Brute Force Attack on UK Parliament User Emails

Inside and outside cyber experts are making attributions to Russia.

The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.

Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit.

The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers.

The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran.

A security source said: “It was a brute force attack. It appears to have been state-sponsored.”

“The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.”

MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of being behind hacking attempts in the UK before. More from the Guardian.

BBC: Up to 90 email accounts were compromised during the cyber-attack on Parliament on Friday.

Fewer than 1% of the 9,000 users of the IT system were impacted by the hacking, said a parliamentary spokesman.

The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.

The spokesman said the attack was a result of “weak passwords” and an investigation is under way to determine whether any data has been lost.

Both Houses of Parliament will meet as planned on Monday and plans are being put in place to allow it to resume its wider IT services, said officials.

A number of MPs confirmed to the BBC they were unable to access their parliamentary email accounts outside of the Westminster estate following the hacking.

‘Passwords for sale’

The spokesman said the parliamentary network was compromised due to “weak passwords” which did not conform to guidance from the Parliamentary Digital Service.

They added: “As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.”

The incident comes just over a month after 48 of England’s NHS trusts were hit by a cyber-attack.

International Trade Secretary Liam Fox said: “We have seen reports in the last few days of even cabinet ministers’ passwords being for sale online.

“We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails.

“And it’s a warning to everybody, whether they are in Parliament or elsewhere, that they need to do everything possible to maintain their own cyber-security.”

The latest attack was publicly revealed by Liberal Democrat peer Lord Rennard on Twitter as he asked his followers to send any “urgent messages” to him by text.

The National Cyber Security Centre and National Crime Agency are investigating the incident.

Investigating the Other Collusion Case

Seems it at least began in 2015, long before Donald Trump was campaigning for the Oval Office.

Also, as an aside, John Podesta is testifying before the House Intelligence Committee next week. He too has financial ties to Moscow operations.

The Vnesheconombank is Russian owned and has been under a sanctions architecture due to the annexing of Crimea. In Russia, by law, the bank’s board chairman is the Prime Minister of Russia. Vladimir Putin increased leading when he became the bank’s chairman in 2008. Now precisely why is Russia investing at all in the United States in the first place? Well soft power and doing business with the Export Import Bank, an agency that is corrupt to the core. Further, Sergei Gorkov is head of the bank and is is/was a Russian spy.

Image result for Vnesheconombank  ABC

BusinessInsider:The U.S. Treasury has added a bunch of entities to its Russia sanctions list, including a sovereign wealth fund that used to be connected to some pretty high-profile U.S. billionaires.

The Treasury’s Office of Foreign Assistance Control on Thursday added The Russian Direct Investment Fund to the list, along with a number of entities linked to RDIF parent Vnesheconombank and energy giant Rosneft.

Vnesheconombank was first sanctioned last year, but RDIF hadn’t been explicitly targeted until the announcement on Thursday.

Private equity moguls Steve Schwarzman of Blackstone, David Bonderman of TPG, and Leon Black of Apollo Global Management all served as board members for RDIF when it was established in 2011, according to a press release at the time.

At some point, those names were removed from the RDIF website.

The Wall Street Journal first reported that the investors’ names had disappeared from the site in September 2014, but said that they still served on the board at that time. There are currently no names listed on the international advisory board on RDIF’s website.

Back in 2011, each board member issued statements about joining the board. Here are some highlights:

“We believe there are many attractive investment opportunities in Russia — the RDIF will provide the strong and experienced local partnership needed for investors to realize those opportunities.” — David Bonderman

“Russia has strong fundamentals that will continue to fuel its growth trajectory and offer attractive investment opportunities. We believe the Russia Direct Investment Fund will help further align U.S. and Russian objectives in terms of identifying paths toward partnership in the private sector.” — Leon Black

“It’s always good to have friends when you are going to a place that you are not as familiar with.”  — Stephen Schwarzman

Bonderman has spoken publicly about investing in the country in recent months, telling an audience at the Milken Global Conference this year that the Russian market remains attractive, according to a report by CNN Money.

He is quoted as saying: “Sanctions are perfectly set up not to work at all but to make a political statement.”

Spokespeople for Blackstone and TPG declined to comment. Apollo could not be reached for comment.

A spokesperson for the Russian Direct Investment Fund said: “For Vnesheconombank subsidiaries the new clarification by the US Department of the Treasury is essentially a technical repetition of sanctions imposed a year ago, which targeted a number of Russian companies including Vnesheconombank and its subsidiaries.

