Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say (wsj.com)

Posted by BeauHD on from the looking-out-from-the-inside dept.

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

32 of 371 comments (clear)

  1. Unpossible! by amicusNYCL · · Score: 4, Funny

    I don't believe it. Deep state. Carter Page. Witch hunt.

    It's probably best to just end all investigations towards anything related to Russia.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    1. Re:Unpossible! by chill · · Score: 5, Insightful

      Congratulations! You just described one of the main reasons for NAFTA, the TPP, and other global, multilateral trade deals. The simple fact is the more countries are tied by trade, the fewer wars they have. Another "peace dividend" that President Orange Bumblefuck doesn't even remotely grasp, and hence, pissed all over.

      --
      Learning HOW to think is more important than learning WHAT to think.
  2. lies by phantomfive · · Score: 3, Interesting

    It may be true or it may be not true.....But we've had false stories about nuclear reactors being hacked before, which turned out to be standard, untargeted malware, on a non-control computer. Regardless, the DHS has been trying for over a decade to get power over the Internet, including things like the "internet kill switch." The information they release is targeted and framed to convince people to give them that power. Furthermore, we know government agencies frequently lie, and it's only gotten worse as the president has set the example.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:lies by toonces33 · · Score: 4, Insightful

      Maybe you should read the article.

    2. Re: lies by AmiMoJo · · Score: 4, Insightful

      Seems quite specific to me.

      The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, âoeair-gappedâ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

      We have who, where, how and by what method. Interestingly it's similar to the technique used by the US to sabotage Iranian enrichment facilities.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re: lies by AmiMoJo · · Score: 2

      Is it normal for them to release evidence to the public?

      The Struxnet stuff only came out because other people got hold of it and dissected it. If you follow security blogs you can see that the same thing happens with Russian malware found in the wild. And really, it seems odd to give weight unverifiable blog posts about Struxnet, but not to somewhat reputable journalists.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re: lies by phantomfive · · Score: 2

      It's normal for them to lie, exaggerate, and not tell the truth. For an example, look at what they were saying around the time they were trying to get Apple to unlock the iPhone for them.

      --
      "First they came for the slanderers and i said nothing."
  3. Air-Gapped by Kobun · · Score: 5, Insightful

    You keep using that word. I don't think it means what you think it means.

    1. Re:Air-Gapped by AHuxley · · Score: 2

      Air gapped could be some contractor standard. Contractors walking in and out with the work computing to other networks?
      More of a two way sneaker net than a secure computer with updates in day and hours.

      --
      Domestic spying is now "Benign Information Gathering"
  4. Re:Quick Change Topics! by PopeRatzo · · Score: 5, Informative

    Our last bit of blaming 12 Russians for hacking the DNC server was called out in less than a day. They know the FBI hasn't looked at the server and Crowstrike is unwilling to testify that Russia hacked it.

    Amazing. Every single word in those two sentences was wrong.

    --
    You are welcome on my lawn.
  5. Re:Yeah right... by datavirtue · · Score: 3, Interesting

    500,000 Iraqi civilians dead
    4,424 US Soldiers Killed
    35k seriously wounded (life all fucked up)
    Ignited a platform for radicalism to flourish in 70 countries

    One of those agencies (CIA) was recently caught red handed spying on the US Senate. The world is so fucked up it barely made the news.

    https://news.vice.com/article/...

    --
    I object to power without constructive purpose. --Spock
  6. You know you're joking by rsilvergun · · Score: 3, Interesting

    and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki. What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re: You know you're joking by dave420 · · Score: 5, Informative

      That the way Trump wishes to do it is indistinguishable from someone who is compromised and being used. That's the scary part.

    2. Re:You know you're joking by sjbe · · Score: 4, Insightful

      and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki.

      That's because he is down to more or less just his psycho base supporters. An alarmingly large group but they support him no matter how crazy he gets. He could start a nuclear war and they would cheer him on the whole way and probably try to find some way to blame Obama or Clinton for it.

      What I find especially odd is most of his supporters are old enough to have been cold warrior types.

