[Sixstrings]

US Officials Believe Infrastructure Computer Hack Sponsored by Russia

'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security.

National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.

The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.

DHS said in a bulletin that the hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to “damage, modify, or otherwise disrupt” the industrial control process. So while U.S. officials recently became aware the penetration, they don’t know where or when it may be unleashed.

DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.

The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies.

DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year. “Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said.

The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone, sources said. The software allows information sharing and collaborative control.
http://abcnews.go.com/topics/news/homeland-security.htm

Okay so if I'm reading this right, Homeland Security says that the Russian gov has been putting a very advanced virus into American systems since 2011, and if Russia activates the virus then it could cause chaos and havoc in our banks and hit everything -- oil and gas pipelines, etc.

EDIT: it's on tv now, breaking news on CNN, the Russian virus could cause "economic catastrophe" in the US.

[Sixstrings]

I'm still digesting this one.

Read this again and let it sink in:

has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security

That means electrical grid, too. Imagine that: the ATM suddenly doesn't work. You try to get on the internet to check your bank account to see if the money is still there. But the internet is down, too. Then -- the power goes off.

Maybe radio stations are still on, maybe not.

Total chaos and pandemonium everywhere, people not going into work, paychecks not getting sent out, accounting all screwed up and nobody knowing what money was where. Lines at the grocery store, nobody having money to buy food with anyway, martial law, chaos, megadoom.

Scariest part -- it would be the perfect prelude to nuclear first strike. Don't wanna jump the shark there, need to find out more about what this virus could do, but think about that. If it shuts down electrical grid and banking and maybe communications and everything, then what is next.

Connect the dots -- all the bomber flights lately.

And this virus was put out there in 2011 YEARS before the Ukraine crisis, so that shows Putin had it all planned all along.

Nothing even positive in that article either, like if the virus can be stopped? Homeland Security sent this bulletin out to various industries, oil gas energy financial etc. I assume there's a way to stop it but I'm not seeing that in the early reporting.

I guess the story will develop, if the virus can be stopped now that we know about it.

[GHung]

When I opened the ABC News link, linux/firefox gave me a "malware threat alert". Not funny, that. Scanning now.

Anyway, even if this thing never explodes in our systems, the ongoing costs will be a chunk of change. Job creation if nothing else (outsourced to India?)

If everything goes down, I'll be broadcasting on the 2 meter band; taking requests.

[vox_mundi]

Relax 6 - Here's the original DHS alert ...

Alert (ICS-ALERT-14-281-01A)
Ongoing Sophisticated Malware Campaign Compromising ICS (Update A)
https://ics-cert.us-cert.gov/alerts/ICS ... 14-281-01A

This is an ongoing problem. One of many. DHS sends out dozens of these alerts every year. The threat level hasn't changed.

See also 'Energetic Bear', Dragonfly, Energetic Yeti, Havex, Duqu, etc.

See also http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A

and http://www.welivesecurity.com/2014/09/2 ... ergy-2014/

A large number of state organizations and private businesses from various industry sectors in Ukraine and Poland have been targeted in recent attacks using malware designed for network discovery and remote code execution, and for collecting data from targets’ hard drives. What makes these attacks interesting – aside from the tense current geopolitical situation in the region – is that they were carried out using new versions of BlackEnergy, a malware family with a rich history, and also the various distribution mechanisms used to get the malware onto the victims’ computers.

The findings of our research will be presented this week at the Virus Bulletin conference in Seattle.

The BlackEnergy malware family has served many purposes throughout its history, including DDoS attacks, spam distribution, and bank fraud. The malware variants that we have tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks. This fact is demonstrated both by the plugins used and the nature and targets of the spreading campaigns.

The purpose of these plugins was mainly for network discovery and remote code execution and for collecting data off the targets’ hard drives.

All the systems are buggy as a swamp in summertime. But, then again, so are the Russian and Chinese systems. Probably a solar flare will fry all our systems, anyway.

[Sixstrings]

This is an ongoing problem. One of many. DHS sends out dozens of these alerts every year. The threat level hasn't changed.

Well I'll take your word for it, what's with this "catastrophic" stuff though, that word isn't usually used.

And I don't want to click on all those links, could you summarize what the virus is? What could it do? When companies get this alert, can they just remove the virus?

