A very important skill for anyone who hopes to be in the know is the ability to put together seemingly unrelated stories for consideration.
Over the past few days, stories about grid incursions, Russians, cyber attacks, and technological failures seemed to be at the top of the headlines. A massive cyber attack could happen far more easily than most people realize.
The good folks over in Prep Club have been posting a lot of interesting links this weekend. Let’s take a peek at each one. All these stories can’t be linked…can they?
The US Is Hacking Russia’s Grid
On Saturday, the New York Times reported (rather irresponsibly in my opinion) that the United States is escalating their “digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin” according to nameless current and former government officials.
Of course, this kind of stuff has been going on for a while. A friend of mine with a military intel background said it’s similar to how we have nukes so that other people with nukes won’t nuke us.
But the NYT story goes far beyond the mutually assured destruction theory.
The American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow…
…the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of “clandestine military activity” in cyberspace, to “deter, safeguard or defend against attacks or malicious cyberactivities against the United States.”
Under the law, those actions can now be authorized by the defense secretary without special presidential approval.
“It has gotten far, far more aggressive over the past year,” one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. “We are doing things at a scale that we never contemplated a few years ago.” (source)
And apparently, the NYT knows about this but President Trump doesn’t.
Two administration officials said they believed Mr. Trump had not been briefed in any detail about the steps to place “implants” — software code that can be used for surveillance or attack — inside the Russian grid.
Pentagon and intelligence officials described broad hesitation to go into detail with Mr. Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017when he mentioned a sensitive operation in Syria to the Russian foreign minister. (source)
So to sum it up, anonymous sources say the US is about ready to take down Russia’s infrastructure without the knowledge of the President, because he might tell someone, so instead, the New York Times just published the super-duper-secret plan.
President Trump responded via Twitter.
Do you believe that the Failing New York Times just did a story stating that the United States is substantially increasing Cyber Attacks on Russia. This is a virtual act of Treason by a once great paper so desperate for a story, any story, even if bad for our Country.....— Donald J. Trump (@realDonaldTrump) June 16, 2019
And the NYT responded:
Accusing the press of treason is dangerous.— NYTimes Communications (@NYTimesPR) June 16, 2019
We described the article to the government before publication. As our story notes, President Trump’s own national security officials said there were no concerns. https://t.co/MU020hxwdc pic.twitter.com/4CIfcqKoEl
But there’s other stuff to contemplate from just this weekend.
Russia is upping their game against us.
After the irresponsible reporting by the NYT, Russia has responded with their own anonymous sources.
Russia has uncovered and thwarted attempts by the United States to carry out cyber attacks on the control systems of Russian infrastructure, Russian news agencies cited an unnamed security source as saying on Monday.
The disclosure was made on Russia’s state-run RIA and TASS news agencies days after the New York Times cited unnamed government sources as saying that the United States had inserted potentially disruptive computer code into Russia’s power grid as part of a more aggressive deployment of its cyber tools. (source)
Isn’t it funny how the NYT has accused Trump and a whole bunch of other people of helping out the Russians but they just tipped off the Russians to an American operation if any of this stuff is true? And I say “any” because who can really take the word of a bunch of anonymous sources. My neighbor’s 94-year-old father could be an anonymous source. Some dude on 4Chan could be an anonymous source. Anonymous sources are not credible in the first place, and certainly not credible enough to kick off a freaking cyberwar with Russia.
Either way, the Kremlin is ticked. TASS, the Russian News Agency, reports:
Russian Presidential Spokesman Dmitry Peskov believes that the United States’ cyberwar against Russia is a hypothetical possibility. He made the statement to the media in response to claims by The New York Times that US secret services over the past year were increasingly active in their attempts to cripple computer malware inside Russia’s power grid.
According to the Kremlin spokesman, Russia has repeatedly said “that the vital areas of our economy are under continuous attacks from abroad.” “We regret to say that,” Peskov said, adding that the relevant Russian agencies continued to counter those attacks in order to prevent damage to the country’s economy.