“Given the nature of the Fund’s activity, RDIF has never attracted financing in the USA, it invests its own funds. Since the introduction of sanctions last year RDIF has continued to invest into the Russian economy and build new international partnerships.”

So what you ask?

Image result for sergei gorkov Sergei Gorkov

Well due to sanctions, those on the Trump campaign team, transition team and now in the White House may have violated sanctions. If so, the reason would be why, to what end and how many may be involved? It should also be added that many Republicans have ties to Russians and oligarchs, not all is as it seems. We can only hope, while not knowing details, the Senate is also investigating Hillary Clinton in much the same condition. Yet as Secretary of State, Hillary and Obama had the ability to sign waivers to finesse sanctions. This was likely the case between Hillary and the Kremlin regarding Skolkovo.

Remember, don’t shoot the messenger. Furthermore, it seems some on the Senate committee are leaking too.

Senate investigators are examining the activities of a little-known $10-billion Russian investment fund whose chief executive met with a member of President Donald Trump’s transition team four days before Trump’s inauguration, a congressional source told CNN.

The source said the Senate intelligence committee is investigating the Russian fund in connection with its examination of discussions between White House adviser Jared Kushner and the head of a prominent Russian bank. The bank, Vnesheconombank, or VEB, oversees the fund, which has ties to several Trump advisers. Both the bank and the fund have been covered since 2014 by sanctions restricting U.S. business dealings.
Separately, Steve Mnuchin, now Treasury Secretary, said in a January letter that he would look into the Jan. 16 meeting between the fund’s chief executive and Anthony Scaramucci, a member of the transition team’s executive committee and a fundraiser and adviser for Trump’s presidential campaign. At the time, Mnuchin had not yet been confirmed as Treasury Secretary. The Treasury Department did not respond to a request for an update.
Two Democratic senators had asked Treasury to investigate whether Scaramucci promised to lift sanctions — a policy shift that would help the fund attract more international investment to Russia.
The questions draw attention to the Russian Direct Investment Fund, a government investment arm that has helped top U.S. private-equity firms invest in Russia and that was advised by Stephen Schwarzman, who is now chairman of Trump’s Strategic and Policy Forum, an advisory group of business leaders.
Schwarzman, chief executive officer of Blackstone Group, was named in 2011 to the fund’s International Advisory Board along with other leaders of major equity companies and sovereigh-wealth funds who reviewed the fund’s operations, plans and potential investments. Schwarzman declined to comment. A source close to him said Schwarzman has not spoken to anyone on the fund “for some time.”
The fund also worked with Goldman Sachs, whose former president Gary Cohn is Trump’s chief economic adviser and where Kirill Dmitriev, the fund’s chief executive, worked as an investment banker in the 1990s. Goldman was part of a consortium created in 2012 to invest in large Russian businesses preparing to go public, and was hired in 2013 to burnish Russia’s investment image. The company declined to comment.

‘I would reach out to people to help him”

Senate and House investigators are looking into various Russian entities to determine whether anyone connected to the Trump campaign helped Russians as they meddled in the 2016 presidential election, and whether Trump associates discussed sanctions with Russian officials.
The congressional inquiries, along with a criminal investigation by special counsel Robert S. Mueller, have shadowed the Trump administration. Trump has denied any connection to Russia’s election-meddling, calling the criminal probe “a witch hunt.”
Scaramucci, the founder of SkyBridge Capital, minimized his January meeting with Dmitriev in the resort town of Davos, Switzerland, at the celebrated annual gathering of the World Economic Forum. Scaramucci had met Dmitriev at previous Davos meetings, although at the gathering in January, Scaramucci was expecting to be named White House liaison to the business community.
Dmitriev “came over to say hello in a restaurant, and I was cordial,” Scaramucci said in a recent email to CNN. “There is nothing there.”
The day after the meeting, Scaramucci told Bloomberg TV that he had “as a private citizen” been working with Dmitriev on bringing a delegation of executives to Russia.
“What I said to him last night, in my capacity inside the administration, I would certainly reach out to some people to help him,” Scaramucci said before describing a thicket of ethical clearances he would face. “The idea was many months ago to have more outreach with Russia but also other countries, not just Russia. China, other countries.”
Scaramucci’s comments alarmed Democratic Senators Elizabeth Warren of Massachusetts and Ben Cardin of Maryland, who asked Mnuchin investigate whether Scaramucci sought to “facilitate prohibited transactions” or promised to waive or lift sanctions against Russia.
In a reply Jan. 30, before he was sworn in, Mnuchin said he would “ensure the appropriate Department components assess whether further investigation of this matter is warranted.”
A spokeswoman for the Russian fund said the two men did not discuss sanctions, and that the discussion itself did not violate sanctions that U.S. imposed in 2014 after Russia annexed part of neighboring Ukraine. The spokeswoman declined to describe the conversation, saying, “We do not comment on private meetings.”

