack, Rainey told police she was implying the damage was caused by God, who was ‘chastising Moore County’ because a drag show was being hosted nearby at the time.
Just a few weeks later in December, on Christmas morning, around 14,000 were left without energy after a variety of attacks in four different cities in Pierce County, Washington.
Matthew Greenwood, 32, and Jeremy Crahan, 40, were arrested and charged with conspiracy to damage energy facilities and possession of an unregistered firearm.
In the months before that, more than six substations were vandalized in both Washington and Oregon, including an unsuccessful attack in the early hours of Thanksgiving day.
In February 2022, three ‘white supremacists’ were arrested for planning to attack power grids in an attempt to stoke racial division. Their ploy involved fentanyl-filled suicide necklaces and assault rifles.
In March there was a shooting at a Red River Valley Rural Electric Association site in southern Oklahoma, that left 1,200 of people without power and resulted in a major oil leak. A transformer, which usually costs between $800,000 and $1 million, had to be replaced.
In July shots were fired at a transmission site in Wasco, California, causing power outages and hundreds of gallons of hazardous chemicals to leak onto nearby soil.
DailyMail.com wrote to the NYPD for information regarding its surveillance of the Telegram channels, but did not receive a response.