What could the virus really do? Mess up a pipeline or something?

If Russia wants to take down a US pipeline then that's one thing and we can just have a cold war back and forth, but o-m-g if ATMs stop working one day in this country because of a cyberattack, or electrical grid goes down, then that's very serious business.

[Sixstrings]

Vox, how is this not serious:

National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.

The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants.

They say it's "a very serious threat." Oil and gas pipelines, power grid, water, nuke plants.

And you say "it's just one of many threats," but all the news past couple years is about Russian hacks is it not?

* The hack last Christmas, on Target and other stores, sourced to Russia

* The hack a couple months ago on JP Morgan in retaliation for their role in the sanctions, sourced to Russian government

* The most recent hack on the white house, that one just fishing, but sourced to Russian government

What are you saying Vox, does China do all the same hacks? And we just talk about the Russian ones? If that's your point, then link some proof to that because all the media reports are on the Russian hacks.

All I know about China is they do industrial espionage hacks.

[Keith_McClary]

Well I'll take your word for it, what's with this "catastrophic" stuff though, that word isn't usually used.

Your MSM only use it for really scary bogeymen:

[Sixstrings]

Well I'm sorry if this is really no big deal.

It was the headline on drudgereport.

And then Wolf Blitzer was talking about it like it's big news, then they switched to a boat on fire in Florida. Planes and boats and spaceplanes, CNN is obsessed with vehicle disasters.

[SILENTTODD]

I'm old enough (60 next month) to be very skeptical of stories like this. Reminds me of the scare mongers who use to pontificate about supposed Soviet "first strike" capabilities from the late 1950's clear thru Ronald Reagan's first Presidential bid in 1980.

That was all bullshit then and I strongly believe this story is now. Even given that the Russia could possibly have "already" set this in place, they would in any case risk a massive U.S. retaliation in the same form as during the Cold War, a Nuclear one.

Why not? If you have destroyed the infra structure of the United States why not return in kind upon Russia? A salvo from just one Trident Nuclear Submarine would be all it would take, and no internet flim-flam could stop it.

Russia has always understood this and acted accordingly.

[FoxV]

Perhaps it's revenge for the Stuxnet virus the US embedded into Iranian nuclear equipment that escaped into the wild and infected industrial control systems around the world.

I wonder if Russia was hit particularly hard by Stuxnet. I only heard about it when I had to write up a quick report how our equipment could not be infected for a Russian sales rep (whom I suspect is pirating our equipment, but whatever).

In any case too bad we don't have any defense against these things like some kind of Virus scanner and removal tool.

Wouldn't something like that be handy now.

[penury]

The election is over time for America to get back to business. The business of America is War.

[h2]

"It was the headline on drudgereport."

Gee, how surprising. That's why I haven't looked at at that site for... well, since it started and I realized what a total flake drudge was.

Basically this can be translated to: a site that dutifully repeats/propagates whatever propaganda the mostly right right wing in the USA wants spread dutifully spread a non story, relying on the total lack of critical thinking skills among its target audience. This is also known as propaganda.

Back in the real world, ALL major global players attempt to do this, the USA, Russia, China, Israel (unlike this story, Israel actually did do this with its stuxnet worm, I think it was stuxnet, that targeted Siemens control systems that ran the Iranian uranium processing centrifuges). There's some debate if it was a pure Israeli production, or if the US cyberwarfare groups were involved as well, hard to know.

This story, or rather, non story, is exactly the same as these following headline stories:

(Russia|USA|Pakistan|Israel|China|India} exposed!! Recent revelations prove that (Russia|USA|Pakistan|Israel|China|India} has continued to operate a secret intelligence service that engages in {cyberwarfare|spying|satellite image gathering|drone warfare|industrial espionage}.

As penury notes, the business of america is war, and, looking at drudge dutifully distributing his latest talking points, the real question is why? What is the aim? My feeling looking at recent events is that it's hard to justify high ticket military items when you are confronting some people driving around in pickup trucks and kalishnikovs and machine guns and rpgs. But if you make a real bogey man, might as well recycle the old cold war one that worked so well, the former soviet russia, that actually has good military tech, well, then you can start to promote those useless expensive jets, stealth programs, maybe even a few new aircraft carriers!! and subs!! and new icbms!! the possibilities are endless.

six strings, thanks for showing that drudge still targets the same old crowd, and has the same old agenda, promoting the interests of those who profit from such behaviors.

