Russian hackers penetrated U.S. electricity grid through a utility in Vermont
Source: Washington Post
A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
While the Russians did not actively use the code to disrupt operations of the utility, according to officials who asked for anonymity in order to discuss a security matter, the penetration of the nations electrical grid is significant because it represents a potentially serious vulnerability. Government and utility industry officials regularly monitor the nations electrical grid because it is highly computerized and any disruptions can have disastrous implications for the function of medical and emergency services.
American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The penetration may have been designed to disrupt the utilitys operations or as a test by the Russians to see whether they could penetrate a portion of the grid. Federal officials have shared the malware code used in Grizzly Steppe with utility executives nationwide, a senior administration official said, and Vermont utility officials identified it within their operations.
According to a report by the FBI and the Department of Homeland Security, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
Read more: https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html
Got a breaking news banner on this one. I can imagine what else they have done.
DK504
(3,847 posts)isn't going to comment, even on Twitter, or care that the nation can be brought to it's knees by that 400 pound guy sitting on his couch. Who will bring him on charges of High Crimes and Misdemeanor???
sarah FAILIN
(2,857 posts)I never get responses though
ellie
(6,929 posts)telling him what a traitorous loser he is. I use the hashtag #aloserisaloser, which has a double meaning: 1. A loser is a loser; and 2. Alec Baldwin says it in Glengarry Glen Ross and littlehands hates Alec Baldwin. Win-Win!
sarah FAILIN
(2,857 posts)The usual telling him how horrible he is. Last tags were something like #PuppetMasterPutin and #PuppetOnAString.
I think he likes it but I know it makes his people furious.
mahatmakanejeeves
(57,408 posts)Last edited Sat Dec 31, 2016, 03:29 PM - Edit history (4)
I'm sure they were just being neighborly. There's nothing to see here. Let's move on to making American great again. Thanks, Donald!
I posted threads over in the Economy Forum a year or two ago about intrusions in an intrusion into the electric power grid. They linked to articles in The Wall Street Journal. I'll find them tomorrow.
Happy New Year, BumRushDaShow.
The BLS report comes out next Friday.
ETA, Saturday a.m.: Here's the story:
Assault on California Power Station Raises Alarm on Potential for Terrorism
Assault on California Power Station Raises Alarm on Potential for Terrorism
Rebecca Smith was the reporter.
rebecca.smith@wsj.com
@SmithRebecca (She hasn't used this since 2014.)
ETA, Saturday afternoon: she's been assigned this story too:
Experts believe Russian hackers linked to the DNC breach are also behind attacks on utilities in Ukraine and U.S., leaving domestic power grid exposed
By Rebecca Smith
Dec. 30, 2016 12:58 p.m. ET
rebecca.smith@wsj.com
triron
(21,999 posts)BumRushDaShow
(128,874 posts)Aimee in OKC
(158 posts)The Friday report on unemployment, status of new jobs, etc.
mahatmakanejeeves
(57,408 posts)Nothing to do with the power grid.
Jobs added every month? Drop in unemployment? SAD! No hope!
BumRushDaShow
(128,874 posts)and look forward to your monthly analysis!
elleng
(130,865 posts)Happy New Year, in case I don't 'see' you.
triron
(21,999 posts)so what else have Russian hackers been surreptitiously up to?
Igel
(35,300 posts)Pretty much all they do is surreptitious.
But what they do will have to have some kind of payoff. If they did something that their minders didn't like it would be bad; and they and their minders will only do things that have a payoff.
We like to assume that we and only we are rational (that's not a foregone conclusion, but it's still the assumption). They're no less rational than we are. It's just that they have a different set of assumptions. One of which is that they and only they are rational; but there are differences in culture and perspective that makes us a reasonable foe in several ways, and unless you factor that in then, yeah, they seem irrational.
Downing the electrical grid in Vermont would do nothing good for them at the present. It would count as irrational.
C Moon
(12,212 posts)hackers taking down power grids and/or halting internet service.
That would keep everyone in the dark (ha) and allow Trump to do a power grab.
We're all so dependent on the internet for news and communication.
And this was only a test.
BumRushDaShow
(128,874 posts)a battle of factions of black hats and white hats (possibly on both sides) duking it out.
mahatmakanejeeves
(57,408 posts)No cell phone service? No problem.
