Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say (wsj.com)

Posted by BeauHD on from the looking-out-from-the-inside dept.

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

4 of 371 comments (clear)

  1. lies by phantomfive · · Score: 3, Interesting

    It may be true or it may be not true.....But we've had false stories about nuclear reactors being hacked before, which turned out to be standard, untargeted malware, on a non-control computer. Regardless, the DHS has been trying for over a decade to get power over the Internet, including things like the "internet kill switch." The information they release is targeted and framed to convince people to give them that power. Furthermore, we know government agencies frequently lie, and it's only gotten worse as the president has set the example.

    --
    "First they came for the slanderers and i said nothing."
  2. Re:Yeah right... by datavirtue · · Score: 3, Interesting

    500,000 Iraqi civilians dead
    4,424 US Soldiers Killed
    35k seriously wounded (life all fucked up)
    Ignited a platform for radicalism to flourish in 70 countries

    One of those agencies (CIA) was recently caught red handed spying on the US Senate. The world is so fucked up it barely made the news.

    https://news.vice.com/article/...

    --
    I object to power without constructive purpose. --Spock
  3. You know you're joking by rsilvergun · · Score: 3, Interesting

    and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki. What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  4. that Vice piece is a joke though by Uberbah · · Score: 2, Interesting

    First note the weasel words:

    Even so, what CrowdStrike gave the FBI is likely better than if it had seized and analyzed a physical box.

    Then the canards:

    "You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It's unplugged, so there's no memory content because it's powered down.

    As if the FBI has to have the hardware transported to a lab to analyze it. They have agents with functioning legs who could examine the servers while they are powered on.

    And finally the crux of the issue:

    "To keep it simple, let's say there's only one server. CrowdStrike goes in, makes a complete image including a memory dump of everything that was in the memory of the server at the time, including traffic and connections at the time," Rid said.

    The FBI wouldn't trust CrowdStrike to make such an image. Not one involving multiple servers allegedly hacked by high level foreign intelligence operatives. Not when the FBI has long had access to sophisticated malware, malware that other nation-states could also use, malware that could be missed by civilian tools.

    Not only does this stand out for people who have bullshit detectors after 2002, it should upset partisan Democrats who are true believes in Russiagate. Why, there could have been the old KGB telnet handle from Pootie Poot himself buried in some encrypted memory, if only the FBI had access to the hardware to analyze it....