Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say (wsj.com) 371
"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."
The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."
At some point... (Score:2, Insightful)
They just ought to sever all internet connections in and out of Russia.
Re:At some point... (Score:2)
If the Russians could skip air-gap inside secure US facilities, you think air gap around their borders will be of any use?
Re: At some point... (Score:2)
Comment removed (Score:2)
Re: At some point... (Score:2)
the banks have that money, and the "democracy" by the balls.
Re:At some point... (Score:2)
Unpossible! (Score:4, Funny)
I don't believe it. Deep state. Carter Page. Witch hunt.
It's probably best to just end all investigations towards anything related to Russia.
Re:Unpossible! (Score:2)
Hackers reached the point whee they could throw switches... but apparently didn't throw any switches. Bullshit.
Re:Unpossible! (Score:2)
Just because I can bring down the internet doesn't mean I do it right away. Timing is everything when you're doing a hack.
You know you're joking (Score:4, Interesting)
Re:You know you're joking (Score:5, Insightful)
and maybe trolling but Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki.
That's because he is down to more or less just his psycho base supporters. An alarmingly large group but they support him no matter how crazy he gets. He could start a nuclear war and they would cheer him on the whole way and probably try to find some way to blame Obama or Clinton for it.
What I find especially odd is most of his supporters are old enough to have been cold warrior types.
His supporters are not that old as a general proposition. He has too many of them for that to be the case though certainly a fair number of them are older. Heck I'm old enough to have been around during the later decades of the cold war and the people that really lived through the middle of it are drawing social security now. Trumps supporters are more diverse than just old people.
Re:You know you're joking (Score:3)
You say that to comfort yourself and mentally reinforce your moral superiority, but if Trump's base alone gets him to 45%, that should scare the shit out of you.
It is both true, and shit-scaring.
Re:You know you're joking (Score:2)
What I find especially odd is most of his supporters are old enough to have been cold warrior types. It'd be one thing if Putin wasn't ex-KGB. There wasn't much in Russia to fear (they were pretty blasted out by WWII) but their KGB seemed to know damn well what they were doing.
What I find odd is that the old white leaders of the Dems today were all giving Russia big wet sloppy kisses while Putin was still KGB and while Russia literally was a communist dictatorship with gulags and everything.
Re:You know you're joking (Score:2)
My mind baulks at how anyone can control anything across an true air gapped network. Unless the people controlling it are fucking morons and left wireless gear in there. Also doesn't matter what the fuck the attack, air gapped is meant to be gapped, nothing goes onto it that hasn't been scanned, you only plug in clean computer without wireless anything, all applications checked, all data checked. Work hard enough to create a proper airgapped network nothing gets on, the only way something gets on is down to people, incompetence, bribe and at budget time 'FALSE FLAG'. Don't thing they would do it on purpose, nothing to do with blaming Russians but in the US they are now the favourites and every-fucking-thing to do with contractors wanting multi-million dollar contracts to secure networks. Hundreds of millions of dollars in contracts, would they fuck up networks on purpose to get paid millions to secure them, hmm, let me think, yes abso-fucking-lutely.
Re:You know you're joking (Score:2)
Trump's poll numbers didn't budge an inch even after that downright terrifying display in Helsinki.
I know. I don't know if everything is to be blamed on Russia or not, but I know one of their goals is to divide the US. If people can watch a president talk all tough on Twitter, then show up and fold like a cowardly wet paper towel, sell out our country, and talk about how strong our greatest adversary is, and still like the president, then I'm inclined to believe that Russia's machine is doing its job.
It'd be one thing if Putin wasn't ex-KGB.
"There is no such thing as a former KGB man." - Vladimir Vladimirovich Putin, responding to Prime Minister Sergei Stepashin, who called himself a former KGB officer.
"My notion of the KGB came from romantic spy stories. I was a pure and utterly successful product of Soviet patriotic education." - Putin
Re: You know you're joking (Score:5, Informative)
That the way Trump wishes to do it is indistinguishable from someone who is compromised and being used. That's the scary part.
US/Russia relations (Score:5, Insightful)
What are you so afraid of?