RKP5637
(67,104 posts)knows where we're headed.
sarah FAILIN
(2,857 posts)I can not imagine that long term and on all sites.
olddad56
(5,732 posts)Ilsa
(61,694 posts)Water towers need electricity for pumping.
I think that is exactly what the Russians were experimenting with in Vermont: shutting down the grid.
Bastards.
Ilsa
(61,694 posts)No clean, potable water. Everything at the store is bought up. Looking at much less time before people go apeshit crazy.
NobodyHere
(2,810 posts)will soon be congratulating Putin on a job well done.
RKP5637
(67,104 posts)I can hear Alex Jones now going off the rails.
jimlup
(7,968 posts)We are losing the cyberwar and trump loves him some Russia...
Stunning. And the traitorous party is the REPUBLICAN PARTY.
You can't make this shit up.
RKP5637
(67,104 posts)Ilsa
(61,694 posts)Flag and kiss Putin's ass. They want to be the strong guy's buddy. Suck-ups.
elmac
(4,642 posts)because the president elect is working for our enemies. Well, maybe safe isn't the correct word to use, screwed, yes screwed is more appropriate.
FuzzyRabbit
(1,967 posts)Russia is not likely to sabotage their new colony, the USA.
fallrey
(36 posts)Trump, if he lasts in office, is unpredictable and perfectly capable of alienating "friends," and Putin will follow his interests whether or not Trump is in alignment with them.
George II
(67,782 posts)BumRushDaShow
(128,874 posts)(although supposedly this is "tradition"
George II
(67,782 posts)BumRushDaShow
(128,874 posts)at this point, war is war, including in the cyber realm.
truthisfreedom
(23,145 posts)Welcome to the new world of "russia gets to do whatever russia wants."
Nick Otean
(26 posts)They are trying to do it here.
RKP5637
(67,104 posts)Tatiana
(14,167 posts)And we have some here that doubt Russia is a hostile enemy.
Putin's scheming certainly seems to be paying off. He has half of this population brainwashed.
PoliticAverse
(26,366 posts)Thrill
(19,178 posts)Yurovsky
(2,064 posts)I think they've been up to no good for a long time under Putin. Of course, this is the first time we've had a POTUS-elect who doesn't think it should worry anyone...
Eric J in MN
(35,619 posts)NT
paleotn
(17,911 posts)and most critical infrastructure at big utilities is air gapped among other defenses. However, the fear is small, less well funded utilities may be less informed of dangers, sloppy or just don't have the funding to protect themselves, and are thus vulnerable, but share the same grid as everyone else.
oberliner
(58,724 posts)http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/
BumRushDaShow
(128,874 posts)until the investigation is complete. I.e., the question security analysts will need to determine is when this happened and what/who else may have interacted with that laptop, and whether anything transferred from it to other devices (not necessarily employee laptops/desktops but perhaps mail/file servers and/or mobile devices that might interact with switches/routers/firewalls that share a connection to the servers that manage the grid).
I expect that they and many other utilities will be very busy scanning and tracing.
The take away is that "social engineering" is easier for crackers than any "brute force" attempts at entry.
oberliner
(58,724 posts)It is definitive. The computer was not connected to the operation of the grid.
BumRushDaShow
(128,874 posts)has nothing to do with the investigations (and the results of such) that are going on by DHS & DOJ. Specifically -
... and the possibility of access to correspondence from users of that laptop with info that may have been related to the utility's other systems, including the grid systems, and associated access to them.
You actually think that they will publicly admit that they fucked up?
Recall Yahoo admitting in September to the hack of 500 million accounts 2 years ago and then suddenly coming back around this month to admit it was over a billion in a different hack 3 years ago.
I.e., it ain't over until it's over and that may take awhile because they are literally going to have to comb through anything and everything related to or connected with that company now that they have the signature to look for. I.e., including employees who may have interacted with that laptop (or as I noted, whether that laptop may have infected a mail server) and confirm if there are any infected home/remote systems that might belong to people who do interact with systems associated with the grid.
The point of this sort of hack being to gain info on system configurations and potential password access, whether the attempt to access is tried or not.
oberliner
(58,724 posts)But the original Washington Post article said that the hackers had penetrated the US electrical grid and there is no evidence that this actually was the case, and the Burlington Electric people have explicitly said that this isn't the case.
