
Russian hackers penetrated U.S. electricity utility, officials say - brentm
https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html
======
zaroth
Last year it was China. This year it is Russia. If hacking were a reason to
escalate with a country, then everyone would already be at war with the US, as
we have hacked everyone, almost completely and entirely, from before they even
boot their NIB routers.

The report is interesting only in that it exposes operational and software
weaknesses that should be hardened.

The rest of it, I roll my eyes at the side show and am ever hopeful the US
will saber rattle less, and get on with the business of helping Americans
prosper.

~~~
__derek__
> saber rattle

Trolls and their bots have turned this phrase into a dog-whistle. Talking
about how Putin is a dangerous autocrat? That's sabre rattling. Breaking with
long-standing policy vis-à-vis Taiwan to China's chagrin? A bold move.

> everyone would already be at war with the US

The post-Cold War balance of power contradicts this. Provoking a great power
makes little sense for obvious reasons.

~~~
dmix
But Russia and China don't go around enforcing human rights and their morality
on other countries. So it's not just superpowers playing their advantage. It's
become a recent American diplomatic tradition to push hard on this stuff
(externally) where it's convenient.

Not just the state department but Human Rights Watch and similar orgs often
push an American agenda, where it often seems to be in coordination with the
CIA.

Human rights include electoral freedom yes - but also freedom from unjustified
violations of privacy by the state, free media, freedom of speech (silent all-
seeing eyes chills people's speech via self-censorship).

That's why there is more of an irony or hypocrisy when America calls out a
country like Russia which doesn't do this type of preaching. While
simultaneously operating the largest and most effective sigint and hacking
operation in the world, along with the rest of the five eyes. Their access
goes far beyond what Russia or China could ever do thanks to all of the
Internet backbone, mobile companies, and tech companies within their (and UK,
Australia, etc) geographic range. Along with the five eyes having wayyy more
money to spend on defence. While Russia's economy is the size of Spain.

So let be honest the only reason this charade works is because most people are
oblivious to how this all works. It's just complicated "computer stuff". And
those that do often rationalize it away as "everyone does it", regardless of
unbridled scale - uncomparable in access to anything during the cold war - or
the moral agenda being pushed by their countries.

Also the US seems much better at not getting caught (publically). When they do
it's 3yr+ old malware, that their adversary was able to play catch up enough
to catch, or no longer needed to hide the fact they had it. Old hacks are far
less newsworthy and people move on.

The question is how long this one way street will be viable without blowback.

~~~
electic
Just because China and Russia do not go around talking about human rights
doesn't mean that they are not forcing other views on other countries. Russia
is quite busy in eastern europe.

~~~
mattnewton
I think that the reason they aren't seen enforcing views on human rights is
many of their views aren't compatible with most American/European definitions
of human rights.

~~~
sremani
I am amazed how Europe and US refuse to engage with Saudi Arabia because of
Gender apartheid. /s

Not giving aid to Juntas that overthrow democratically elected governments
like in Egypt. /s

~~~
aioprisan
We engage plenty, we sell them lots of guns, to the tune of $115B under Obama
([http://www.reuters.com/article/us-usa-saudi-security-
idUSKCN...](http://www.reuters.com/article/us-usa-saudi-security-
idUSKCN11D2JQ)).

------
cududa
Mods, can the title be changed to reflect clarification? It was a _laptop_
owned by the utility - not the actual power grid
[http://www.burlingtonfreepress.com/story/news/local/vermont/...](http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-
hacked-us-grid-through-burlington-electric/96024326/)

~~~
StanislavPetrov
Not just that, the title is completely inaccurate. The most relevant part of
the articles title, "OFFICIALS SAY" is absent.

Its the difference between:

WMD found in Iraq.

and

WMD found in Iraq, officials say.

~~~
bendoernberg
Not to nitpick but do you have a source for officials saying that WMD's were
found in Iraq? Obviously US officials said that intelligence pointed towards
Iraq having them, but I'm not aware of any statements like "we found chemical
weapons in _____."