If you have to ask that question then you know fuck-all about US/Russia relations over the last 80 years.
What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?
What's terrifying is HOW Trump is trying to do it. Peaceful cooperation with Russia is a reasonable goal but not at any cost or by abandoning countries that actually are friendly to the US. Russia is NOT a friend to the US and pretending that the interests of those two countries have somehow magically aligned because Trump is in the White House is absurd.
Re:US/Russia relations (Score:2)
Do you not know, being a friend is a two way street. the USA is friend to no one and as publicly stated the US governments demands that it must dominate the entire globe in every sphere of human activity, starting off with the military industrial complex and nuclear weapons targeted at every single other country on the globe
From the rest of the planet's viewpoint it's not fuck Russia, it's fuck the war warmongering USA. Yeah, you guys are the enemies of peace on this planet, not Russia and not China, USA number one killers on the planet no one else even close, please fucking abandon us, leave us the fuck alone, start eating yourselves alive. This would be the average viewpoint of the rest of the planet.
Nation states don't have friends (Score:2)
Do you not know, being a friend is a two way street. the USA is friend to no one
No nation state really has friends. Friend is a term of convenience and nation states in reality do not have friends. The US and Canada are about as close to "friends" as any two countries can get but I assure you that is only because of interests that happen to align. The US and western Europe are "friends" and if you don't understand why then you need to go study your history before posting any more drivel.
as publicly stated the US governments demands that it must dominate the entire globe in every sphere of human activity, starting off with the military industrial complex and nuclear weapons targeted at every single other country on the globe
Citation needed.
From the rest of the planet's viewpoint it's not fuck Russia, it's fuck the war warmongering USA.
Warmongering US? As opposed to Russia which just invaded Crimea and is actively supporting a dictator in the Syrian Civil war? The same Russia that sells 20% [rferl.org] of the world military hardware? Yeah spare me the notion that the US is worse that Russia on the warmongering.
Re:US/Russia relations (Score:2)
NATO wasn't a thing in 1917 or 1941.
But it has been since 1949, and it held the Soviet Union back since then. That's what Putin wants to change.
Trump's merely calling them out on their freeloading.
No, Trump is only grandstanding, playing to his base. You can tell by his recent NATO meetings when he talked about getting everyone to agree to do more. Well, he lied. He didn't. They didn't agree to anything more than what they agreed to during Obama's term, which was to increase defense spending to 2% of their GDP by 2024. That agreement did not change, but Trump was still trying to sell his meeting as some sort of success. Literally nothing changed, and Trump is saying he won something.
Trump is the APK of international politics.
Re: You know you're joking (Score:2)
What is so terrifying about the US and Russia improving relations and bringing a little more piece to the world?
Despite what the president tells you on Twitter, Putin's goal is not peace and improved relations. Putin wants to break apart NATO, he wants to break apart the EU, he wants to disrupt democratic governments and would rather deal with autocrats and dictators. These are his goals, not happy fun times and unicorns. He is working to achieve them, and has been for decades. One of the ways his intelligence services help accomplish this are by creating divisions in other countries. Look at Brexit. Look at Trump's election. It's working. He's been playing a long game, also.
Re:You know you're joking (Score:2)
Well, I'm using the 538 rolling average, so it's at least slightly resistant to both error and movement.
It seems to take at least a week for any change.
The 10-11 threshold seems to be pretty relevant though, it's when generic (midterm) polling starts to break 9% and Republicans start to maybe sort of not rubber stamp everything about Trump. 9% poll lead puts the senate in the realm of possible for the democrats (obviously individual races will have effects, and likely the real life gap will need to be a touch higher, but it starts to look like the realm of typical polling deviation), and the house quite likely (even with typical polling errors against).
Your link has his day one approval at 40, with 42 now (favorables aren't a great measure of approval IMO).
I suspect a significant portion of the 40% are quite into the baiting that's happening. Also, the trade war was/is a notable bump to popularity, so the fact that it moved at all as it escalates is notable.
Re:Quick Change Topics! (Score:5, Informative)
Amazing. Every single word in those two sentences was wrong.