I think that was very bad reporting on the part of WaPo, which takes away from what is a very serious story about Russian hacking.
I wish they had reported on it properly in the first place.
BumRushDaShow
(128,874 posts)obfuscation is the order of the day. I expect that they probably were breached but it's possible the system was/is antiquated enough (like many of our utilities) to not result in a worse situation. But the means is something that will be intensely studied in order to harden these facilities.
I think many of us recall the great East Coast blackout that started somewhere in Ohio and cascaded across the northern border into Canada and down the east coast, stopping here in the "PJM" (PA, NJ, MD) grid, where our monitors were able to head it off. The causes were summarized in a report (PDF), where it had been noted by security folks that the effect was enhanced due to a software bug that prevented them from acting on it sooner.
The fact that the grids are interconnected is why there needs to be special attention paid to what has been reported in the OP.
Lithos
(26,403 posts)The software fingerprint that was being circulated to the Electric Grid, was not a commodity piece of malware, but from the same Russian government group which was used to attack the DNC. The same mechanism used - social engineering - to get people to run this malware was also employed, with the same related payload to the Vermont office where at least one successful intrusion was made.
This was a Russian government attempt to compromise the US Electric Grid. While they have not found any evidence it made it to the vulnerable part of the grid itself, the fact remains this is a Russian government attempt. Without specific knowledge, you also do not know what *was* compromised. The malware may have included keylogger software which *did* capture additional credentials. Also, additional, novel (new) malware may have also been pushed down which is outside the fingerprint of the compromising piece.
These types of attacks typically come in waves, each designed to gain additional leverage into a compromised system to compromise even more systems. This is why there is the concept of an onion with it's many layers is frequently used to model an ideal (pragmatically) secure system.
From a security standpoint, you *have* to assume the worst here and undertake a full blown investigation to see *what* could have been compromised from this one laptop.
It's also a point which needs to be emphasized as the Trump-oids out on the Net are trying to downplay this as a piece of commodity malware from some non-governmental hacker and Russia is somehow innocent when they clearly are not
L-
oberliner
(58,724 posts)One is the one that you make here. Namely that there was a Russian government attempt to compromise the US Electric Grid. This is definitely alarming and newsworthy.
A second point, though, is that the Washington Post did not accurately report on this story initially. In what I assume was a rush to get the story out there, they published a story and headline explicitly claiming that "hackers penetrated the US Electric Grid" - when (as they now admit) they had no evidence to support making such a claim, which has since turned out not to be true.
Lithos
(26,403 posts)A second point, though, is that the Washington Post did not accurately report on this story initially. In what I assume was a rush to get the story out there, they published a story and headline explicitly claiming that "hackers penetrated the US Electric Grid" - when (as they now admit) they had no evidence to support making such a claim, which has since turned out not to be true.
Unfortunately, this was only discovered after the Feds sent out the DNA, there is no real information as to how long this system was compromised, nor what information was leaked. No one has revealed what this particular malware does, but from past experience, my guess is it is a "recon" or "scout" designed to identify vulnerabilities. For instance, one of the first tasks of pen testing is to capture an image of the internal network to identify specific weaknesses (vulnerabilities) which can be exploited, ideally with zero-day exploits the Russian government is aware of that have not been patched.
At this point you can't tell me that additional resources have not been compromised by other tools.
L-
On Edit: I will grant you WaPo did push this out, but to be honest, IT/Network security is a very specific art and one which is not going to be easily understood by non-professionals.
oberliner
(58,724 posts)Obviously you are much much more knowledgeable than I am with respect to hacking and malware and the like, and I very much appreciate your insights and information. My issue is with the way this was reported by WaPo, which I think was less than helpful.
Lithos
(26,403 posts)WaPo did push this out prematurely. It's a case where they felt they understood the subject (the DNC hacks) but did not know what they did not know.
The current damage now is blaming them for being premature and overlooking the actual attack and ongoing threat which occurred.
The Russian attackers are smart, smart, smart. The only thing they lack is access to the computational power the NSA has.
L-
Yo_Mama_Been_Loggin
(107,922 posts)Trump will suck off Putin even more.