      His supporters are not that old as a general proposition. He has too many of them for that to be the case though certainly a fair number of them are older. Heck I'm old enough to have been around during the later decades of the cold war and the people that really lived through the middle of it are drawing social security now. Trumps supporters are more diverse than just old people.

    3. Re:You know you're joking by AvitarX · · Score: 2

      Well, I'm using the 538 rolling average, so it's at least slightly resistant to both error and movement.

      It seems to take at least a week for any change.

      The 10-11 threshold seems to be pretty relevant though, it's when generic (midterm) polling starts to break 9% and Republicans start to maybe sort of not rubber stamp everything about Trump. 9% poll lead puts the senate in the realm of possible for the democrats (obviously individual races will have effects, and likely the real life gap will need to be a touch higher, but it starts to look like the realm of typical polling deviation), and the house quite likely (even with typical polling errors against).

      Your link has his day one approval at 40, with 42 now (favorables aren't a great measure of approval IMO).

      I suspect a significant portion of the 40% are quite into the baiting that's happening. Also, the trade war was/is a notable bump to popularity, so the fact that it moved at all as it escalates is notable.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    4. Re:You know you're joking by drinkypoo · · Score: 2

      You say that to comfort yourself and mentally reinforce your moral superiority, but if Trump's base alone gets him to 45%, that should scare the shit out of you.

      It is both true, and shit-scaring.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Re: Quick Change Topics! by PopeRatzo · · Score: 5, Informative

    I will keep it simple: what YEAR did the FBI examine Your Highness mail server?

    2016.

    https://motherboard.vice.com/e...

    Here is some more background on Trump's "Where is the server?" lie:

    https://www.politifact.com/tru...

    --
    You are welcome on my lawn.
  8. Shouldn't be news by Anonymous Coward · · Score: 5, Informative

    Several years ago I was at an IT Security dinner/presentation and they laid out some of the details behind a cyberattack on an airline. The hackers didn't go after any airline networks directly. Rather, they compromised an airline parts supplier and injected malware into webpages (or documents, I forget) and eventually 'caught' an airline when someone inside the airline visited the compromised site and was themselves infected.

    I've tried to explain this to people in my industry. They don't have to be even trying to get you, just someone in your industry.

    This and the massive Target breach are why vendor, their networks, and their devices should not be trusted (from a security standpoint at least).

  9. Here's a whacky idea by sjames · · Score: 2

    How about ACTUALLY air-gapping the control network. If they want remote monitoring (not control), they can put a polling device on the control network. It can send all the data via a serial port with the RX connections removed to another machine on the internal network that can be reached via VPN.

  10. Re:Long-term narrative by h33t+l4x0r · · Score: 4, Funny

    There's no really good evidence that the Russian government is involved with any of the hacking, except to say "That's something they would do". It's the fallacy of the reversed conditional,

    I don't see any reason why it wouldn't be Russia.

  11. Suppose that were true by raymorris · · Score: 4, Informative

    Suppose Russia isn't constantly trying to hack the US.
    We have daily news reports saying they are, that essentially they are fighting a cyber war against us and that's been going on for years, but we'll assume for a moment that is false.

    Nobody is doing anything about it, of course. Obama nor Trump fired a barrage of missiles in a counter-attack, nor really made any big deal about it - they're still doimg trade deals, selling the Russians a significant portion of our Uranium, etc.

    So Putin sees that nobody really cares about the reported attacks. Nobody seems all that bothered about it - not enough to demand any counter-attack.

    Suppose you're Putin, or Russian intelligence, or head of Russia's cyberwarfare command. You see that constant statements that you're attacking the US don't lead to any significant response. You see that you COULD attack the US with impunity and they wouldn't do anything about it.

    What would YOU do if you were Putin, or head of Russia's cybercommand, and you knew you could get away with attacking the US as much as you wanted?

    If it were me, seeing that nobody cares whether Russia attacks us or not, I'd go right ahead and attack. We're getting blamed for it anyway.

    So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken.