Re: Quick Change Topics! (Score:5, Informative)
2016.
https://motherboard.vice.com/e... [vice.com]
Here is some more background on Trump's "Where is the server?" lie:
https://www.politifact.com/tru... [politifact.com]
Re: Quick Change Topics! (Score:3, Insightful)
https://www.cnn.com/2017/01/05... [cnn.com]
That is a bit of news from the time it happened, not a few days ago, after they needed to show they did have access to the server.
Washington (CNN)The Democratic National Committee "rebuffed" a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday.
SO, which story do you actually believe? The one where they rebuffed attempts to inspect the server, or the one that they're using now, that they had the servers the whole time?
Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"
And until people grow up, and see that, we're never going to get anywhere. So, please stop with the re-written history, it is embarrassing .
Re: Quick Change Topics! (Score:5, Insightful)
The FBI is not the "Intel Community". They're law enforcement, no less than your local cops. They have about the same record of integrity, too, which is saying, "so-so". But they take the whole, "national security" thing pretty seriously. And that includes all the Trump appointments, and his director of national intelligence and his attorney general. And while you're being Inspector Gadget finally trying to get the dirt on Hillary Clinton, there is a legal noose tightening around Trump's neck. Indictments, convictions, guys in jail.
And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.
So, the question you have to ask yourself is if you believe Donald Trump or people appointed by Republicans to be FBI director, attorney general, FISA judges, etc etc. You can either trust people that have actually earned trust or a guy who changes his story about what he actually said on live fucking camera four times between Monday and Thursday.
Not you, ArchMike. It's too late for you. The question is for other people reading this. You're already too far gone down the 4chan hole looking for pizza and crisis actors. The question is for the grown folks.
Re: Quick Change Topics! (Score:2)
And yes, there are at least three copies of the forensically-imaged DNC server in the FBI's possession. We know this because the Trump Justice Department has told us so.
I can't find any evidence of the Trump Justice Department saying that.
What we do know is that back in 2016 the DNC hired the respected cybersecurity firm CrowdStrike to determine if their mail servers had been hacked, and how, and by whom -- and to make sure the attackers were booted out. CrowdStrike made forensic images of the servers for analysis and provided copies to the FBI. James Comey said during his January 2017 testimony before Congress that "We got the forensics from the pros that they hired which -- again, best practice is always to get access to the machines themselves, but this my folks tell me was an appropriate substitute."
There is one problem with the CrowdStrike-provided images, which is that although no one questions CrowdStrike's competence or integrity, they did not maintain proper legal chain of custody documentation. This means that information obtained from the images would be easily challenged in any criminal or civil court proceeding.
In any case, I'm sure the FBI still has copies of the CrowdStrike-created server images. I'm not sure why they'd want to keep three of them, in particular, though it would obviously make sense to have more than one and to store the copies in different locations to protect against loss.
Re: Quick Change Topics! (Score:2)
Signed, forensic images of computer system have been accepted as legal evidence for over a decade.
Re: Quick Change Topics! (Score:2)
Signed, forensic images of computer system have been accepted as legal evidence for over a decade.
Sure, if chain of custody was maintained and documented.
Re: Quick Change Topics! (Score:2)
The chain of custody on the forensic images has not been questioned.
Well, maybe by Hannity or Alex Jones or someone. Not by anyone who doesn't froth.
Unfortunately I don't recall where I read about the chain of custody issues. I don't read (or watch/listen to) Hannity or Alex Jones or anyone like that, though. Most of my news comes from the NYT and The Economist. If i can find a reference, I'll post it.
Re: Quick Change Topics! (Score:2)
The FBI is not the "Intel Community"
Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'
Re: Quick Change Topics! (Score:2)
Word games from "Mr. Establishment" himself... color me surprised at your 'semantic creativity.'
The FBI has an intelligence branch, but the FBI itself is law enforcement, not intelligence.