An advocate for lifting sanctions

Since Trump’s election, Dmitriev has been one of Russia’s most vocal officials in calling for an end to U.S. sanctions and arguing that joint U.S.-Russia projects can create jobs in the United States.
The fund hired two U.S. lobbying firms in September 2014, after sanctions were imposed, paying them a combined $150,000 over two months for public relations work. The fund has not hired any lobbyists since then.
With a history of helping U.S. manufacturers and asset management companies invest in Russia, the fund is a logical starting point for Russia’s push to lift U.S. sanctions, former State Department chief economist Rodney Ludema said.
“If you’re going to get your nose under the tent, that’s a good place to start,” said Ludema, a Georgetown University economics professor. “I’m sure their objective is to get rid of all the sanctions against the financial institutions. But RDIF is one [sanctioned organizations] where a number of prominent U.S. investors have been involved.”
Scaramucci also questioned U.S. sanctions while he was in Davos and echoed Trump’s statements about improving relations with Russia.
Two weeks after the meeting between Scaramucci and Dmitriev, when President Trump spoke by phone to Russian President Vladimir Putin, the fund announced it would open an office in New York in May.
No New York office has been opened but the fund “still expects to open a representative office in the US this year,” the spokeswoman said.

 

 

2016 Internet Crime Report

IC3 Releases Annual Report Highlighting Trends in Internet Crime

Giving someone access to your computer is like giving out a key to your front door. A computer can have your bank account information, family photos, and other private documents and data—information that fraudsters would like to steal. That’s why tech support fraud has become a significant trend in online crime, according to the 2016 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3).

In tech support fraud cases, criminals convince unsuspecting victims to provide remote access to their computer by calling and posing as tech support personnel from a legitimate company. The criminal can then simply charge your credit card for a fake anti-virus product, or, in more sinister situations, they can steal your personal information or install malware. More than 10,000 incidents of tech support fraud were reported to the IC3 in 2016, with victims losing nearly $8 million. Though anyone can be a victim, older computer users are the most vulnerable targets.

“They’ll trick you into letting them into your computer,” said IC3 Unit Chief Donna Gregory. “You open the door and allow them in. You may think you’re just watching them install a program to get rid of a virus, but they are really doing a lot of damage behind the scenes.”

In addition to tech support fraud, the other major fraud categories last year were business e-mail compromise, ransomware, and extortion.

The IC3 receives complaints on a variety of Internet scams and crimes, and it has received more than 3.7 million complaints since it was created in 2000. In 2016, the IC3 received a total of 298,728 complaints with reported losses in excess of $1.3 billion. The IC3 uses the information from public complaints to refer cases to the appropriate law enforcement agencies and identify trends. The IC3’s extensive database is also available to law enforcement. Internet users should report any Internet fraud to IC3, no matter the dollar amount. Additional data helps the FBI and law enforcement gain a more accurate picture of Internet crime.

The IC3 publishes the Internet Crime Report annually to increase public awareness of current trends in Internet crime. For this report, the IC3 has also created a separate state-by-state breakdown that allows users to select their state from a dropdown menu so they can review local trends in Internet crime. The top states for reported dollar amounts lost to Internet fraud in 2016 were California ($255 million), New York ($106 million), and Florida ($89 million).

Though Internet crime is a serious threat, there are ways to help keep yourself safe online. The IC3 recommends computer users update their anti-virus software and operating system. Additionally, the Internet is an especially important place to remember the old adage: If it sounds too good to be true, it probably is.

“Be aware of what you are clicking on and also what you’re posting on social media. Always lock down your social media accounts as much as possible,” Gregory said. “Try to use two factor authentication, and use safe passwords or things more difficult to guess. The tougher the password, the harder it is for someone to crack.”

Should Voting Systems be Classified as Critical Infrastructure?

