Sunday, January 01, 2017

Russia Attacks The US Power Grid - Kind of, Sort of, Not Really

So late Friday or early Yesterday I came across a story that claimed Russia had hacked the US Power Grid (I thought it was on the NY Times, but now I can't find it) at the time it only said that a Russian malware had been located on a computer at a Vermont utility.

At the time my first thought was - Business side or Transmission / Distribution / Generation side?
The article didn't say.

I know some of you (given my readership of hobos, drunkards and imaginary voices perhaps all) are wondering why does that matter.  Well simply put the two sides are, in theory mostly segregated, and compromising the business side, while it could cost the company money, shouldn't bring power down or damage the grid.  It's also a lot easier to compromise business side operation because they often have direct internet connections.  The transmission side shouldn't.  It should have levels of logical and physical separation (At BPA the network I worked on was as airgapped as we could make it) of course malicious code can always be brought in on a USB stick or something but we tried to actively prevent that through monitoring and other means.

Anyway the initial article I read lacked detail.  I checked back a couple times but then got busy with other things.

This morning I had my answer starting with this article in the Washington Post "Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say" which now carries this disclaimer -
Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
 and states:
Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities. 
So it appears the actual grid was never compromised.  And it's nor even really certain that the Russian government was responsible as pointed out by Mashable (not my usual go to source but they have the best explanation)

So did the Russians attack a laptop at a public utility, even if it wasn’t connected to the electric grid?

It’s possible, but not certain.
The malware found was certainly Russian made and related to the malware used to infiltrate the DNC. But that does not mean that it was used by Russians.
Malware, like any software, is bought and sold. It is not necessarily used by the same people who craft it. 
On the plus side CBS is now reporting that a number of states are looking at their cybersecurity posture in a more critical light:
Several states around the country on Saturday asked cybersecurity experts to re-examine state and utility networks after a Vermont utility’s laptop was found to contain malware U.S. officials say is linked to Russian hackers.
The minus is stories that are incorrectly reported like this was just start to inure the public to real issues.


Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...