[h2]

And if you ask, reasonably, why not China instead? Which has been caught engaging in such cyberwarfare against the USA in recent years, the answer is pretty simple: they hold too much of our debt. Easier to pick on russia, pretending that its attempt to pull back a few of the former soviet states, filled with former soviet/russian speaking citizens, is some kind of threat to the west. We didn't say, and don't say, much when china does the same thing, laying claim to a massive region of ocean, mostly legally viet nam's, or takeover then build up tibet, etc, so it's obvious we don't actually care about such things, we just want a good bogey man to help transfer a bit more wealth to our elites, as if the amount they already stole, redirected to their bank accounts, wasn't enough, but that's how greed is, enough doesn't exist, more is what you need.

[Kylon]

Why don't they take out copies of the original software, shutdown the pipelines/powerplants one at a time, copy any transferable relevant data, while scanning all data for malware, erase the hardrives, and then put in the original software. Then, after that, have all of the data that's transmitted to power plants go through some sort of U.S government darkweb, something like Tor, but for key infrastructure, with encryption tunnels to prevent people from getting in and messing things up.

In the future, in order to prevent security breaches like this again they need to-
One- Minimize the amount of connections between powerplants without some sort of manual connection (a person doing the connecting, basically so the connection could only be operational from a hardware perspective when a person was there, and manually connected the satellite dish or internet connection, as the less time it's online and less predictable the schedule of when it is online the harder it would be to attack). If the number of connections were minimized it would limit the points that one could use to access and infect vital hardware.
Two- Have as much of the plants software as Read Only Memory as possible, that way it couldn't be rewritten or corrupted, this way reboot/reinstallation operations could happen far quicker so instead of taking a long time, if only a very small amount of data actually had to be reloaded and reinstalled it would take far less time. Furthermore, if you had the configuration of the computer, so that it had two different hardrives, along with as much read only memory as possible, then you could have it setup such that you manually disengage the infected hardrive, and then connect and engage the hardrive that's the backup.

There are lots of ways security could be improved. These are just off the top of my head. What they basically both have in common is increased compartmentalization to prevent the virus from spreading, the use of backups, and making the structure less suspectible to viruses.

[Sixstrings]

Easier to pick on russia, pretending that its attempt to pull back a few of the former soviet states, filled with former soviet/russian speaking citizens, is some kind of threat to the west. We didn't say, and don't say, much when china does the same thing, laying claim to a massive region of ocean, mostly legally viet nam's, or takeover then build up tibet,

Gee you make Russia sound so sympathetic, as if Ukrainians and Latvians and Moldovans are not people but plastic toys that we can just let Russia "pull back" if it wants to and it shouldn't be our concern.

These are people, h2, and Russia does not own them they are free.

If anyone says Russia is trying to gobble them up, it will ALWAYS be our concern.

And we really should have done something about the Rwanda genocide, but that had zero us natl sec interest, whereas maintaining our entire eastern euro allied bloc has a LOT of us natl sec interest.

About china -- they are taking water, and little unpopulated islands, if they start taking people then you'll see us raising a fuss about that too.

About Tibet -- yep that was wrong, see that's the kind of world we don't want to come back again right? Where it's ok for a big neighbor to extinguish a smaller neighbor, right? And just lose an important culture from the world like that?

[Keith_McClary]

Why don't they ...

Because it's so much more convenient to connect from my office desktop (where I open phishing emails) or my smartphone.

[vox_mundi]

Vox, how is this not serious:

National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat. The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants.

They say it's "a very serious threat." Oil and gas pipelines, power grid, water, nuke plants.

And you say "it's just one of many threats," but all the news past couple years is about Russian hacks is it not? ... What are you saying Vox, does China do all the same hacks? And we just talk about the Russian ones? If that's your point, then link some proof to that because all the media reports are on the Russian hacks. All I know about China is they do industrial espionage hacks.

and earlier ...

And I don't want to click on all those links, could you summarize ...

and still earlier ...