Here, in chronological order:
Office of Naval Intelligence, USN, DOD
Coast Guard Intelligence, USCG, Homeland Security
Bureau of Intelligence and Research, Dept. State
Central Intelligence Agency, independent
25th Air Force, USAF, DOD
National Security Agency, DOD
Defense Intelligence Agency, DOD
National Reconnaissance Office, DOD
Intelligence and Security Command, US Army, DOD
Office of Intelligence and Counterintelligence, DOE
Marine Corps Intelligence Activity, USMC, DOD
National Geospatial-Intelligence Agency, DOD
Office of Terrorism and Financial Intelligence, Treasury
Intelligence Branch, FBI, DOJ
Office of National Security Intelligence, DEA, DOJ
Office of Intelligence and Analysis, Homeland Security
The head of the intelligence community is Dan Coats, DNI.
Re: Quick Change Topics! (Score:2)
Personally, if you believe ANYTHING coming from the "Intel Community" either way you're an idiot. They lie. They lie straight faced in front of congress about all sorts of things, spying on Americans to there were weapons of mass destruction in Iraq. This isn't a "Right vs Left" issue, because both sides have been on both sides of hating and defending the "intel community"
You're right, that's less of a "right vs left" issue and more of an "America vs Russia" issue. That's one of their goals - to get Americans to distrust each other and our own institutions. People need to remember who the real enemy is, it is not other Americans. The intelligence community in the US is full of people who genuinely love the country and want to see it do well, and they don't deserve these buckets of scorn. They aren't perfect, and sometimes they do something that I don't agree with, but to suggest that the entire community cannot be trusted is playing directly into Putin's hand. Watch out, in your quest to be Ultimate Patriot #1 you might realize that you're just another apparatchik.
Re: Quick Change Topics! (Score:2)
No. You obviously can't comprehend the statement you quoted. I clearly indicated that I don't trust them, and/but I made no reference to Trump's truthiness. That kind of cognitive dissonance is why people like you come off as idiots when it is pointed out. You should try thinking in non-binary.
Re: Quick Change Topics! (Score:2)
Da, My Russian is a bit rusty. Though I got my Russian Troll money! Go Putin! Yay! You should sign up, it pays really well!
Re: Quick Change Topics! (Score:2)
Do they require you to move to Arkhangelsk or is that optional?
that Vice piece is a joke though (Score:3, Interesting)
First note the weasel words:
Then the canards:
As if the FBI has to have the hardware transported to a lab to analyze it. They have agents with functioning legs who could examine the servers while they are powered on.
And finally the crux of the issue:
The FBI wouldn't trust CrowdStrike to make such an image. Not one involving multiple servers allegedly hacked by high level foreign intelligence operatives. Not when the FBI has long had access to sophisticated malware, malware that other nation-states could also use, malware that could be missed by civilian tools.
Not only does this stand out for people who have bullshit detectors after 2002, [youtube.com] it should upset partisan Democrats who are true believes in Russiagate. Why, there could have been the old KGB telnet handle from Pootie Poot himself buried in some encrypted memory, if only the FBI had access to the hardware to analyze it....
Re:that Vice piece is a joke though (Score:5, Informative)
Of course they would. The FBI uses contractors all the time. Especially for what the president calls "the cyber".
https://www.reuters.com/articl... [reuters.com]
Re: Quick Change Topics! (Score:2)
Figured wrong, I clearly did. ;)
Re:Pope Ratzo is a moron (Score:2)
It doesn't change your narrative, but a quick update. The IG report and Congressional testimony has revealed that all except four of the emails on Clinton's server were forwarded to an entity outside of the US. It was reported to Strozk, who ignored it. Then led the investigation down the "no harm, no foul" road.
Re: Quick Change Topics! (Score:2, Funny)
The millineal generation
Phrase. Literal
A generation consisting of 1/1000th of a Neal.
Suppose that were true (Score:5, Informative)
Suppose Russia isn't constantly trying to hack the US.
We have daily news reports saying they are, that essentially they are fighting a cyber war against us and that's been going on for years, but we'll assume for a moment that is false.
Nobody is doing anything about it, of course. Obama nor Trump fired a barrage of missiles in a counter-attack, nor really made any big deal about it - they're still doimg trade deals, selling the Russians a significant portion of our Uranium, etc.
