Hackers working for Russia claimed "hundreds of victims" last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.Some of the specific details are new, but, broadly, this story is not news. More than a year ago, I wrote about Russia using Ukraine as a testing ground for cyberattacks just like the above described.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, "air-gapped" or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
"They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously.
It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
Experts have been warning about the Russian threat for some time.
"They've been intruding into our networks and are positioning themselves for a limited or widespread attack," said Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden Center at the University of Pennsylvania. "They are waging a covert war on the West."
Russia has denied targeting critical infrastructure.
Mr. Homer said the cyber-attack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment, and perform other services that are needed to keep millions of pieces of gear in working order.
The June 2017 wave of cyberattacks on Ukraine were "part of a digital blitzkrieg that has pummeled Ukraine for the past three years — a sustained cyberassault unlike any the world has ever seen. A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralyzed organizations' most basic functions."
At that time, we already knew that:
1. Russian hackers had breached the DNC in an effort to alter the outcome of the election to Donald Trump's favor.
2. Russian diplomats, presumed to be Russian intelligence agents, had been "waging a quiet effort to map the United States' telecommunications infrastructure, perhaps preparing for an opportunity to disrupt it."
3. Russia had developed "a cyberweapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life."
4. Donald Trump had restored to Russia control of the compounds from which they are thought to have orchestrated the infrastructure mapping intel operations. (Because the collusion is right out in the open.)
So, now we know some more specifics about how the Russians are executing on their plan, which they practiced by terrorizing Ukraine as a test lab.
But we have long known that Russia is planning an attack on U.S. infrastructure — and that the sitting U.S. president is abetting them.
And still the people with power to prevent it aren't doing a goddamned thing.
Shakesville is run as a safe space. First-time commenters: Please read Shakesville's Commenting Policy and Feminism 101 Section before commenting. We also do lots of in-thread moderation, so we ask that everyone read the entirety of any thread before commenting, to ensure compliance with any in-thread moderation. Thank you.
blog comments powered by Disqus