    As it happens, I'm a career security professional. Knowing about hacks is my job. I work at a company founded by Misha Govshteyn. Guess where Misha is from. Mr. Govshteyn and I will tell you, Russia is hacking the hell out of the US all day long. Only China sends more attacks.

    1. Re:Suppose that were true by Anonymous Coward · · Score: 2, Insightful

      The Uranium bit was a red herring. It was signed off by a ton of people and overblown.

      As for as Russian attacks go, I think people need to segregate issues a bit.

      1. Russia did manipulate our elections with propaganda and it is plausible but not proven that those manipulations were enough to cause enough voters to vote for Trump or not for Hillary where it mattered. That is the simple truth, though it isn't spoken much. Usually people say the outcome wasn't changed, and you can no more 100% know that than know that it wasn't. The numbers were close, and there was a lot of manipulation.

      2. Russia is going to do it again, but that is almost totally irrelevant. Now that we've shown we will bend over and take it, particularly if it benefits one party, it likely won't be limited to Russia.

      3. We need to be on a (cyber) wartime footing with respect to these things. Foreign manipulation needs to be addressed and mitigated. Voting machine secured. Voting registrations roles not carelessly purged, etc, etc. If we have to fight cyber attacks with cyber attacks we must do so, since the alternative is worse. We can't, however, lie, though exposing actual illegal dealings in Russia's politicians is fair game at this point. The emails uncovered were technically not lies. They just uncovered every rock they could find while the republican side got to skim by with revealing nothing. Basically it was a bit like a set of scales. Each side has things that perhaps don't show them in the best light. One side gets everything loaded on the scale, while the other side gets almost nothing, while ten times as much is hidden behind the curtain. That kind of disparity is bound to make the results less than ideal. Also you gotta assume the Russian's didn't alter the emails since if alterations could have been proved they might not have been accepted as well.

      4. Most importantly we need an attitude from every elected official that the truth matters. If your representative or senator has acted in a way that indicates its okay to lie if it benefits their party, and you know someone else on the ballot who is at least honest, then seriously consider voting for them, regardless of party.

      5. In addition to 4, we need a constitutional amendment, or maybe a law that states if you run for at least national office all confidentiality agreements protecting you are null and void and attempting to silence a story about a candidate with money is itself a felony. Furthermore all your government records are automatically made available. And just in case someone whines that it wouldn't be fair, well why wouldn't it? It would be the same for everyone. Don't like the spotlight, don't run for public office.

  12. IBM researchers did this like, a decade ago? by Khyber · · Score: 3, Informative

    Yup, here's a report from 2007.

    https://www.forbes.com/2007/08...

    That nothing has been done to fix this shit is the real story.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  13. Sorry Comrade by sit1963nz · · Score: 5, Funny

    Newbie Russian hacker, he thought voltage machine was the same as voting machine.
    we are saying sorry
    do not worry, we will have it all good by November , yes.
    Please give out best to the Donald

  14. Re: Quick Change Topics! by Archangel+Michael · · Score: 3, Insightful

    https://www.cnn.com/2017/01/05...

    That is a bit of news from the time it happened, not a few days ago, after they needed to show they did have access to the server.

    Washington (CNN)The Democratic National Committee "rebuffed" a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday.

    SO, which story do you actually believe? The one where they rebuffed attempts to inspect the server, or the one that they're using now, that they had the servers the whole time?

    Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"

    And until people grow up, and see that, we're never going to get anywhere. So, please stop with the re-written history, it is embarrassing .

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  15. Re:Long-term narrative by GrimSavant · · Score: 5, Insightful

    That's a remarkable bit of denial, an excellent exemplar of why I have decreasing faith that this will end well. There is plenty of evidence that the Russians were involved in all sorts of various hacking and active measures and whatnot, but if you simply refuse to believe that evidence, then you can just deny everything and believe whatever you want to believe or whatever you are told to believe. That is one of the end goals of the concerted campaign of propaganda that the Russians been running since the Soviet era: true information no longer matters anymore and the ability to assess facts and adjust beliefs in response to facts is utterly withered.