Scariest part -- it would be the perfect prelude to nuclear first strike.

Six - I realize you're honestly looking for answers so I'll parse this out for you ...

But first, I need to point out that if you ask for links (hi-lited above) and then ask for a summary of those links (hi-lited above), then you are surrendering your ability to critically judge the information that's provided. Also if you read a story that begins with ...

(unidentified) National Security sources told XYZ News

... you are being given a pre-digested piece of bias. As long as you realize this, then fine - there's nothing wrong with anonymous sources - but they ALL have an agenda.

And, as h2 has pointed out, Drudge Report is not news - it falls somewhere between 'yellow journalism' and 'propaganda'. (Unfortunately, much of MSM is not far behind) ...

... Some regard the Drudge Report as conservative in tone, and has been referred to in the media as "a conservative news aggregator". More recently Richard Siklos, an editor of Fortune magazine, called the Drudge Report a "conservative bullhorn",[43] the Los Angeles Times labelled Drudge a "well-known conservative warrior",[44] the New York Times referred to him as a "conservative muckraker",[45] and Glenn Greenwald called him a "right-wing hack".[46] Greenwald also wrote that the Drudge Report (inter alia) is part of the "Bush/Cheney right-wing noise machine",[47]

"Drudge's coverage affects the media's political coverage", effectively steering the media's political coverage towards what Halperin calls "the most salacious aspects of American politics."

Research by the media magazine Brill's Content in 1998 cast doubt on the accuracy of the majority of the 'exclusives' claimed by the Drudge Report. Of the 51 stories claimed as exclusives from January to September 1998, the magazine found 31 (61%) were actually exclusive stories. Of those, 32% were untrue, 36% were true and the remaining 32% were of debatable accuracy.[20]

In 1997, the Drudge Report reported that incoming White House assistant Sidney Blumenthal beat his wife and was covering it up. Drudge retracted the story the next day and apologized, saying he was given bad information, but Blumenthal filed a $30 million libel lawsuit against Drudge. A federal judge noted in the judgment that Drudge "is not a reporter, a journalist, or a newsgatherer. He is, as he admits himself, simply a purveyor of gossip." http://en.wikipedia.org/wiki/Drudge_Report

But enough with the BS ...

Since this is now open-source (courtesy of Mr. Snowden) let's look at what is happening in the real world. The USA, UK, Australia, China, Russia, Iran, Israel, Estonia, North Korea, Japan, South Africa, Brazil and many other countries are ALL doing what your lead question suggests. And worst.

From Director of National intelligence: Quadrennial Intelligence Community (IC) Review 2009 (SECRET//REL TO USA, FVEY)

(C//REL)The Sentient Enterprise will track and manage thousands of exabytes of data every day (1 exabyte is the equivalent of 100,000 times the Library of Congress, which holds 19 million books), enabling iterative assessments in real time, not days or weeks. The data it manages will be universally discoverable, accessible, and usable by humans and machines equally.

also pg 13 from OCTOBER SURPRISE DNI: Future Scenarios

[vox_mundi]

Six - This should help you sleep better (or not)

NSA Director: China can damage US power grid
http://phys.org/news/2014-11-nsa-direct ... -grid.html

China and "one or two" other countries are capable of mounting cyberattacks to shut down the electric grid in parts of the United States. That's according to Admiral Michael Rogers, the director of the National Security Agency and commander of the U.S. Cyber Command.

The possibility of such cyberattacks by U.S. adversaries has been widely known, but never confirmed publicly by the nation's top cyber official.

At a House hearing, Rogers says U.S. adversaries are performing electronic "reconnaissance," on a regular basis so that they can be in a position to attack the industrial control systems that run everything from chemical facilities to water treatment plants.

Outside experts say the U.S. Cyber Command also has that capability, which in theory should amount to mutual deterrence.

And this is how we would respond...

U.S. Cyber Command Presentation: Assessing Actions Along the Spectrum of Cyberspace Operations
http://publicintelligence.net/uscc-cyber-spectrum/



So if they turn our lights out, we turn their lights out, and we both go back to living in the stone-age.

[Newfie]

There are some pretty stupid transit agencies out there, but, the majority I work with have their control systems on dedicated fiber not connected to the Internet in any fashion.