So Putin sees that nobody really cares about the reported attacks. Nobody seems all that bothered about it - not enough to demand any counter-attack.
Suppose you're Putin, or Russian intelligence, or head of Russia's cyberwarfare command. You see that constant statements that you're attacking the US don't lead to any significant response. You see that you COULD attack the US with impunity and they wouldn't do anything about it.
What would YOU do if you were Putin, or head of Russia's cybercommand, and you knew you could get away with attacking the US as much as you wanted?
If it were me, seeing that nobody cares whether Russia attacks us or not, I'd go right ahead and attack. We're getting blamed for it anyway.
So either Putin and his commanders are stupid, and not taking advantage of the situation, or you're mistaken.
As it happens, I'm a career security professional. Knowing about hacks is my job. I work at a company founded by Misha Govshteyn. Guess where Misha is from. Mr. Govshteyn and I will tell you, Russia is hacking the hell out of the US all day long. Only China sends more attacks.
Re:Suppose that were true (Score:2, Insightful)
The Uranium bit was a red herring. It was signed off by a ton of people and overblown.
As for as Russian attacks go, I think people need to segregate issues a bit.
1. Russia did manipulate our elections with propaganda and it is plausible but not proven that those manipulations were enough to cause enough voters to vote for Trump or not for Hillary where it mattered. That is the simple truth, though it isn't spoken much. Usually people say the outcome wasn't changed, and you can no more 100% know that than know that it wasn't. The numbers were close, and there was a lot of manipulation.
2. Russia is going to do it again, but that is almost totally irrelevant. Now that we've shown we will bend over and take it, particularly if it benefits one party, it likely won't be limited to Russia.
3. We need to be on a (cyber) wartime footing with respect to these things. Foreign manipulation needs to be addressed and mitigated. Voting machine secured. Voting registrations roles not carelessly purged, etc, etc. If we have to fight cyber attacks with cyber attacks we must do so, since the alternative is worse. We can't, however, lie, though exposing actual illegal dealings in Russia's politicians is fair game at this point. The emails uncovered were technically not lies. They just uncovered every rock they could find while the republican side got to skim by with revealing nothing. Basically it was a bit like a set of scales. Each side has things that perhaps don't show them in the best light. One side gets everything loaded on the scale, while the other side gets almost nothing, while ten times as much is hidden behind the curtain. That kind of disparity is bound to make the results less than ideal. Also you gotta assume the Russian's didn't alter the emails since if alterations could have been proved they might not have been accepted as well.
4. Most importantly we need an attitude from every elected official that the truth matters. If your representative or senator has acted in a way that indicates its okay to lie if it benefits their party, and you know someone else on the ballot who is at least honest, then seriously consider voting for them, regardless of party.
5. In addition to 4, we need a constitutional amendment, or maybe a law that states if you run for at least national office all confidentiality agreements protecting you are null and void and attempting to silence a story about a candidate with money is itself a felony. Furthermore all your government records are automatically made available. And just in case someone whines that it wouldn't be fair, well why wouldn't it? It would be the same for everyone. Don't like the spotlight, don't run for public office.
Re:Suppose that were true (Score:2)
The nuclear war that could have arisen from the Bay of Pigs was averted, arguably because Kennedy knew what missiles were where.
Theory: What if everyone is tolerant of cyber spying, because it actually makes us all safer, by avoiding the "accidental wars"?
Re:Suppose that were true (Score:2)
You see that constant statements that you're attacking the US don't lead to any significant response.
In your hypothetical world, does this include the President of the United States America traveling to see you, telling everyone how strong you are, and completely discounting the conclusions of the combined intelligence community, including his own DNI, and Congress, by saying on international TV that he doesn't see any reason why you would be attacking us? I mean, is the president talking all tough like he's some kind of badass when he's laying in his bed messing with his phone, but when he actually gets face to face with you he folds like a wet paper towel? Hypothetically, I mean.
Cause that would be wack.
Re:Suppose that were true (Score:2)
Is this what you mean by Trump did nothing. [latimes.com]
Re: Suppose that were true (Score:2)
Yeah, do it smart. Post anonymously without any citations to back up your claims.