While members of all political party voters seem to diss the notion that Russia intruded on voting systems in 2016, the proof is there. If you watched former DHS Secretary Jeh Johnson during his congressional testimony, it was not so much his responses but more about what members of congress know, to pose questions to Johnson.

Image result for u.s. voting systems

J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, contended U.S. election equipment is “vulnerable to sabotage” that “could change votes.”

“We’ve found ways for hackers to sabotage machines and steal votes. These capabilities are certainly within reach for America’s enemies,” Halderman told senators.

He said he and his team spent 10 years researching cyber vulnerabilities of election equipment. The professor said:

Some say that the fact that voting machines aren’t directly connected to the internet makes them secure. But, unfortunately, this is not true. Voting machines are not as distant from the internet as they may seem. Before every election, they need to be programmed with races and candidates. That programming is created on a desktop computer, then transferred to voting machines. If Russia infiltrated these election management computers, it could have spread a vote-stealing attack to a vast number of machines. I don’t know how far Russia got or whether they managed to interfere with equipment on Election Day. More here from Daily Signal.

Okay…still a non-believer? Let’s see what the States experiences.

Image result for voter registration database

Click here for additional video and interactive map of states using paper ballot backup systems.

Elections officials outgunned in Russia’s cyberwar against America

WASHINGTON/Charlotte Observer

Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot.

Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that “an extensive investigation” showed there was nothing to worry about with the county’s new registration software.

He was wrong.

What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations.

A week before the election, the hackers sent emails using a VR Systems address to 122 state and local election officials across the country, inviting them to open an attachment wired with malicious software that spoofed “legitimate elections-related services,” the report said. The malware was designed to retrieve enough additional information to set the stage for serious mischief, said the National Security Agency report disclosed by the Intercept, an investigative web site.

That wasn’t the only type of attack.

The new revelations about the Kremlin’s broad and sophisticated cyber offensive targeting Democrat Hillary Clinton and aimed at seating Donald Trump in the Oval Office have set off a wave of worry about the security of the nation’s voting systems. State election officials, facing questions as to whether they ignored oddities or red flags, have responded by accusing intelligence agencies of failing to alert them of the risks.

The truth is a hodge-podge of electronic machinery that enables Americans to exercise their most sacred democratic right is weakly guarded by state and local agencies. Those officials are quick to assure the voting public that their systems are secure, but they lack the resources and technical know-how to defend against cyber intrusions, or even to perform forensic examinations to ensure nothing happened.

Election officials in Illinois, another state that VR Systems lists as a customer, did not find out they were hacked by Russian operatives late last June until a week or two later. By then, the Russian operatives had downloaded about 90,000 voter registration records, leading to an investigation by the FBI and the U.S. Department of Homeland Security, said Ken Menzel, general counsel of the Illinois Board of Elections. Menzel confirmed a Bloomberg report that the Russians appeared to have made unsuccessful attempts to alter or delete some records.

In Georgia, where a nationally watched congressional runoff race is scheduled for Tuesday, Politico magazine reported that a U.S. hacker from a national laboratory seeking to expose vulnerabilities in election systems was able to easily download millions of voter records from Kennesaw State University’s Center for Election Systems, which manages them. Election watchdog groups say subsequent warnings to the state about a hole in their system went unheeded for months.

David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election.

“And we have done almost nothing to seriously examine that,” he said.

“The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?” Election officials across the country may not even know if they’ve been attacked, computer scientists say, pointing to the scenario that played out in Durham County.

EASY PREY

State and local voting systems appear to be easy prey for sophisticated hackers.

Five states use electronic voting machines with no paper backups, precluding audits that might verify the accuracy of their vote counts. They include Georgia, scene of Tuesday’s 6th District runoff election, Delaware, Louisiana, New Jersey and South Carolina. Parts of another nine states also are paperless, including the crucial swing state of Pennsylvania.

Although Congress has discouraged use of internet voting because of the potential for hackers to tamper with ballots, some 32 states allow military and overseas voters to transmit ballots online or via insecure fax machines. Alaska, Washington state and Hawaii have been the most permissive.

“If we don’t fix our badly broken system before the next major presidential election, we’re going to be hacked into,” said Barbara Simons, author of “Broken Ballots,” a 2012 book about election security published by Stanford University. “It might not just be Russia. It might be North Korea, China, Iran or partisans.”

While the Netherlands opted to shift to paper ballots when alerted the Russians were trying to swing its election outcome to the right, U.S. election officials have stood pat.

