Russian cybersecurity intelligence targets critical U.S. infrastructure
By Bill Gertz
U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service.
The relationship between the company and the FSB, as the spy agency is known, has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation.
The effort appears to be part of FSB and Russian military cyberwarfare reconnaissance targeting, something the Pentagon calls preparation of the battlefield for future cyberattacks. The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering, said officials familiar with reports of the effort who spoke on background.
Officials familiar with reports about the company did not identify it by name. However, security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States.
The Russian firm is said to have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure.
These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power grids, wind farms and large communication systems.
In September, Director of National Intelligence James R. Clapper told Congress that Russian hackers have penetrated U.S. industrial control networks operating critical infrastructure. The objective of the hackers is to develop the capability to remotely access the control systems that “might be quickly exploited for disruption if an adversary’s intent became hostile,” Mr. Clapper said.“Unknown Russian actors successfully compromised the product-supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Mr. Clapper stated in Sept. 10 testimony to the House Permanent Select Committee on Intelligence.
Russian hackers also were linked to cyberpenetrations of U.S. industrial control networks used for water and energy systems in 2014.
The Russian connection was identified through the use of malware called BlackEnergy that has been linked to Russian government cyberoperations dubbed Sandworm by security researchers.
Mr. Clapper also testified that the Russian Defense Ministry has created a military cybercommand for offensive attacks. Additionally, the Russian military is setting up a specialized branch for computer network attacks.
RUSSIAN GENERAL ISSUES THREATGen. Valery Gerasimov, chief of the General Staff of the Armed Forces of Russia, told foreign military attaches in Moscow on Monday that increased military activities by NATO and the development of global missile defenses were “creating a threat of new conflicts and escalation of existent conflicts,” the official Interfax news agency reported.
“The NATO military policy unfriendly towards Russia is a source of concern,” Gen. Gerasimov said. “The alliance continues to expand its military presence and is stepping up the activity of the bloc’s armed forces along the perimeter of borders of the Russian Federation.”
Because of the deployment of a global missile defense network and the development of new means of armed struggle, including hypersonic weapons, “the problem of upsetting the existent strategic balance of force has been growing,” said the general, referring to high-speed strike weapons.
The Pentagon is developing a conventional rapid-attack capability called “prompt global strike,” which can target any spot on Earth in 30 minutes.Russia has stepped up nuclear threats against the United States and NATO in response to deployment of missile defenses in Europe.
In recent months, Russian President Vladimir Putin has issued an unprecedented number of threats to use nuclear weapons, most notably after the Russian military annexation of Ukraine’s Crimea last year. On Dec. 11, Mr. Putin said he hoped nuclear weapons would not be needed during operations in Syria.
“Particular attention must be paid to the consolidation of the combat potential of the strategic nuclear forces and the execution of space-based defense programs,” Mr. Putin was quoted as saying at the meeting with his defense chiefs. “We need, as our plans specify, to equip all components of the nuclear triad with new arms.”
Lt. Gen. Ben Hodges, commander of U.S. Army forces in Europe, told reporters last week that Russian nuclear threats are troubling in the current security environment.
“The way that senior Russian officials have talked about Denmark as a nuclear target, Sweden as a nuclear target, Romania as a nuclear target, sort of an irresponsible use of the nuclear word, if you will, you can understand why our allies on the eastern flank of NATO — particularly in the Baltic region — are nervous, are uneasy,” Gen. Hodges said.
Additionally, the Russian military has conducted “large snap exercises without announcement,” which also has increased fears of a Moscow threat, he said.
***
Since the FSB (KGB) company is un-named could it be: (RecordedFuture)
What is SORM?
Russia’s SORM (Система Оперативно-Розыскных Мероприятий, literally “System for Operative Investigative Activities”) is a lawful intercept system operated by the Federal Security Service (or FSB – the Russian successor to the KGB).
SORM came to light recently during the Sochi Olympic Games where reports claimed that “all communications” were monitored. SORM differs from the US lawful intercept system, as once the FSB receives approval for access to a target’s communications they are able to unilaterally tap into the system without provider awareness.
Further, SORM is also lawfully used to target opposition parties within Russia. According to the World Policy Institute, on November 12, 2012, Russia’s Supreme Court upheld the right of authorities to eavesdrop on the opposition.
- SORM-1 intercepts telephone traffic (including both landline (analog) and mobile networks).
- SORM-2 targets internet traffic (including VoIP calls).
- SORM-3 has the ability to target all forms of communication providing long-term storage of all information and data on subscribers, including actual recordings and locations.
Former Soviet States (Kazakhstan, Belarus, Uzbekistan and Ukraine) have installed SORM-standard equipment. According to research by Wired Magazine, Ukraine’s SORM is more advanced as the SBU (Ukraine’s Security Service) has the ability to interrupt a target’s communications.
In April 2011, Iskratel – which provides Ukraine’s sole telephone company Ukrtelekom with broadband equipment – announced its SORM device was tested successfully under the new requirements and had been approved by the SBU.
Analyzing SORM manufacturers within Recorded Future identified equipment suppliers including Juniper Networks (US), Cisco Systems (US), Huawei (China) and Alcatel-Lucent (France).
