Ukrainian Power Grid Hack

Uploaded on 2016-01-12 in BUSINESS-Production-Utilities, FREE TO VIEW, NEWS-News Analysis, TECHNOLOGY--Hackers

 

US intelligence and security agencies are investigating whether Russian government hackers were behind a cyber attack on the Ukrainian power grid last month, say multiple sources familiar with the investigation.

Computer security experts at the Central Intelligence Agency, the National Security Agency, and the Homeland Security Department are examining samples of malicious software recovered from the networks of a power company in western Ukraine, which said on Dec. 23 that a large area of the country had been left without electricity due to “interference” in its systems. Approximately 700,000 homes were without power for several hours.

If the blackout is positively attributed to the work of hackers, it will be the first documented case of a cyber attack on an electrical power facility that led to a loss of electricity. While hackers are suspected of having caused a blackout at least once in the past, there has never been a publicly confirmed case with technical data to back it up.

“It is a milestone,” John Hultquist, the director of cyber espionage analysis at computer security company iSIGHT Partners, which is analyzing hacking tools used in the intrusion, told The Daily Beast.

A confirmed cyber attack that caused a power outage would put pressure on President Obama to speak publicly about the event and say whether Russia was to blame. In 2014, Obama publicly identified North Korea as the culprit in a cyber attack on Sony Pictures Entertainment that destroyed company property and exposed private communications of executives. Obama ordered sanctions on North Korea, and US government hackers attacked key portions of North Korea’s fragile Internet in response.

Spokespersons for the CIA and the Homeland Security Department declined to comment for this article. A spokesperson for the National Security Agency didn’t respond to a request for comment. The Ukrainian government has publicly blamed Russia for the attack.

The attack in Ukraine could be a bad omen for the US power grid. Malicious software that was found on the networks of the company, Prykarpattyaoblenergo, was also used in a campaign targeting power facilities in the U.S. in 2014. It caused no damage but it set off alarms across the security and intelligence agencies.

At the time, the Homeland Security Department warned companies about the malware, known as BlackEnergy, which it said had been used in a hacking campaign that “comprised numerous industrial control systems environments…”

Industrial control systems are used to regulate the flow of electricity and to remotely control critical systems at power facilities. Security experts have warned for years that they could be commandeered via the Internet and give a hacker the ability to turn off electricity to whole cities.

“If you’re connected, you’re likely infected!” the department warned in another bulletin to power companies in the spring of 2015, urging them to disconnect any control systems that were still connected to the Internet in light of the BlackEnergy threat.

Attacks that cause loss of electrical power on a large-scale are one of a handful of nightmare scenarios that US national security officials have been trying to ensure don’t come to pass in America. They fear that cities could go without power for months or even weeks if equipment that generates or distributes electricity were taken offline and couldn’t be quickly replaced.

Among the questions the US government analysts want to answer in the Ukrainian case is how exactly the hackers were able to penetrate the company’s systems and whether they were acting on behalf of the government in Moscow or with its implied consent.

There is no doubt, multiple experts said, that the BlackEnergy malware that has been linked to intrusions into power facilities in the US was found in the Ukrainian company’s systems.

But US, and corporate analysts are proceeding cautiously given the momentousness of the event and the geopolitical implications of the Russian government’s involvement or complicity in a historic act of aggression. They’re also aware of the fact that most power outages in the US ultimately attributed to natural causes, such as storms and overgrown tree limbs, and that for all the hand-wringing about cyber attacks on the grid there has never been a proven instance. An outage in Brazil that was attributed to hackers was later said to be caused by dirty equipment.

Experts in government and at least three security companies are still compiling technical data that would show conclusively that the blackout was the result of a malicious cyber attack and not some other factor, such as human error or a mechanical failure.

But something close to a consensus view that the power outage was deliberately caused was forming among independent analysts on Tuesday. iSIGHT as well security company ESET have linked the blackout to hackers. And the SANS Institute, a respected research group that trains US government security experts, while not conclusively identifying the cause of the blackout said in a blog post last week, “The Ukrainian power outage is more likely to have been caused by a cyber attack than previously thought.”

Hultquist, of iSIGHT, said the hackers were likely part of a group that the company dubbed Sandworm and that it tracked in 2014, during the probes of US power facilities that prompted the government warning.

“I believe at the time they were preparing for an escalating event with US and Europe,” Hultquist said. It’s still not clear why the hackers didn’t follow through and cause a power outage, but Hultquist described their probes as a “reconnaissance” mission that would give them the lay of the land should they have chosen to launch an assault.

Russian hackers have been blamed for cyber attacks in the past, including against Pentagon networks last year in an apparent attempt to steal military secrets.

Given that Russia has demonstrated both the will and the expertise to use cyber attacks, US officials are paying especially close attention to the event in Ukraine.

“I’m confident they and the Ukrainian government have a lot of data and a lot of technical evidence that’s not yet public,” Robert M. Lee, the founder and CEO of Dragos Security, who has worked in the intelligence community and the military as a cyber warfare operations officer, told The Daily Beast.

White House officials declined to comment for this article. But Obama has stressed for years that US electrical systems are vulnerable to cyber attacks. In May 2009, in his first major address about cyber security after taking office, Obama said, “We know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.”

He did not name those countries.

In 2008, Tom Donohue, then the CIA’s chief cyber-security officer, said that hackers had breached computer systems of utility companies outside the US and had demanded ransom or else they’d shut down the power.

Donohue, who spoke at a gathering in New Orleans of security executives from government agencies and large US utilities and energy companies, said that in at least one case an intrusion had caused a power outage that affected multiple cities. The CIA didn’t know who was behind the attacks, “but all involved intrusions through the Internet,” Donohue said.

Daily Beast: http://thebea.st/1Oc1pdh

« TalkTalk Hack Revisted
Cyber Security In Modern Railways »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.