But former FBI Director James Comey, in widely watched testimony to the Senate Intelligence Committee on June 8, said “there should be no fuzz” about Russia’s barrage of millions of social media messages spreading falsehoods about Clinton.

“The Russians interfered in our election during the 2016 cycle,” he said. “They did it with purpose. They did it with sophistication. They did it with overwhelming technical efforts … And it is very, very serious.”

America’s saving grace could be its decentralized system in which cities, counties and states have used federal grants to procure a wide variety of voting equipment, limiting the potential impact of a single attack.

But that doesn’t mean targeted attacks couldn’t tip the outcome of closely divided races, even for the presidency.

CRITICAL INFRASTRUCTURE

On Jan. 6, American intelligence agencies issued a declassified report accusing Russia of the cyber attack ultimately aimed at helping Trump, calling it the Kremlin’s “boldest” operation ever aimed at influencing the United States. In a brief notation, the report said that, while the Russians targeted state and local voting systems, they did not attempt to corrupt vote-tallying equipment.

On the same day the report was released, in one of his last acts as U.S. secretary of Homeland Security, Jeh Johnson proclaimed the nation’s election systems to be “Critical Infrastructure,” a designation that not only makes their security a higher priority, but improves the climate for federal-state cooperation. Because state and local officials exert total control over their operations, the agency only can investigate a vulnerability or possible breach if asked to do so – an obstacle the new designation didn’t change.

A senior Homeland Security official, in an interview with McClatchy, batted down as wildly exaggerated a Bloomberg report stating that Russian cyber operatives had made “hits” on voting systems in 39 states. Every web site is constantly scanned by “bad actors,” just as burglars might case homes in a neighborhood. That doesn’t equate to hacking, said the official, who spoke on condition of anonymity because of the sensitivity of the matter.

“The ability to manipulate the vote tally, that’s quite complicated,” the Homeland Security official said. “We didn’t see an ability to really accomplish that even in an individual voting machine. You have to have physical access to do that. It’s not as easy as you think.”

Some of the nation’s top experts in voting security disagree.

Lawrence Livermore’s Jefferson voiced frustration with the “defensive” refrain of denials from state and local election officials, including the National Association of Secretaries of State.

“Election officials do not talk about vulnerabilities,” Jefferson said, “because that would give the advantage to the attacker. And they don’t want to undermine public confidence in elections.”

Halderman said Homeland Security officials told him they were unaware of a single county in any state that had conducted post-election forensic examinations of their voting equipment.

The Homeland Security official who spoke with McClatchy said the main concern for agency cyber specialists is not about vote-tampering; it’s related to the ability of intruders to sow confusion and chaos. That could entail schemes to foul voter registration data by, for example, removing the names of voters from the rolls so they are turned away at polling stations.

“This scenario is what we witnessed on the ground in North Carolina on Election Day,” said Susan Greenhalgh, a spokeswoman for the election watchdog group Verified Voting.

“If attackers wanted to impact an election through an attack on a vendor like VR Systems,” she said, “they could manipulate or delete voter records impacting a voter’s ability to cast a regular ballot. Or, they could cause the E-Pollbooks (electronic databases of voters) to malfunction, hampering the check-in process and creating long lines.”

North Carolina was considered to be a swing state in the presidential race, and Durham County, with an African-American population of more than 37 percent, had voted more than 75 percent in favor of putting and keeping Barack Obama in the White House. Last year’s governor’s race was a dead heat entering Election Day.

The chaos in Durham County led to 90-minute delays. Some voters rang a Voter Protection Hotline to complain that their names had disappeared from the registration system or that they were told they already had voted.

The county hired a contractor to investigate the foul-up, but the inquiry never examined whether the system was hacked.

Twenty other North Carolina counties used the system, including Mecklenburg County, encompassing most of Charlotte. Though none reported problems on the scale of Durham County, release of the NSA report prompted the North Carolina Board of Elections to order a new investigation.

A former FBI agent is leading the inquiry. Critics say the three-member investigative team again lacks expertise in forensics.

Mindy Perkins, VR Systems’ president and chief executive officer, said in a statement that the company immediately notified all of its customers as soon as it was alerted “to an obviously fraudulent email purporting to come from VR Systems” and advised them not to click on the attachment.

“We are only aware of a handful of our customers who actually received the fraudulent email,” she said. “We have no indication that any of them clicked on the attachment or were compromised as a result.”

She said the company has “policies and procedures in effect to protect our customers and our company.”

