
Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say - champagnepapi
https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110
======
Rotdhizon
I hate how this has for some reason been big news the past few days. One
mediocre article came out about it, now it keeps getting regurgitated through
other news sites. This is nothing new, the US infrastructure has likely been
compromised for quite some time. Many of the very critical plants that hold
the keys to keeping the lights on, water flowing, water treated, etc are
mostly running on systems built pre 2000 that weren't built with security in
mind. Many of these systems can not have security integrated with them, and
they can not be replaced. The most you can do is cover it with as many
blankets as you can (firewalls, extensive logging, behavior analytics, etc).
The biggest question is not whether or not these facilities are compromised,
it's whether or not a bad actor is going to use it for malicious purpose. It's
one thing to shut down a website for the lols, it's another thing to overload
a nuclear reactor and contaminate an entire chunk of the US.

Notice how the article is based entirely on "what ifs". >> "They got to the
point where they could have thrown switches" >> "where they could have caused
blackouts"

At this point it is a waiting game. Who is going to be the fellow to push the
enter key on their keyboard that then causes a 7 digit number of people to go
without power, clean water, or even be exposed to radiation? It's
understandable that countries feud and people just don't like each other, but
actually shutting down key infrastructure like these scenarios suggest is an
end game move that establishes the point of no return in global conflict.

~~~
JumpCrisscross
> _This is nothing new, the US infrastructure has likely been compromised for
> quite some time_

Just because something isn't new doesn't mean it can't be news.

"The well is poisoned!"

"Bob noticed that last week. Why are you still talking about this?

"..."

It's being discussed now. Better late than never.

~~~
jbob2000
It's more like, "The well is poisoned and Bob noticed last week, but we can't
fix the problem because then people go without drinking water for 2 weeks"

------
blakesterz
For a long time it seems like these places have made things more secure by
building fences, adding giant rocks, putting in lights and cameras, other
physical security measures to keep threats off site. Hopefully at some point
they will focus on the network side of things now. It's been obvious for at
least a decade that one bad guy, or even a team of bad guys can take out a
single location with a truck, but one bad guy or a team can take out a bunch
of places with a computer. From what I've seen the utility industry has been
defending against trucks.

------
pnathan
Really? It'd be surprising if they hadn't.

I'd expect utilities to be one of the softest targets out there, based on
prior interaction with the industry...

edit: About 8-10 years ago I used to collect news articles, reports to
congress, etc, about ICS (industrial control systems, the superset of
utilities) being hacked. It was regular, comprehensive, and depressing. The
ICS industry was running 15-20 years behind in grasping the fact that hacking
could be a problem. Think 1990 era security mindsets in 2010.

~~~
ryanmercer
>Really? It'd be surprising if they hadn't.

Ding ding ding. PLA Unit 61398, Bureau 121, Unit 8200, Fancy Bear... doesn't
surprise me if all of them have any variety of ways into our infrastructure.

~~~
pnathan
Yes, I expect pretty much every funded "cyber" agency has explored our
systems, from the UK to Somalia. I expect any neutral to semi-hostile country
(e.g., North Korea) has dormant C&C systems in our infrastructure.

The conversation needs to be around, "we have known electronic critical
infrastructure has been thoroughly compromised for a decade, how do we
contain, mitigate, and remove the compromises."

I don't mean to fear-monger or suggest fear mongering. The status quo has been
"don't do anything particularly troublesome" on all sides, and that has been
stable to date with only mild perturbations such as Stuxnet. It's probably a
MAD calculus, with the recognition that open hostile acts would escalate to,
as the phrase goes, "kinetic actions".

The US could open the dialogue with the frank admission that our pants are not
only down, but blew away in the breeze - we should, all of us, mutually,
improve our security. I don't know that this is possible with, e.g., the US
power grid _without_ nationalizing it - the profit motive for defending
against rare argues against security, as we all know...

~~~
ryanmercer
I keep waiting for someone to accidentally discover something in networking
hardware that shuts down/shits itself when it gets some specific VLF signal,
with it baked right into an IC.

Example: Hostile satellite broadcasts VLF signal, the compromised hardware is
always sitting there listening for a specific command with a hybrid IC that
does both its expected job and acts as a radio receiver for a very specific
signal or signals with code that gets activated when a specific match is
detected. VLF is used by submarines to get small amounts of data out from deep
underwater, would pass through buildings with ease. Code triggers chip to stop
its intended purpose or to run some other code. Even with a few % of
networking hardware compromised you'd create a massive disruption that could
bring the internet to a grind leading up to an invasion.

You could have the same hybrid chip in traditional telephony hardware,
cellular telephony hardware, civilian GPS units, power industry hardware,
vehicles. It's not unplausible, in fact, counterfeit chips have already been
found time and time again in hardware, polluting a supply intended for sale in
the U.S. at one or more Chinese factories would be trivial for the Chinese
government for example.

Even just sending a signal to cheap IoT devices or those cody streaming
devices all over the internet, at gun shows, at fairs, at flea markets and you
could instantly turn on some massive army that starts randomly pinging
specific IP addresses or just random sets of IP addresses to just bog down the
internet.

People worry about the software, I worry about the ICs themselves.

------
notveryrational
Russia's cyber military is James Bond level cool. There are speculations
(nobody can prove it) that they set up their own TOR using onion-like proxies,
with a custom crypto protocol, over Shodan-discovered endpoints, through a
clever use of tunneling through UPNP systems on the internet, with incredible
OPSEC - even burning the whole infrastructure several years after it was
discovered.

Some day we'll get uncensored versions of these Ops disclosed by the various
governments that run them and get to read about the research facilities and
intense personalities that run them.

~~~
forapurpose
Is this sarcastic? A dream? An outline of a short story? Is there any basis?

> intense personalities

?

~~~
notveryrational
Sorry for the opaque comment. Was gushing over the cool exploits of the
"Inception Group" or "RedOctober APT" \- believed but not proven to be Russian
espionage.

[https://www.symantec.com/blogs/threat-
intelligence/inception...](https://www.symantec.com/blogs/threat-
intelligence/inception-framework-hiding-behind-proxies)

[https://securelist.com/red-october-diplomatic-cyber-
attacks-...](https://securelist.com/red-october-diplomatic-cyber-attacks-
investigation/36740/#7)

James Bond level epic awesomeness and sophistication. Keep reading if you want
to nerd out.

~~~
forapurpose
I'm not sure HN is the right forum for that. Enjoy, uh, gushing.

~~~
notveryrational
HN is for technical conversation, which includes being impressed and
commenting on the state of the art.

Seriously encourage reading about capabilities, especially the operations
security maturity. The level of research and development is truly impressive.

~~~
forapurpose
I think if you look around, you won't see anything like it. You don't need to
repeat the 'gushing'; I read the prior two comments. But anyway, have fun.

------
clarkrinker
Calling using Telnet hacking is about as accurate as walking up to someone's
unlocked computer and posting to their Facebook and then saying "you got
hacked"

------
inevitable2
I sat in on this webinar and can say there was a few things misleading about
this article. These networks were not “air-gapped” they were able to be
accessed with lateral movement in the networks. Also they were able to detect
them get get all the way to the point where they were able to flip the switch
on the ICS. When asked later in the webinar why they didn't there was really
no explanation as to why not even though that was their goal as the attackers.
That is just fishy to me.

------
gsich
"russian" determined how?

~~~
timothyklim
They lost Putin agent card in utility control room.