Do it smart!
http://www.worldstopexports.co... [worldstopexports.com]
http://www.worldstopexports.co... [worldstopexports.com]
I'd like to know why the US and Russia are trading uranium at all. Why are we trading uranium with each other? Do we send them natural uranium and they send it back to us enriched?
Re:Unpossible! (Score:5, Insightful)
Congratulations! You just described one of the main reasons for NAFTA, the TPP, and other global, multilateral trade deals. The simple fact is the more countries are tied by trade, the fewer wars they have. Another "peace dividend" that President Orange Bumblefuck doesn't even remotely grasp, and hence, pissed all over.
lies (Score:4, Interesting)
Re:lies (Score:2)
And, taking advantage of the president is the Republican party.
We need an October Surprise.
All the fucked up shit so far has come and gone as news.
Re: lies (Score:2)
Re: lies (Score:2)
Almost anything, if the timing is right.
Americans have a short attention span.
Stomping on the base just a week before elections would be a good start.
Re: lies (Score:2)
Re:lies (Score:5, Insightful)
Maybe you should read the article.
Re: lies (Score:2, Insightful)
Re: lies (Score:5, Insightful)
Seems quite specific to me.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, âoeair-gappedâ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
We have who, where, how and by what method. Interestingly it's similar to the technique used by the US to sabotage Iranian enrichment facilities.
Re: lies (Score:2)
Re: lies (Score:3)
Is it normal for them to release evidence to the public?
The Struxnet stuff only came out because other people got hold of it and dissected it. If you follow security blogs you can see that the same thing happens with Russian malware found in the wild. And really, it seems odd to give weight unverifiable blog posts about Struxnet, but not to somewhat reputable journalists.
Re: lies (Score:3)
Comment removed (Score:2)
Re:Long-term narrative (Score:5, Funny)
There's no really good evidence that the Russian government is involved with any of the hacking, except to say "That's something they would do". It's the fallacy of the reversed conditional,
I don't see any reason why it wouldn't be Russia.
Re:Long-term narrative (Score:5, Insightful)
To the particular point, the prior indictments against the Russian nationals are far more detailed than standard indictments, they are so called "speaking indictments." The most recent one this month against the GRU hackers detailed the particular methods they used and quite a bit of the timing of the attacks. And it sounds like western intelligence had high end source in the Russian government that Trump was told about prior to the inauguration [nytimes.com] confirming that the top levels of the Russian government, including Putin, were orchestrating the attacks. But again, if you can simply deny that information out of hand, and call it "fake news", then what point is there in providing any more information? What will be believed short of reality providing a swift kick to the groin?
Re:Long-term narrative (Score:2, Insightful)
I'm always curious why contemporary Russia wants to be so adversarial with the United States. It made sense with the Soviet Union given the ideological nature of the Soviet Union and Communism, but makes much less sense with a basically capitalist economy and the dismantling of the Party ideological machine.
India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict, but not "plotting-to-destabilize" levels of conflict.
It's not even like the Russians are operating from a position of parity with the US. A vastly smaller and weaker economy, a much less capable and weaker military force, not to mention an entire laundry list of internal problems.
From a rational perspective, you would think that the Russians would want to be allies given some level of European-ish cultural overlap, the value of US trade and investment, and the relative benefits of security cooperation, especially given Russia's exposure to the Middle East and various central Asian nations of a dubious nature.
I know there are some shop-worn explanations about Russia's "need for security", Putin's need for an enemy to justify a strong-man state and so on, but these somehow seem trite or incomplete.
Re:Long-term narrative (Score:2)
I'm always curious why contemporary Russia wants to be so adversarial with the United States.
That's not the goal, that's the means. The goal is to reduce the power of American hegemony.
India and Brazil have more people and comparable GDPs to Russia, yet they don't have the kind of adversarial relationship with the US Russia does. Sure, there are disagreements and diplomatic conflict, but not "plotting-to-destabilize" levels of conflict.
As long as there are no repercussions, why wouldn't they?
Re:Long-term narrative (Score:2)
Cheap, crappy security (Score:2)
Hackers only break in when security sucks. Unfortunately, that is the standard-situation these days.
