Fitful sleep last night after reading a very long detailed piece on Russian hackers versus Ukraine. Why, well the same tools and language they use have been found on American infrastructure and systems. Last thoughts before sleep were those of life before the internet and how people get emails with attachments that should never be opened. The short summary is just below. The more detailed and terrifying truth follows. It is a long summary, must be read…it is something like a cyber Hitchcock Twilight Zone disaster thriller, but it happened and happened often.
Further, during a hearing in the House with former DHS Secretary, Jeh Johnson revealed a couple of key facts. One is told that during the election cycle, when the DNC hack, officials on numerous requests refused assistance, cooperation and discussions with DHS and FBI about foreign cyber intrusions. What was the DNC hiding? The other fact is Obama had the full details in intelligence briefings daily leading into November and December and refused to tell the country about Russian interference. He waited until after the elections and into December to take action. Why?
Okay, read on….
Hackers working with the Russian government have developed a cyber weapon that can disrupt power grids, U.S researchers claim. The cyber weapon has the potential to be absolutely disruptive if used on electronic systems necessary for the daily functioning of American cities.
The malicious software was used to shut down one-fifth of the electric power generated in Kiev, Ukraine last December. Called ‘CrashOverride’ the malware only briefly disrupted the power system but its potential was made clear.
With development, the cyber weapon could easily be used against U.S with devastating effects on transmission and distribution systems.
Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that examined the malware said, “It’s the culmination of over a decade of theory and attack scenarios, it’s a game changer.”
Dragos has dubbed the group of hackers who created the bug and used it in Ukraine, Electrum. The group and the virus have also been under scrutiny by cyber intelligence firm, FireEye, headed by John Hultquist. Hultquist’s company has nicknamed the group Sandworm and are keeping watch for clues of another attack.
The news of the malware comes in the middle of the ongoing investigation into Russia’s influence on the recent Presidential election. The Russian government is accused of trying to influence the outcome of the election by hacking hundreds of political organizations and leveraging social media.
While there is no hard evidence yet, U.S. officials believe the disruptive power hackers are closely connected to the Russian Government. U.S. based energy sector experts agree the malware is a huge concern and concede they are seeking ways to combat potential attacks.
“U.S utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,”said Michael Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporation.
CrashOverride is only the second known instance of malware specifically designed to destroy or disrupt industrial control systems. The U.S. and Israel worked together to create Stuxnet, a bug designed to disrupt Iran’s nuclear enrichment program.
Robert M. Lee, chief executive of Dragos believes CrashOverride could be manipulated to attack other types of industrial control such as gas or water, though there has been no demonstration of that yet. But the sophistication of the entire operation is undeniable. The hackers had the resources to only develop the malware but to test it too.
The malware works by scanning for critical components that operate circuit breakers, then opening these breakers, which stops the flow of electricity. It continues to keep the circuit breakers open, even if a grid operator tries to close them. CrashOverride also cleverly comes with a “wiper” component that erases the existing software on the computer system that controls the circuit breakers. This forces the grid operator to revert to manual operations, which means a longer and more sustained power outage.
Potential outages could last a few hours and probably not more than a couple of days as U.S. power systems are designed to have high manual override capabilities necessary in extreme weather.
As mentioned above, you need to read the full detailed version here and just how the FBI, global cyber experts at the request of Ukraine worked diligently for accurate attribution to a Russian cyber force intruding on power systems. Hat tip to these experts and the story needs to go mainstream, as we are in a cyber war, the depths impossible to fully comprehend. Ukraine is the target and cyber incubation center for Russian cyber terrorists where they test, review, adapts and keep going without consequence.
Okay, read it all here. Hat tip for the detailed summary and the people doing quiet investigative cyber work.