Even so, Russia succeeded in sneaking up on U.S. agencies, voting system vendors and intelligence agencies.

Halderman, the University of Michigan expert, said he believes the best solution is for states to require paper trails for all voting equipment and post-election audits to ensure the vote counts are authentic.

“There’s no guarantee that we’ll know we’re under attack,” he said, “unless we do the quality control that we need by doing these audits to detect manipulation.”

 

 

 

 

Global Blackouts, Anywhere in the World, Courtesy Russia

Fitful sleep last night after reading a very long detailed piece on Russian hackers versus Ukraine. Why, well the same tools and language they use have been found on American infrastructure and systems. Last thoughts before sleep were those of life before the internet and how people get emails with attachments that should never be opened. The short summary is just below. The more detailed and terrifying truth follows. It is a long summary, must be read…it is something like a cyber Hitchcock Twilight Zone disaster thriller, but it happened and happened often.

Image result for cyber war russia and us

Further, during a hearing in the House with former DHS Secretary, Jeh Johnson revealed a couple of key facts. One is told that during the election cycle, when the DNC hack, officials on numerous requests refused assistance, cooperation and discussions with DHS and FBI about foreign cyber intrusions. What was the DNC hiding? The other fact is Obama had the full details in intelligence briefings daily leading into November and December and refused to tell the country about Russian interference. He waited until after the elections and into December to take action. Why?

Okay, read on….

Image result for ukraine blackout CommentaryMagazine

Russia’s New Cyber Weapon Can Cause Blackouts Anywhere in the World

Hackers working with the Russian government have developed a cyber weapon that can disrupt power grids, U.S researchers claim. The cyber weapon has the potential to be absolutely disruptive if used on electronic systems necessary for the daily functioning of American cities.

The malicious software was used to shut down one-fifth of the electric power generated in Kiev, Ukraine last December. Called ‘CrashOverride’ the malware only briefly disrupted the power system but its potential was made clear.

With development, the cyber weapon could easily be used against U.S with devastating effects on transmission and distribution systems.

Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that examined the malware said, “It’s the culmination of over a decade of theory and attack scenarios, it’s a game changer.”

Dragos has dubbed the group of hackers who created the bug and used it in Ukraine, Electrum. The group and the virus have also been under scrutiny by cyber intelligence firm, FireEye, headed by John Hultquist. Hultquist’s company has nicknamed the group Sandworm and are keeping watch for clues of another attack.

The news of the malware comes in the middle of the ongoing investigation into Russia’s influence on the recent Presidential election. The Russian government is accused of trying to influence the outcome of the election by hacking hundreds of political organizations and leveraging social media.

While there is no hard evidence yet, U.S. officials believe the disruptive power hackers are closely connected to the Russian Government. U.S. based energy sector experts agree the malware is a huge concern and concede they are seeking ways to combat potential attacks.

“U.S utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,”said Michael Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporation.

CrashOverride

CrashOverride is only the second known instance of malware specifically designed to destroy or disrupt industrial control systems. The U.S. and Israel worked together to create Stuxnet, a bug designed to disrupt Iran’s nuclear enrichment program.

Robert M. Lee, chief executive of Dragos believes CrashOverride could be manipulated to attack other types of industrial control such as gas or water, though there has been no demonstration of that yet. But the sophistication of the entire operation is undeniable. The hackers had the resources to only develop the malware but to test it too.

The malware works by scanning for critical components that operate circuit breakers, then opening these breakers, which stops the flow of electricity. It continues to keep the circuit breakers open, even if a grid operator tries to close them. CrashOverride also cleverly comes with a “wiper” component that erases the existing software on the computer system that controls the circuit breakers. This forces the grid operator to revert to manual operations, which means a longer and more sustained power outage.

Potential outages could last a few hours and probably not more than a couple of days as U.S. power systems are designed to have high manual override capabilities necessary in extreme weather.

As mentioned above, you need to read the full detailed version here and just how the FBI, global cyber experts at the request of Ukraine worked diligently for accurate attribution to a Russian cyber force intruding on power systems. Hat tip to these experts and the story needs to go mainstream, as we are in a cyber war, the depths impossible to fully comprehend. Ukraine is the target and cyber incubation center for Russian cyber terrorists where they test, review, adapts and keep going without consequence.

Image result for ukraine blackout

Okay, read it all here. Hat tip for the detailed summary and the people doing quiet investigative cyber work.