Re:Cheap, crappy security (Score:2)
That works both ways. Remember Stuxnet.
Every goddam government is screwing every other goddam government.
Only the USA is making their incompetence public in order to give the 3-letters more power.
Air-Gapped (Score:5, Insightful)
Re:Air-Gapped (Score:2)
Re:Air-Gapped (Score:2)
Re:Air-Gapped (Score:3)
More of a two way sneaker net than a secure computer with updates in day and hours.
Re:Air-Gapped (Score:2)
Re: Air-Gapped (Score:2)
At the very least just give them a VLAN instead of putting them on the intranet. Switches are a big black box of NSA inserted exploits and bugs but it's better than nothing.
Shouldn't be news (Score:5, Informative)
Several years ago I was at an IT Security dinner/presentation and they laid out some of the details behind a cyberattack on an airline. The hackers didn't go after any airline networks directly. Rather, they compromised an airline parts supplier and injected malware into webpages (or documents, I forget) and eventually 'caught' an airline when someone inside the airline visited the compromised site and was themselves infected.
I've tried to explain this to people in my industry. They don't have to be even trying to get you, just someone in your industry.
This and the massive Target breach are why vendor, their networks, and their devices should not be trusted (from a security standpoint at least).
Here's a whacky idea (Score:3)
How about ACTUALLY air-gapping the control network. If they want remote monitoring (not control), they can put a polling device on the control network. It can send all the data via a serial port with the RX connections removed to another machine on the internal network that can be reached via VPN.
Re:Here's a whacky idea (Score:2)
How about ACTUALLY air-gapping the control network.
I have a better idea. Pratice good security rather than proposing something that ultimately gives you a false sense of security. As TFS points out these hackers breached supplier's machines and networks. That now gives them the ability to drop in a payload that will happily breach the air-gap next time someone makes a service call.
The upside about air-gapping is how effective it is, the downside is that it's like a warm blanket making you feel cosy without actually fixing the core problem that your house's central heating system is broken. Companies need to practice layered security at every level. That network layout that isn't airgapped is part of security. That USB stick that vendor plugs in is part of security. That code review you aren't doing because of your over-reliance on vendors and lack of knowledge is part of security. That receptionist who buzzed him in is part of security.
Air-gaps do nothing when vendor systems are breached because at the first sign of a problem you will kindly ask that vendor to come over to your side of the gap.
Re:Here's a whacky idea (Score:2)
The vendor coming to your side of an air gap involves a laptop that has no other network connection. If you close the air gap, you are not air-gapped.
Re:Here's a whacky idea (Score:2)
The vendor coming to your side of an air gap involves a laptop that has no other network connection.
Otherwise known as a security risk.
You misunderstand. I'm not saying don't air-gap. I'm saying don't "air-gap and be done with it". Your network architecture is a small part of overall security. Airgapping makes people incredibly complacent.
Re:Here's a whacky idea (Score:2)
I/O is just one of the problems, the bigger one is patching. The update software has not been thoroughly reviewed before it is brought to an air gaped system. I would be surprised if virus scans were being performed on all media brought into the building.
IBM researchers did this like, a decade ago? (Score:4, Informative)
Yup, here's a report from 2007.
https://www.forbes.com/2007/08... [forbes.com]
That nothing has been done to fix this shit is the real story.
Sorry Comrade (Score:5, Funny)
we are saying sorry
do not worry, we will have it all good by November , yes.
Please give out best to the Donald
Squirrels and Storms (Score:2)
Hackers are no match for mother nature in making the power go out. Outages from storms actually kill people every year. Spend the money on more tree-trimming if you want to protect the people.
Access procedure ?? (Score:2)
Who gives vendors access that survives a single on-site visit ? I can remember back in the day activating vendor access ID's with a new PWD every time they were onsite, and freezing the same ID's when they left the site. They were not allowed remote access unless an engineer was onsite at the time and that remote access was physically disconnected when the incident ended and the onsite personnel left the site.
