Sunday, January 1, 2017
Is Russian Hacking Of Utility Another Fake News Story?
WASHINGTON POST STIRS FEAR AFTER FALSE REPORT OF POWER GRID HACK BY RUSSIA
Story quickly falls apart after investigation finds claims to be inaccurate
The Washington Post reported Friday that the U.S. power grid had been hacked by the same Russian actors accused of breaching the DNC – the only problem, the grid wasn’t hacked.
According to the report, malicious “code” associated with Grizzly Steppe, the name given to Russian hacking operations by the Obama administration, was found within the system of a utility company in Vermont.
“While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid,” the article states.
The code, which was not specifically identified by the Post, was released by the FBI and DHS in a Joint Analysis Report (JNC) Thursday regarding the “tools and infrastructure” of the accused Russian hackers. The report provided a way for network administrators to examine their systems for malicious activity and other Indicators of Compromise (IOCs).
As the news stirred fear among Americans across social media, members of the cybersecurity community immediately questioned the validity of the report.
Matt Tait, a former member of the GCHQ, the UK’s NSA equivalent, quickly noted that attribution, or the process of discovering “whodunnit,” would almost certainly not be accomplished in less than 24 hours.
John Hultquist, who has spent a decade tracking cyber espionage threats for both the government and private sector, noted that Russian operators had previously infiltrated the grid, making it possible that the discovered code was a “lingering infection.”
Sandworm was found in US grid before and this could be lingering infection found with recently released info. https://t.co/uiugDGBlxa
Robert M. Lee, CEO and founder of cybersecurity company Dragos, which specializes in threats facing critical infrastructure, also noted that the IOCs included “commodity malware,” or hacking tools that are widely available for purchase.
The IOCs, while important in detecting possible hacks, will likely produce numerous false positives for the near future. No evidence at this time connects the malware to Russia or any recent hacking campaigns.
Soon after publication of the Post’s story, it was revealed that the malware had only infected a utility company laptop that had no access whatsoever to the electrical grid.
The Post eventually issued a full retraction of all its original claims.
The mistake on behalf of the Post is not to suggest that nation states do not hack into one another’s critical infrastructure. Russia has successfully infiltrated the U.S. grid before, is likely inside now, and has attacked the power grids of other countries, such as the Ukraine, in the past.
The U.S. government likewise has gained access to foreign power grids. As part of the “Nitro Zeus” operation, the U.S. breached Iranian infrastructure and prepared to carry out cyber attacks during the early years of the Obama administration in the event that diplomatic efforts to reduce Iran’s nuclear program failed.
The Post’s false hacking story, which continues to be spread by countless media outlets, will likely fuel both fear and distrust as allegations of government hacking continue to captivate the public.
While the U.S. intelligence community leads the world in hacking capabilities, America remains one of the more vulnerable countries given its reliance on technology.
The U.S. government and private companies are working to harden the power grid by testing their own defenses against simulated attacks. Watch cybersecurity experts hired by a power company in the Midwest breach the grid below: