Department of Homeland Security says Russian hackers were able to easily gain entrance into US power companies’ control rooms last year in a long running and giant attack. Officials say the hackers were close enough to be able to cause blackouts, the Wall Street Journal reports.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
According to federal officials, some companies may not even know they were compromised because the hackers used credentials of real workers to gain entrance to the networks thus making their forays harder to spot. DHS is withholding the names of victims but say the number is in the hundreds rather than the initial estimate of dozens.
The cyberattack ran from spring of 2016, continued into 2017 and is likely continuing even now. The Wall Street Journal states that the hackers exploited vendors who have access to utilities in order to run diagnostics and keep the infrastructure running.
The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks.
After gaining access to the utility networks, they stole confidential information. They gathered information on network configuration and how equipment was controlled, learning how the facilities were run. Jonathan Homer explained in the first of four planned briefings, intended to foster industry cooperation, that hackers “have to learn how to take the normal and make it abnormal” in order to cause interruptions. They do so by disguising themselves as daily users of the networks and pass into the system undetected.
Officials are investigating the extent of the capabilities of the attackers and whether they are automating their attacks with the goal of scaling up, the Journal reports.
It isn’t yet clear whether the hackers used their access to prepare the battlefield for some future, devastating blow, investigators said. For example, many experts fear that a skilled technician could use unfettered access to change some equipment’s settings. That could make them unreliable in unexpected ways, causing utility engineers to do things that would result in extensive damage and potentially lengthy blackouts.
Why It Matters
Last week, President Trump stood in Helsinki with Vladimir Putin and shanked the intelligence community when asked if he believed Putin or the IC in regards to Russia’s cyberattack during the presidential election. In that joint news conference, Putin said he wanted Trump to win the election.
Three days prior, the indictment of 12 Russian military officers for hacking the DNC computers was announced, bringing the number of Russian nationals indicted by the special counsel’s office to 25. That’s not counting the arrest and indictment of Maria Butina, who is accused of being a Russian foreign agent.
Director of National Intelligence Dan Coats, pointedly and without approval of the White House, made a statement in support of the intelligence community’s assessment of Russia’s role in the interference in the election after the Helsinki summit.
In May, John Bolton, National Security Advisor, eliminated the top White House cybersecurity position, leaving no individual tasked solely with leading a team that developed a unified strategy for threats to election security or serve as a liason between the Federal government and the private sector.
Yesterday, Donald Trump tweeted that “it” (it being the Russia investigation) “is all a big hoax”.
If the President of the United States of America cannot even consistently hold the position that the intelligence community unanimously agrees on, i.e. that Putin attacked the US with the intent of helping Donald Trump get elected by harming Hillary Clinton’s candidacy, how can he and his administration possibly be relied upon to take the threat Russia poses to our utilities grid seriously?
While Russian hackers gallivant around control rooms of the nation’s utilities, he golfs, tweets, and plans a military parade to compete with the Bastille Day celebration he saw while visiting France. None of which does a single thing to keep America safe or great.