Edit: Based on the downvotes I guess this appeared to be nitpicking, but if
we're going to use Iraqi WMD's as the canonical example of why we can't rely
on statements from the government, seems like we should make sure we don't
change the facts to fit a narrative either.

~~~
lobotryas
You are being downvoted because you missed the point. He's not claiming that
anyone ever said anything about WMDs. He's just using that as an example.

It's the equivalent of:

UFO seen over AREA 51

and

UFO seen over AREA 51, officials say

------
Spooky23
The NY grid operator and ConEdison (NYC electric utility) unknowingly had a
former KGB spy who had been living under an assumed identity for 40 years on
the payroll in CIO/Chief Software Architect roles for many years.

I'm sure there's plenty of similar stories, both human and technological.

[https://www.rtoinsider.com/soviet-spy-jack-barsky-
nyiso-1505...](https://www.rtoinsider.com/soviet-spy-jack-barsky-nyiso-15052/)

~~~
JumpCrisscross
Do you have another source for this claim?

~~~
Spooky23
Try Google. It was in all of the regional papers. The guy was also interviewed
on 60 Minutes. That interview prompted the system operator to issue their "he
was in charge of software systems, but had no access to important things like
the electric market" statement.

The weird thing was the FBI knew about him and there was a strange quote that
he would be more useful being interviewed by them while "living in freedom".

------
smaddali
from the quick read, it looks like a spear phishing attack at the root of it.
\--- According to the report by the FBI and DHS, the hackers involved in the
Russian operation used fraudulent emails that tricked their recipients into
revealing passwords. \--- This incident should be investigated thoroughly and
serious defenses should be put in place. Destabilizing the electric grid like
the Kiev incident shouldn't be allowed.

~~~
drzaiusapelord
Yeah I'm surprised 2FA isn't the norm with organizations that work with the
government or control infrastructure. The idea of just using a password is
fairly idiotic. They're too easy speared and cracked.

~~~
eli
What's preventing the bad guys from phishing a 2FA token on their fake login
page too?

~~~
jacalata
It should make it harder because you have to run the attack based on the user
interaction timing, you can't just capture and hold credentials for later.

~~~
eli
No doubt, but that's hardly an obstacle for an even moderately sophisticated
attacker. I don't know what the magic bullet answer to phishing is, but this
ain't it.

------
losvedir
> _A code associated with the Russian hacking operation dubbed Grizzly Steppe
> by the Obama administration has been detected within the system of a Vermont
> utility, according to U.S. officials._

First question: what is "Grizzly Steppe"? I thought it was the name given to
the actions by both APT28 and APT29. Is this article claiming that somehow
this campaign is related to the DNC / Podesta campaign? Or just that the
malware involved was the same one used there and therefore probably something
done by one or the other. And by "a code associated with", I wonder what that
means? The Grizzly Steppe document released yesterday included things like
"Powershell backdoor" as associations with APT28/29, but that can't be what
they mean here, right?

> _This week, officials from the Department of Homeland Security, FBI and the
> Office of the Director of National Intelligence shared the Grizzly Steppe
> malware code with executives from 16 sectors nationwide, including the
> financial, utility and transportation industries, a senior administration
> official said. Vermont utility officials identified the code within their
> operations and reported it to federal officials Friday, the official said._

So was this the PAS_TOOL_PHP_WEB_KIT Yara signature in the document released
yesterday then? Or is there more unreleased info that the FBI and DNI released
to those executives?

------
microcolonel
Of course, going into no detail regarding how difficult it is to reliably
attribute attacks based on the form of software.

Also, more statements "anonymous officials" being published through WP.
Literally no way to tell if they're just making this up. They could have said
"Software attributed by Obama administration to Russian hacking group found on
a laptop at a Vermont electrical utility company". But instead, they choose to
venture down the most uncharitable and specific line of reasoning.

------
tptacek
Only the naive think Russia hasn't owned up many of the largest utilities in
the US, and/or that they couldn't significantly disrupt power distribution
with the access they've acquired. The US doubtless has the same access to
Russia's infrastructure. No matter what message board people _think_ should be
the case here, the fact is that this infrastructure is in fact exposed to
attackers in a variety of ways.

------
Koshkin
Hacking attempts are, and will be forever, part of reality. Just as are
prostitution or drug abuse. Therefore, they should not be seen as something
special, something newsworthy, or even something illegal. (It is the lack of
security that results in break-ins, that should.)

