Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

Re:Quick Change Topics!

[PopeRatzo]

Our last bit of blaming 12 Russians for hacking the DNC server was called out in less than a day. They know the FBI hasn't looked at the server and Crowstrike is unwilling to testify that Russia hacked it.

Amazing. Every single word in those two sentences was wrong.

Re: Quick Change Topics!

[PopeRatzo]

I will keep it simple: what YEAR did the FBI examine Your Highness mail server?

2016.

https://motherboard.vice.com/e...

Here is some more background on Trump's "Where is the server?" lie:

https://www.politifact.com/tru...

Shouldn't be news

Several years ago I was at an IT Security dinner/presentation and they laid out some of the details behind a cyberattack on an airline. The hackers didn't go after any airline networks directly. Rather, they compromised an airline parts supplier and injected malware into webpages (or documents, I forget) and eventually 'caught' an airline when someone inside the airline visited the compromised site and was themselves infected.

I've tried to explain this to people in my industry. They don't have to be even trying to get you, just someone in your industry.

This and the massive Target breach are why vendor, their networks, and their devices should not be trusted (from a security standpoint at least).

Suppose that were true

[raymorris]

Suppose Russia isn't constantly trying to hack the US.
We have daily news reports saying they are, that essentially they are fighting a cyber war against us and that's been going on for years, but we'll assume for a moment that is false.

Nobody is doing anything about it, of course. Obama nor Trump fired a barrage of missiles in a counter-attack, nor really made any big deal about it - they're still doimg trade deals, selling the Russians a significant portion of our Uranium, etc.

So Putin sees that nobody really cares about the reported attacks. Nobody seems all that bothered about it - not enough to demand any counter-attack.

Suppose you're Putin, or Russian intelligence, or head of Russia's cyberwarfare command. You see that constant statements that you're attacking the US don't lead to any significant response. You see that you COULD attack the US with impunity and they wouldn't do anything about it.

What would YOU do if you were Putin, or head of Russia's cybercommand, and you knew you could get away with attacking the US as much as you wanted?

If it were me, seeing that nobody cares whether Russia attacks us or not, I'd go right ahead and attack. We're getting blamed for it anyway.

So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken.

As it happens, I'm a career security professional. Knowing about hacks is my job. I work at a company founded by Misha Govshteyn. Guess where Misha is from. Mr. Govshteyn and I will tell you, Russia is hacking the hell out of the US all day long. Only China sends more attacks.

IBM researchers did this like, a decade ago?

[Khyber]

Yup, here's a report from 2007.

https://www.forbes.com/2007/08...

That nothing has been done to fix this shit is the real story.

Re:that Vice piece is a joke though

[PopeRatzo]

The FBI wouldn't trust CrowdStrike to make such an image.

Of course they would. The FBI uses contractors all the time. Especially for what the president calls "the cyber".

https://www.reuters.com/articl...

Re: You know you're joking

[dave420]

That the way Trump wishes to do it is indistinguishable from someone who is compromised and being used. That's the scary part.

Re:Long-term narrative

There is plenty of evidence that the Russians were involved in all sorts of various hacking and active measures and whatnot

Sure, and what were the effects of all that hacking and meddling? 50k USD spent on Facebook advertisements (compared to ~1.3 billion spent by Trump and Hillary),and to quote Mueller's boss Rosenstein, there was not a single hacked voting machine, nor any evidence of collusion.

To the particular point, the prior indictments against the Russian nationals are far more detailed than standard indictments, they are so called "speaking indictments." The most recent one this month against the GRU hackers detailed the particular methods they used and quite a bit of the timing of the attacks.

The best part about all these indictments is that if the people in question never show up for trial, the Mueller investigation never has to present any evidence, so it's feasible to suggest that it's so flimsy as to be laughed out of court. Indictments /= convictions.

Funnily enough, lawyers representing some of the companies named in the previous round of indictments showed up in court to start discovery (where the prosecution presents its evidence so that a defense can be mounted), and Mueller wasn't ready to go to trial and present what evidence he had, if indeed he has any, and he asked for an extension. That should make it pretty clear that all he wants is headlines to look like he's doing something. My suspicion is that he was attempting to derail Trump's meeting with Putin as the last rounds of indictments were announced on the Friday afternoon before Trump's Monday morning summit with Putin.

https://www.politico.com/story...

if you can simply deny that information out of hand, and call it "fake news", then what point is there in providing any more information? What will be believed short of reality providing a swift kick to the groin?

Fake news is the wrong term to use as it's not even news to begin with. Everyone with more than two brain cells knows that every major country is constantly trying to hack everyone else, but as the "news" you're presenting is completely irrelevant to the point you're trying to make, I can understand Okian Warrior's (mis)use of the term.