Peskov also pointed out that “it was President Putin who has on numerous occasions sought to initiate international cooperation to counter any sort of cyber crime.” “Unfortunately, our American partners never responded to our initiatives,” he noted. (source)
While it remains unclear precisely how the new, more aggressive digital incursions into Russia’s power grid are manifesting themselves, Saturday’s report has clearly gotten the attention of Russian foreign policy commentators. “This is a direct challenge that Moscow cannot leave unanswered,”Ruslan Pukhov, an arms expert and head of the Center for Strategies and Technologies, told the Russian business daily Kommersant.(source)
To paraphrase Forrest Gump, “And just like that, the New York Times started a cyberwar.”
Our own power grid is being probed by hackers.
Arstechnica reported that the very same hackers who caused issues in the gas and oil industry with Triconex malware are poking around in our power grid.
“In a new troubling escalation, hackers behind at least two potentially fatal intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere, researchers with security firm Dragos reported Friday.
The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East. Researchers from Dragos have labeled the group the world’s most dangerous cyber threat ever since…
…Now, Dragos is reporting that Xenotime has been performing network scans and reconnaissance on multiple components across the electric grids in the US and in other regions. Sergio Caltagirone, senior VP of threat intelligence at Dragos, told Ars his firm has detected dozens of utilities—about 20 of them located in the US—that have been subjected to Xenotime probes since late 2018. While the activities indicate only an initial exploration and there’s no evidence the utilities have been compromised, he said the expansion was nonetheless concerning.
“The threat has proliferated and is now targeting the US and Asia Pacific electric utilities, which means that we are no longer safe thinking that the threat to our electric utilities is understood or stable,” he said in an interview. “This is the first signal that threats are proliferating across sectors, which means that now we can’t be certain that a threat to one sector will stay in that sector and won’t cross over.” (source)
Nobody knows who is behind Xenotime. although some suspect New Russia Iran.
Oh, and South American had a massive blackout
Millions of South Americans in Argentina, Uraguay, and Paraguay were in the dark for hours this past weekend. Although officials don’t currently have proof of cyber-malfeasance, they’re not ruling it out.
“At this moment we cannot rule out any possibility….as anything can happen as per the current cyber landscape”, said Gustavo Lopetegui, Energy Secretary of Argentina.
“Millions of people were left in darkness and still some regions were reigning under the incident pressure,” says Mauricio Macri, President, Argentina. (source)
So what exactly happened?
The problem in the energy network left Argentina cut off from power at 7:06 a.m. local time (10:06 UTC) Sunday in what Argentine energy company Edesur attributed to “a massive failure in the electrical interconnection system.”
Argentine President Mauricio Macri said on Twitter the outage was “unprecedented.” (source)
NPR reported on the outage.
In Buenos Aires, the Constitucion railway station was empty, with trains halted, according to Bloomberg.
Traffic lights failed across the city, and some shopkeepers ran generators to keep the lights on. Water supplies were disrupted, as were mobile phone and internet services.
The Argentinian news site Infobae reported that the power cut stopped trains and subway service; however, two airports in Buenos Aires continued to run on generators.
Uruguay’s state energy department wrote that “a flaw in the Argentine network” left Uruguay without light, according to Infobae.
There have been a lot of significant cyber attacks since 2006.
The Center for Strategic and International Studies has documented a lot of significant cyber attacks in the past 13 years. This chart sums it up with cyber attacks that cost the victim a million dollars or more.
This is just a summary but you can go here to see CSIS’s full list of cyber attacks.
The prospect of a massive cyber attack seems a lot more likely.
We know that the American infrastructure has not really been hardened against…well…much of anything. It seems like it’s only a matter of time. One computer expert showed the DHS how easy it was to get inside the grid and there’s evidence our grid has been hacked before. It was just recently that a hack disrupted grid operations on an unprecedented level.
Can you imagine the chaos if we had a widespread grid failure in the United States? Heck, look at the upheaval caused by Target’s registers being offline for two hours this weekend. (I’m looking at YOU, Russia.)
It would only take a few days of no power, no internet, no cell phones, no stores, no hospitals, and no gasoline to completely change the world we live in.
Getting prepped for a cyber attack should be pretty high on your list of priorities if it’s not already.