Hackers had the power to cause blackouts, Symantec says. And yes, most signs point to Russia.
Andy Greenberg writes: In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will.
Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.
“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” says Eric Chien, a Symantec security analyst. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”
Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.
The Usual Suspects
Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.
Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. “It’s highly unlikely this is just coincidental,” Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls. Read the rest of this entry »
‘Be Afraid, America. Be Very Afraid’
Joseph Weiss writes:
…I’m talking about seizing control of industrial control systems. These ubiquitous hidden computers have gradually and quietly been put in charge of all manner of critical infrastructure—including nuclear power plants, the grid, water and gas pipelines, refineries, air traffic control, trains, factories, you name it.
[Also see – Cyberwar Ignites a New Arms Race]
Unlike the computers we use in our daily lives, these computers are largely invisible. They don’t have screens or keyboards. Most people aren’t aware that they exist. And yet they are embedded in low-level processes. They are everywhere because they create tremendous efficiencies and cost savings, and because they exist almost as an afterthought, they are often completely insecure. They often don’t run anti-virus software and by and large no one bothers to scan them to see if they might be infected with malicious software. And guess what? They often are connected to the Internet where a clever hacker half a world away can get access to them!
The threat is not hypothetical. There have been almost 750 control system cyber events (including both malicious and unintentional incidents). They’ve had a global impact. Industries have included power companies, pipelines, dams, planes, and trains. Why hasn’t the public heard about them? Most often because the victims didn’t realize it since they didn’t have the right forensics….(read more)
Source: The Daily Beast
— The Washington Times (@WashTimes) July 22, 2014
BRYANT JORDAN writes: Getting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.
It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.
“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”
Many reporters covering national security and government policy in Washington these days are taking precautions to keep their sources from becoming casualties in the Obama administration’s war on leaks. They and their remaining government sources often avoid phone conversations and e-mail exchanges, arranging furtive one-on-one meetings instead.
“We have to think more about when we use cellphones, when we use e-mail and when we need to meet sources in person,” said Michael Oreskes, senior managing editor of the Associated Press. “We need to be more and more aware that government can track our work without talking to our reporters, without letting us know.” Read the rest of this entry »
Publicist Ronni Chasen was waiting at a red light in Beverly Hills in 2010 when she was shot five times through the car’s closed passenger window and killed.Christopher Wallace, aka Biggie Smalls, was leaving a party in L.A. when a gunman sprayed the door of the rap star’s Suburban with 9 mm bullets, striking Wallace four times and killing him.
The combination of guns, death and the particular vulnerability that a car on a public street presents to stars who are under siege from paparazzi and stalkers hits close to home for many in L.A.’s celebrity culture, where spending lavishly on personal security is a seldom-discussed necessity. Read the rest of this entry »
A civil libertarian reflects on the dangers of the surveillance state
By PEGGY NOONAN
What is privacy? Why should we want to hold onto it? Why is it important, necessary, precious?
Is it just some prissy relic of the pretechnological past?
We talk about this now because of Edward Snowden, the National Security Agency revelations, and new fears that we are operating, all of us, within what has become or is becoming a massive surveillance state. They log your calls here, they can listen in, they can read your emails. They keep the data in mammoth machines that contain a huge collection of information about you and yours. This of course is in pursuit of a laudable goal, security in the age of terror.
Is it excessive? It certainly appears to be. Does that matter? Yes. Among other reasons: The end of the expectation that citizens’ communications are and will remain private will probably change us as a people, and a country.