U.S. Planted Powerful Malware in Russia's Power Grid: Report

[steven36]

The New York Times reported over the weekend that the United States planted potentially destructive malware in Russia’s electric power grid, but President Donald Trump has denied the claims.

 

 

The newspaper has learned from current and former government officials that the U.S. has been probing control systems of the Russian power grid since at least 2012 as part of reconnaissance operations. However, the officials claimed the U.S. recently ramped up its efforts and started launching more offensive activities that involve placing “potentially crippling malware [...] at a depth and with an aggressiveness that had never been tried before.”

 

According to The New York Times, these hacking operations area meant as a warning to Russian President Vladimir Putin and appear to show how the White House is using new authorities granted last year to the U.S. Cyber Command. There is no evidence that the planted malware was actually used to cause any disruption.

 

U.S. government agencies contacted by the newspaper did not comment on the allegations, but President Trump said on Twitter that the story was not true.

 

“Do you believe that the Failing New York Times just did a story stating that the United States is substantially increasing Cyber Attacks on Russia. This is a virtual act of Treason by a once great paper so desperate for a story, any story, even if bad for our Country,” Trump wrote.

 

“ALSO, NOT TRUE! Anything goes with our Corrupt News Media today. They will do, or say, whatever it takes, with not even the slightest thought of consequence! These are true cowards and without doubt, THE ENEMY OF THE PEOPLE!” he added.

 

Two officials told The Times that they believed Trump had not been briefed in detail about the steps to plant malware inside Russian systems due to concerns over his reaction and the possibility that he could either cancel the operation or discuss it with foreign officials.

 

However, national security adviser, John Bolton, did say last week that Russia or anyone else engaged in cyber operations against the United States “will pay a price.”

 

There have been several confirmed and unconfirmed reports describing cyberattacks launched by the U.S. against its adversaries, including North Korea, Iran and the Islamic State. However, when it comes to Russia, the United States has mostly played the victim, often accusing Moscow — directly or indirectly — of launching cyberattacks and online misinformation campaigns.

 

There have been reports of Russia-linked hackers targeting control systems in energy facilities in the U.S. and, most recently, a threat actor with apparent ties to a Russian government-backed research institute was spotted targeting electric utilities in the United States and the Asia-Pacific region.

 

Recent disruptions to electrical grid operations in the United States have been blamed on a denial-of-service (DoS) incident, but no power outages were reported and the incident was apparently not part of a coordinated hacking operation.

 

Source

[Karlston]

Russia warns of “cyberwar” following report the US attacked its power grid

NYT reported on US efforts to insert malware into Russia's energy infrastructure.

Enlarge / Zapadnaya in the Moscow region.

Vladimir Fedorenko / Владимир Федоренко

The Kremlin on Monday warned that reported US digital incursions into Russia's electric power grid could trigger a "cyberwar" between the two countries.

 

The warning came two days after The New York Times reported that the US Cyber Command, the arm of the Pentagon that runs the military's offensive and defensive operations in the online world, was aggressively stepping up its targeting of Russia's grid. Saturday's report said the command had taken steps to place "potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before." In some cases, the NYT reported, Pentagon and intelligence officials have been hesitant to brief President Trump in detail about the activities out of concern he might countermand the operations or discuss them with foreign officials. Last year, Trump gave the Cyber Command more leeway to conduct offensive online operations, the publication said.

 

Some analysts have cast doubt on the NYT reporting that the United States has put implants inside Russia's grid, and the publication was clear it had no classified information detailing how deep into Russia's power infrastructure the US has bored. The report, however, was enough to get the attention of Kremlin officials, who pushed back in a post published Monday by the TASS news agency, which is owned by the Russian government.

 

"If one assumes that some government agencies do this without informing the head of state, then of course this may indicate that cyberwar against Russia might be a hypothetical possibility," Russian Presidential Spokesman Dmitry Peskov said. The spokesman went on to say that "vital areas of our economy are under continuous attacks from abroad." Russian agencies have countered the attacks to prevent damage to the country's economy.

 

Saturday's NYT article came one day after researchers with security firm Dragos said that hackers behind at least two dangerous intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere. Last year, researchers with security firm FireEye said the hacker group's malware—which actively targets safety systems used to prevent explosions, fires, and other potentially fatal accidents—was developed with the help of the Central Scientific Research Institute of Chemistry and Mechanics in Moscow.

 

The NYT said the United States' increasingly offensive digital incursions into Russia's electric infrastructure were part of a broader view designed to make Russia and other US adversaries pay a price for engaging in cyberoperations against the US or US interests. Such operations include inroads into US industrial systems by the same Russian hackers who breached regional power authorities in Ukraine in December 2015. Those breaches left hundreds of thousands of people in the Ivano-Frankivsk region of the country without electricity.

 

Following revelations in 2016 that Russian hackers breached the Democratic National Committee and focused on the US power grid, the NYT said, then-President Obama decided to be less passive.

 

"Mr. Obama secretly ordered some kind of message-sending action inside the Russian grid, the specifics of which have never become public," reporters David Sanger and Nicole Perlroth wrote. "It is unclear whether much was accomplished."

 

More recently, Trump advisors have signaled a more aggressive posture. Speaking last Tuesday at a conference organized by The Wall Street Journal, President Trump's national security advisor John Bolton reportedly said: "We thought the response in cyberspace against electoral meddling was the highest priority last year, and so that's what we focused on. But we're now opening the aperture, broadening the areas we're prepared to act in."

Sharply reduced shelf life

As noted earlier, at least one analyst has publicly doubted the NYT's reporting that the US operations included the placing of implants inside the Russian power grid.

 

"Revealing potent 'implants' to the adversary means sending the adversary into intense search mode, so 'implants' likely will have a sharply reduced shelf-life," Johns Hopkins political scientist Thomas Rid wrote on Twitter on Sunday. "Publicity burns capabilities. I find it hard to believe that CYBERCOM would burn top-tier tools like this."

 

On Monday, Prof. Rid posted this update as he was en route to Moscow to speak about hacking: "Don't put too much stock into the core 'implant' claim in the original story (sorry I can't say more)."

 

 

While it remains unclear precisely how the new, more aggressive digital incursions into Russia's power grid are manifesting themselves, Saturday's report has clearly gotten the attention of Russian foreign policy commentators. "This is a direct challenge that Moscow cannot leave unanswered," Ruslan Pukhov, an arms expert and head of the Center for Strategies and Technologies, told the Russian business daily Kommersant, according to the NYT. Monday's NYT article also said US efforts to insert malware into Russia's energy system might jeopardize a possible Putin-Trump meeting at the G20 Summit in Japan later this month.

 

 

 

Source: Russia warns of “cyberwar” following report the US attacked its power grid (Ars Technica)

[Ha91]

Weird. Confusing. Possibly true and idiotic of NYT to publish it - if it really was the case.