June 14, 2017Gronda Morin

aside Russia Has Developed A Cyber-weapon That Can Attack US Power Grids

While the US congressional republicans are busy downplaying any negative news regarding the republican President Donald Trump, his team and any of their involvement in the Trump-Russian saga which includes Russia’s unprecedented interference with the 2016 US presidential elections, Russia has managed to develop cyber-warfare tools that could cripple the US power grid. And what steps are they taking to protect the USA from this possibility?

Here’s the rest of the story…

On June 12, 2017, Ellen Nakashima of the Washington Post penned the following report, Russia has developed a cyberweapon that can disrupt power grids, according to new research.”

Excerpts:

“Hackers allied with the Russian government have devised a cyber-weapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers.”

“The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system — in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev.”

But with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report Monday 6/12/17.

And Russian government hackers have shown their interest in targeting U.S. energy and other utility systems, researchers said.

 “It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone warned. “It’s a game changer.”
The revelation comes as the U.S. government is investigating a wide-ranging, ambitious effort by the Russian government last year to disrupt the U.S. presidential election and influence its outcome. That campaign employed a variety of methods, including hacking hundreds of political and other organizations, and leveraging social media, U.S. officials said. Dragos has named the group that created the new malware Electrum, and it has determined with high confidence that Electrum used the same computer systems as the hackers who attacked the Ukraine electric grid in 2015. That attack, which left 225,000 customers without power, was carried out by Russian government hackers, other U.S. researchers concluded. U.S. government officials have not officially attributed that attack to the Russian government, but some privately say they concur with the private-sector analysis.”

“The same Russian group that targeted U.S. [industrial control] systems in 2014 turned out the lights in Ukraine in 2015,” said John Hultquist, who analyzed both incidents while at iSight Partners, a cyber-intelligence firm now owned by FireEye, where he is director of intelligence analysis. Hultquist’s team had dubbed the group Sandworm.”

“We believe that Sandworm is tied in some way to the Russian government — whether they’re contractors or actual government officials, we’re not sure,” he said. “We believe they are linked to the security services.”

“Sandworm and Electrum may be the same group or two separate groups working within the same organization, but the forensic evidence shows they are related, said Robert M. Lee, chief executive of Dragos.”

 “The Department of Homeland Security, which works with the owners of the nation’s critical infrastructure systems, did not respond to a request for comment Sunday.”

Energy-sector experts said that the new malware is cause for concern, but that the industry is seeking to develop ways to disrupt attackers who breach their systems.

“U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,” said Michael J. Assante, who worked at Idaho National Labs and is a former chief security officer of the North American Electric Reliability Corporation, where he oversaw the rollout of industry cybersecurity standards.

CrashOverride is only the second instance of malware specifically tailored to disrupt or destroy industrial control systems. Stuxnet, the worm created by the United States and Israel to disrupt Iran’s nuclear capability, was an advanced military-grade weapon designed to affect centrifuges that enrich uranium.”

“In 2015, the Russians used malware to gain access to the power supply network in western Ukraine, but it was hackers at the keyboards who remotely manipulated the control systems to cause the blackout — not the malware itself, Hultquist said.”

“With CrashOverride, “what is particularly alarming . . . is that it is all part of a larger framework,” said Dan Gunter, a senior threat hunter for Dragos.”

“The malware is like a Swiss Army knife, where you flip open the tool you need and where different tools can be added to achieve different effects, Gunter said.”

“Theoretically, the malware can be modified to attack different types of industrial control systems, such as water and gas. However, the adversary has not demonstrated that level of sophistication, Lee said.”

“Still, the attackers probably had experts and resources available not only to develop the framework but also to test it, Gunter said. “This speaks to a larger effort often associated with nation-state or highly funded team operations.”

“One of the most insidious tools in CrashOverride manipulates the settings on electric power control systems. It scans for critical components that operate circuit breakers and opens the circuit breakers, which stops the flow of electricity. It continues to keep them open even if a grid operator tries to close them, creating a sustained power outage.”

“The malware also has a “wiper” component that erases the software on the computer system that controls the circuit breakers, forcing the grid operator to revert to manual operations, which means driving to the substation to restore power.”

With this malware, the attacker can target multiple locations with a “time bomb” functionality and set the malware to trigger simultaneously, Lee said. That could create outages in different areas at the same time.

The outages would last a few hours and probably not more than a couple of days, Lee said. That is because the U.S. electric industry has trained its operators to handle disruptions caused by large storms. “They’re used to having to restore power with manual operations,” he said.

So although the malware is “a significant leap forward in tradecraft, it’s also not a doomsday scenario,” he said.

The malware samples were first obtained by ESET, a Slovakian research firm, which shared some of them with Dragos. ESET has dubbed the malware Industroyer.

4 comments

    • Dear 1EarthUnited,

      Thanks for the reference but it is an older post from January 2017. The current Washington Post write up is from this month of June 2017 and it is not based on fake news. Other media sources have reported on this story.

      As per Slate by Fred Kaplan, ” the tool is nothing new—it has been around in various forms for a decade—but its implications are every bit as frightening as the headlines suggest.”

      “The first test of such a weapon, it’s worth noting, was devised by the United States government. On March 4, 2007, the Department of Energy conducted an experiment—called the Aurora Generator Test—to see whether a hacker could destroy a physical object through strictly cyber means. The test was the brainchild of Michael Assante, at the time the chief security officer for American Electric Power, which delivered electricity to millions of customers throughout the South, Midwest, and mid-Atlantic.”

      Hugs, Gronda

      Like

      • I believe this is a variation of the same story, if you read carefully, you’ll note that it is physically impossible to hack the power grid online with a computer because no power grid in the world is idiotic enough to connect to the internet. They are all closed loop systems with backup redundancies.

        The only way to breach any power grid system is an inside job, like the use of the Stuxnet worm to infect Iran’s nuclear enrichment plant, the CIA had to use an asset to infiltrate inside and physically introduce the “cyber weapon” via thumb drive or thru a rogue programmer/ operator from inside the facility.

        But you are right in some regard, like Russian “hackers” interfering with US elections, the hack was not Russian computers breaking into our voting booths and messing with the machines b/c all US voting machines are standalone/ offline. But as Lada Ray pointed out, Russian operatives may have infiltrated certain US software companies that provide the code for these machine. The vote count may be manipulated to favor Trump after the polling close!

        The same may happen with our national power grid system, some rouge US operative may slip a trojan program via Russian design software that can possibly disrupt or take down certain parts of the power grid. Keep in mind that there are plenty of safeguards and redundant backup systems that will automatically reroute or divert power away from the downed part of the grid. So it is virtually impossible to shut down the whole grid all at once.

        Even the Ukrainian power grid breach was contained in a few hours, back up and running the same day. Of course that was proven to be an inside job by the Huntas/ Ukro-Nazis and had nothing to do with the Russians.

        Bottom line, it’s not that easy to shut down the grid system of any country, let alone one as advanced as the US, they are plenty of internal monitoring systems and backup generators that are purely mechanical – NO computers needed!

        Like

Comments are closed.