    To the particular point, the prior indictments against the Russian nationals are far more detailed than standard indictments, they are so called "speaking indictments." The most recent one this month against the GRU hackers detailed the particular methods they used and quite a bit of the timing of the attacks. And it sounds like western intelligence had high end source in the Russian government that Trump was told about prior to the inauguration confirming that the top levels of the Russian government, including Putin, were orchestrating the attacks. But again, if you can simply deny that information out of hand, and call it "fake news", then what point is there in providing any more information? What will be believed short of reality providing a swift kick to the groin?

  16. Re: Quick Change Topics! by PopeRatzo · · Score: 5, Insightful

    Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"

    The FBI is not the "Intel Community". They're law enforcement, no less than your local cops. They have about the same record of integrity, too, which is saying, "so-so". But they take the whole, "national security" thing pretty seriously. And that includes all the Trump appointments, and his director of national intelligence and his attorney general. And while you're being Inspector Gadget finally trying to get the dirt on Hillary Clinton, there is a legal noose tightening around Trump's neck. Indictments, convictions, guys in jail.

    And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.

    So, the question you have to ask yourself is if you believe Donald Trump or people appointed by Republicans to be FBI director, attorney general, FISA judges, etc etc. You can either trust people that have actually earned trust or a guy who changes his story about what he actually said on live fucking camera four times between Monday and Thursday.

    Not you, ArchMike. It's too late for you. The question is for other people reading this. You're already too far gone down the 4chan hole looking for pizza and crisis actors. The question is for the grown folks.

    --
    You are welcome on my lawn.
  17. Re: Quick Change Topics! by Anonymous Coward · · Score: 2, Funny

    The millineal generation
    Phrase. Literal
    A generation consisting of 1/1000th of a Neal.

  18. that Vice piece is a joke though by Uberbah · · Score: 2, Interesting

    First note the weasel words:

    Even so, what CrowdStrike gave the FBI is likely better than if it had seized and analyzed a physical box.

    Then the canards:

    "You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It's unplugged, so there's no memory content because it's powered down.

    As if the FBI has to have the hardware transported to a lab to analyze it. They have agents with functioning legs who could examine the servers while they are powered on.

    And finally the crux of the issue:

    "To keep it simple, let's say there's only one server. CrowdStrike goes in, makes a complete image including a memory dump of everything that was in the memory of the server at the time, including traffic and connections at the time," Rid said.

    The FBI wouldn't trust CrowdStrike to make such an image. Not one involving multiple servers allegedly hacked by high level foreign intelligence operatives. Not when the FBI has long had access to sophisticated malware, malware that other nation-states could also use, malware that could be missed by civilian tools.

    Not only does this stand out for people who have bullshit detectors after 2002, it should upset partisan Democrats who are true believes in Russiagate. Why, there could have been the old KGB telnet handle from Pootie Poot himself buried in some encrypted memory, if only the FBI had access to the hardware to analyze it....

    1. Re:that Vice piece is a joke though by PopeRatzo · · Score: 5, Informative

      The FBI wouldn't trust CrowdStrike to make such an image.

      Of course they would. The FBI uses contractors all the time. Especially for what the president calls "the cyber".

      https://www.reuters.com/articl...

      --
      You are welcome on my lawn.
  19. Stuxnet by scsirob · · Score: 3, Insightful

    Kinda odd to see the outrage over this. A few years ago USA used the exact same tactics to penetrate Iranian nuclear facilities, releasing the Stuxnet virus which damaged a lot of critical infrastructure. Back then there were plenty of people here gloating over this and being proud of the accomplishments.

    My guess is that this is happening all over the world, by all major regimes, in all vulnerable areas. Anger or pride only depends on if your country is the hacker or the victim.

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
  20. US/Russia relations by sjbe · · Score: 5, Insightful

    What are you so afraid of?

    If you have to ask that question then you know fuck-all about US/Russia relations over the last 80 years.

    What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?

    What's terrifying is HOW Trump is trying to do it. Peaceful cooperation with Russia is a reasonable goal but not at any cost or by abandoning countries that actually are friendly to the US. Russia is NOT a friend to the US and pretending that the interests of those two countries have somehow magically aligned because Trump is in the White House is absurd.