~~~
akhilcacharya
>or even something illegal. (It is the lack of security that results in break-
ins, that should.)

Wat

Does this mean stealing from people's houses is not only legal if they don't
have "proper security", but that the victim should be punished instead?

~~~
prostoalex
I think he implies that once you get into the area of international law,
what's "illegal" for one party is merely "protecting and advancing national
interests" for another.

Moreover, there's no universally accepted third-party authority in charge of
decision-making (i.e. your local courts) and enforcement (i.e. your local
cops) that any country can appeal to in order to rule something "illegal". And
even if there was, it's all based on a system of international agreements, so
what's to prevent the aggressor from exiting the treaty anyways?

------
glasz
> according to U.S. officials.

"officials" said iraq has wmd. "officials" have an ambassador's daughter
crying in front if congress, telling lies about babies being killed.
"officials say" all kinds of shit. "officials" have lost all credibility. and
still, "officials" have their "say" in some stupid paper.

edit:

[https://en.m.wikipedia.org/wiki/Nayirah_(testimony)](https://en.m.wikipedia.org/wiki/Nayirah_\(testimony\))

[https://youtu.be/LmfVs3WaE9Y](https://youtu.be/LmfVs3WaE9Y)

~~~
lisivka
Iraq had WMD and used it frequently, like other countries in the region.

~~~
armenarmen
well, we never found them.

~~~
grzm
I think what may be confusing the issue is at what time we're talking about.
Given the broad strokes being argued in this thread, it makes it difficult to
have a constructive discussion.

There are documented cases of Iraq using chemical weapons while under Saddam's
rule. For example:

[https://en.wikipedia.org/wiki/Halabja_chemical_attack](https://en.wikipedia.org/wiki/Halabja_chemical_attack)

For more:

[https://en.wikipedia.org/wiki/Iraqi_chemical_weapons_program](https://en.wikipedia.org/wiki/Iraqi_chemical_weapons_program)

Following the 1990 Gulf War, there was a concerted international effort to
eliminate Iraq's WMD capabilities.

[https://en.wikipedia.org/wiki/Iraq_disarmament_crisis](https://en.wikipedia.org/wiki/Iraq_disarmament_crisis)

By 2003, when the coalition invaded Iraq, for all intents and purposes Iraq no
longer had WMDs, as reported by the Iraq Survey Group.

~~~
glasz
concerning halabja let me quote my fellow countryman:

Dieter Backfisch, managing director of West German company Karl Kolb GmbH, was
quoted by saying in 1989 that "for people in Germany poison gas is something
quite terrible, but this does not worry customers abroad."

i hate all this being discussed and referenced in a one-sided way. as if
saddam or putin or others are the only evil.

background on how the west delivers all the groundwork which they then
condemn:
[https://fas.org/nuke/guide/iraq/cw/az120103.html](https://fas.org/nuke/guide/iraq/cw/az120103.html)

~~~
grzm
I agree that it can be difficult to figure out where to limit the scope. On
the other hand, figuring out a place to start where you can agree is
important, otherwise people are left talking past each other. Trying to
clarify a few points being discussed does not mean everything else not
mentioned is being ignored or assumed to be justified.

------
livestyle
Glenn Greenwald eviscerates this WaPo article
[https://theintercept.com/2016/12/31/russia-hysteria-
infects-...](https://theintercept.com/2016/12/31/russia-hysteria-infects-
washpost-again-false-story-about-hacking-u-s-electric-grid/)

------
cavisne
Laptop gets malware - could have come from anywhere Government links malware
to russia - no proof ?? War!

------
awqrre
(and more then likely turned off voting machines in Clinton's disctricts)