Cha
(297,154 posts)BayouBengal07
(1,486 posts)Dispute the findings of his own intelligence officials? Fire the underlings who release the information? It will suddenly be his baby, and he won't be able to just tell us, as the chief of our national security apparatus, to just ignore it and move on. Or will he?
wishstar
(5,268 posts)He is apparently convinced he and his interests will only be enhanced and not harmed as long as he goes along with his wealthy Russian friends and is in position to do lots of favors to Putin & Co.
Vinca
(50,267 posts)We have a generator, but it's no good without gas and gas stations can't operation without electricity. If they go after the electricity grid in a northern state there will be lots of dead people.
Zoonart
(11,851 posts)Washington (CNN)Iranian hackers breached a dam outside of New York in 2013, according to a former official, managing to get control of the flood gates.
Could the Iranians have been in collusion with Russians on this hack? IMHO... there will be a hack on our grid by the Russian State and Rump will use the calamity to declare martial law. Any bets?
former9thward
(31,984 posts)The malware was found on an isolated laptop. It was not connected with the grid in anyway. The electrical system was not "penetrated".
BumRushDaShow
(128,874 posts)that may have provided access to the utility's employee email system, opening it up to probing info exchanged between employees on the grid system and infrastructure, and you can guess the rest.
Amazing how cavalier DUers have become.
Stop being so fucking dismissive.
former9thward
(31,984 posts)The laptop wasnt connected to the power grid at the time, the Burlington Electric Department said in a statement on Friday. It said it scanned its computer network and found the malware after the U.S. Department of Homeland Security sent out an alert about the code to owners and operators of critical infrastructure.
We took immediate action to isolate the laptop and alerted federal officials of this finding, utility spokesman Mike Kanarick said in the statement. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.
https://www.bloomberg.com/politics/articles/2016-12-31/russian-hacking-code-found-in-vermont-power-utility-computer
Even the Washington Post has now changed their headline.
Russian hackers penetrated U.S. electrical grid though a utility in Vermont, officials said.
Russian operation hacked a Vermont utility , showing risk to U.S. electrical grid security, officials said
BumRushDaShow
(128,874 posts)and get an understanding about what the means and what it is designed to do...and read this part that you even quoted -
Meaning that they are still investigating - most likely using real security analysts. Plus see posts 49 & 55.
It's apparent that folks don't understand how crackers get into systems and it doesn't have to even be brute force nor would it need to happen through the vehicle where the social engineering took place. I have worked in IT for 25+ years and your dismissal of what may be occurring (or occurred) is a fucking disgrace.
former9thward
(31,984 posts)BumRushDaShow
(128,874 posts)that you insist is going on and everything to do with the real-world concerns about the well-known infrastructure weaknesses that were pointed out after 9/11. Your continual insistence on knee-jerk contrarian posts time and time again, and in this case in the face of what is going on in the cyber world, is truly breathtaking.
Bradical79
(4,490 posts)Different than "fake news" though.
Lithos
(26,403 posts)They were given the "DNA" of the malware used in the DNC attack and only then did they find the laptop had been compromised. They did not discover it earlier. What is missing is "how long" was it present?
Also, there is no analysis or understanding of the potential value of information which could have been gathered from this laptop including information valuable in a social engineering situation or what other systems could have been compromised. For instance, did the attackers learn details of some of the internal network servers?
Even the Target and Home Depot attacks started out small and progressed slowly thru multiple systems until the core target systems were reached, what makes you think that the same wouldn't happen here? Network intrusion is a very patient game where you chip and probe, chip and probe.
L-
oberliner
(58,724 posts)Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation
https://www.washingtonpost.com/world/national-security/russian-government-hackers-do-not-appear-to-have-targeted-vermont-utility-say-people-close-to-investigation/2017/01/02/70c25956-d12c-11e6-945a-76f69a399dd5_story.html?utm_term=.0d6804bb6492
Lithos
(26,403 posts)Interesting.
They were looking only to the Grizzly Steppe document which is a set of IPs and a fairly useless firewall rule to look for a file placed by XSS. IPs are mostly useless in this case as it's *very* easy to setup new proxies and good hackers would never reuse any if they could avoid it. Also, it looks like many of these IPs are likely weakly associated in the first place. Thought the government would be sharing a bit more details with the key security people than the general document for the world.
Now it appears this is just a general alert by Vermont Electric to normal malware caused by the very vague and poor response of the Federal Government.