Comment removed (Score:4, Insightful)
Seconded! (Score:2)
The industrial controls world (like Siemens operates in) is a target rich environment to say the least. This is not an industry that is used to worrying about security and hackers. Nobody should be surprised by this.
Nonsense (Score:2)
The article itself is incoherent nonsense written by someone who has little or no understanding of network security.
OTOH, I do believe that Russia and China and other states are more than likely probing USA infrastructure control systems among many other things because the USA has effectively declared a cold war on those states and is developing cyber-weapons to use against them. Russia and China would be foolish not to develop countermeasures.
Entire city lose water supply? (Score:2)
Suppose someone broke into a power company, and shut off all power to a city. Would water stop running into everyone's home in the city, because the water company's water pumps stopped working?
A July 13 CBS news article [cbsnews.com] says
Director of National Intelligence Dan Coats warned of an impending, potentially devastating cyberattack on U.S. systems, saying the country's digital infrastructure "is literally under attack" and warning that among state actors, Russia is the "worst offender."
Speaking at a scheduled event at the Hudson Institute, he adopted the language of former Director of Central Intelligence George Tenet who, in the months ahead of the 9/11 attacks, warned that the "system was blinking red." Coats, citing daily attacks from Russia, China, Iran and North Korea, said, "Here we are, nearly two decades later, and I'm here to say the warning lights are blinking red again."
It's a good idea to have an emergency supply of food and water.
Teenagers can do that. (Score:2)
"Airgapped". ... Bullshit. Either your disconnected or your not. Secure setups are the ones that aren't connected, have no wireless or landline connection and nobody knows about. Anything else can be broken into by teenagers with access to shodan, the secretaries phone number and two or three raspberry pis.
Richard A. Clarke (Score:2)
newer != better (Score:2)
I worked in the power industry about 15 years ago, and there was always resistance to anything newfangled. There was one exception. The ability of the HMI (we called them MMI back then) to communicate with the outside world was seen as a godsend. You could remotely tap the datalogs and see trends in things like air intake differential pressure, oil temperatures, mag sensors. All of these things would provide us with valuable information, and it was even better if you could correlate it across multiple sites. Back then it was all read only though.
I don't know when they started letting things get changed remotely. I'm not surprised at all. It was always a PITA to have to send a field tech out to a site to do a system update. So I guess it was only matter of time before the ability to write changes became a desirable feature. But even on an air-gapped system, if you have somebody there to make updates without proper vetting, you're still hosed. Just MITM between the mother-ship sending the update and the onsite guy with permissions to change things. It's not a real-time attack, but it could still be devastating.
Fix this shit NOW, DAMNIT! (Score:2)
Comment removed (Score:4, Interesting)
Re:Yeah right... (Score:2)
We just had a story last week about the FBI crying that they might need to legislate crypto back doors. Coincidence?
Re:Air gapped, but not (Score:2)
Social engineering and advance malware. So advanced. So powerful. Just like any other malware that takes over home computer everyday of week and flips email.
While you're at it. (Score:2)
... adopt formal methods, write good software like your life depends on it.
And while you're at it: Discard "rapid prototyping" methods, no matter how formal they look.
Start by putting a stake in the heart of Agile.
Re:Build a wall (Score:2)
That's what your government wants you to want, so they can more easily control what you can and what you cannot see!
(No matter your conspiracy theory, I can always field one that's more insane!)
Re:that's how power plants work ? (Score:2)
Even general electric isn't let in the system without a reason,
Your old SCADA version is about to expire and will cease to function X weeks after this time. Please provide access to our maintenance representative before this time in order to have an update installed. We will invoice you for the update once it is installed.
Re:that's how power plants work ? (Score:2)
ummm no
Re:Get rid of these vendors (Score:2)
The system need to be all open source and audited by multiple separate security companies.
Yeah, right. Lets see how well that will work.
Utility software (SCADA, etc) is covered by NDA agreements. It is customized for a particular utilities' system by the vendor and once set up, they don't want you taking that configuration information and entering into a maintenance contract with a third party.
There is also something to the fact that many of these systems are a real shit-show. And they don't want customers banding together, comparing notes and putting pressure on the vendor to clean up their act.
Re:Serious question (Score:2)