Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: August 16, 2018 at 15:13:53 GMT+9
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
> Reply-To: dewayne-net () warpspeed com
>
> [Note:  This item comes from reader Randall Head.  DLH]
>
> Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
> Blackouts could have been caused after the networks of trusted vendors were easily penetrated
> By Rebecca Smith
> Jul 23 2018
> <https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110>
>
> Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them 
> inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. 
> They said the campaign likely is continuing.
>
> The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic 
> Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first 
> penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the 
> Department of Homeland Security.
>
> “They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief 
> of industrial-control-system analysis for DHS.
>
> DHS has been warning utility executives with security clearances about the Russian group’s threat to critical 
> infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an 
> unclassified setting with as much detail. It continues to withhold the names of victims but now says there were 
> hundreds of victims, not a few dozen as had been said previously.
>
> It also said some companies still may not know they have been compromised, because the attacks used credentials of 
> actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
>
> Experts have been warning about the Russian threat for some time.
>
> “They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said 
> Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden 
> Center at the University of Pennsylvania. “They are waging a covert war on the West.”
>
> Russia has denied targeting critical infrastructure.
>
> Mr. Homer said the cyberattack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, 
> exploited relationships that utilities have with vendors who have special access to update software, run diagnostics 
> on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
>
> The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims 
> into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom 
> were smaller companies without big budgets for cybersecurity.
>
> Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, 
> in many cases, for them to steal credentials from vendors and gain direct access to utility networks.
>
> Then they began stealing confidential information. For example, the hackers vacuumed up information showing how 
> utility networks were configured, what equipment was in use and how it was controlled. They also familiarized 
> themselves with how the facilities were supposed to work, because attackers “have to learn how to take the normal and 
> make it abnormal” to cause disruptions, said Mr. Homer.
>
> Their goal, he said: to disguise themselves as “the people who touch these systems on a daily basis.”
>
> DHS is conducting the briefings—four are planned—hoping for more industry cooperation. One thing the agency is trying 
> to learn is whether there are new infections, and whether the Russians have figured out ways to defeat security 
> enhancements like multifactor authentication.
>
> In addition, DHS is looking for evidence that the Russians are automating their attacks, which investigators worry 
> could presage a large increase in hacking efforts. “To scale, they’re eventually going to have to automate,” Mr. 
> Homer said.
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180816043811:B38C1338-A12F-11E8-8E70-BF92CDF57F3B
Powered by Listbox: https://www.listbox.com