U.S. officials say Russian government hackers...

[Belsnickel]

...have penetrated energy and nuclear company business networks.

Sorry for the drama in the title, not enough room to paste the whole title.

https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html?hpid=hp_rhp-top-table-main_russiacyber-855pm%3Ahomepage%2Fstory&utm_term=.e86b3bda2c17

Quote:Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.

The U.S. officials said there is no evidence the hackers breached or disrupted the core systems controlling operations at the plants, so the public was not at risk. Rather, they said, the hackers broke into systems dealing with business and administrative tasks, such as personnel.

At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.

The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks.

The National Security Agency has detected specific activity by the Russian spy agency, the FSB, targeting the energy firms, according to two officials. The NSA declined to comment. The intrusions have been previously reported but not the attribution to Russia by U.S. officials.

The joint alert from the FBI and DHS, first reported by Reuters on June 30, said the hackers have been targeting the industry since at least May. Several days earlier, E & E News, an energy trade publication, had reported that U.S. authorities were investigating cyber-intrusions affecting multiple nuclear-power-generation sites.

The malicious activity comes as President Trump and Russian President Vladimir Putin on Friday acknowledged “the challenges of cyberthreats” and “agreed to explore creating a framework” to better deal with them, including those that harm critical infrastructure such as nuclear energy, according to Secretary of State Rex Tillerson in remarks to reporters. On Saturday, Putin told reporters that he and Trump agreed to set up a working group “on the subject of jointly controlling security in cyberspace.”

The Russian government, which is the United States’ top adversary in cyberspace, targeted U.S. infrastructure in a wide-ranging campaign in 2014.

Moscow has demonstrated how much damage it can do in other countries when it goes after energy systems.

In December 2015, Russian hackers disrupted the electric system in Ukraine, plunging 225,000 customers into darkness. Last December, they tested a new cyberweapon in Kiev, the Ukrainian capital, capable of disrupting power grids around the world.

The recent activity follows the U.S. intelligence community’s conclusion that the Kremlin was behind a campaign to interfere with the 2016 election through hacking and information warfare. Putin has denied such meddling.

The working group that is being set up will also address “how to prevent interference in the domestic affairs of foreign states, primarily in Russia and the U.S.,” Putin said.

The U.S. officials all stressed that the latest intrusions did not affect systems that control the production of nuclear or electric power.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the DHS and FBI said in a joint statement Friday.

One nuclear power company that was penetrated, Wolf Creek Nuclear Operating Corp. in Kansas, issued a statement saying that “there has been absolutely no operational impact to Wolf Creek.” The reason is that the plant’s operational computer systems are completely separate from the corporate network, spokeswoman Jenny Hageman said. “The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the Internet,” she said.

In general, the nation’s 100 or so commercial nuclear power plants are safer from cyberattack than other energy plants because they isolate their control systems from the open Internet, said Bill Gross, director of incident preparedness at the Nuclear Energy Institute.

According to U.S. officials, fewer than a dozen energy companies, including several nuclear energy firms, were affected by the latest Russian cyber-reconnaissance campaign.

While nuclear-power companies are fairly well protected, electric-power plants are less so, experts said.

“It’s a plausible scenario that the adversaries in electric power business networks could pivot to the industrial networks,” said Robert M. Lee, founder and chief executive of Dragos, a cyberfirm that focuses on industrial control systems. “But it’s still not a trivial matter to compromise the industrial systems.”

Dragos last month issued a report analyzing a new Russian cyberweapon that can disrupt electric power grids. Dubbed CrashOverride, the malware is known to have affected only one energy system — in Ukraine in December. But with modifications, it could be deployed against U.S. electric grids, Dragos concluded.

While the current campaign shows no signs — at least not yet — of disrupting the companies’ operations, it is not clear what the adversary’s true motive is, officials said.

“In some sense, this could be significant if this is precursor planning,” said one U.S. official, who like others interviewed spoke on the condition of anonymity to discuss a sensitive topic. “That’s what all cyber bad guys do. They do reconnaissance and they try to establish a presence and maintain access. This in my mind was a reconnaissance effort — to scope things out and figure out” points of entry.

The same actor has also targeted energy and other critical sector firms in Turkey and Ireland, said John Hultquist, director of intelligence analysis at FireEye, a cyberthreat-intelligence firm. He added that the firm has found evidence that the adversary has been hacking into global energy firms since at least 2015.

In their alert, the DHS and FBI stated that the hackers are using spearphishing emails and “watering hole” techniques to ensnare victims. A spearphish targets a user with an authentic-looking email that contains attachments or links embedded with malware. In this case, the hackers often used Microsoft Word attachments that appeared to be legitimate résumés from job applicants, the agencies said. In a watering-hole attack, an unsuspecting victim navigates to a website laced with malware, infecting his or her computer. In both cases, the adversary sought to collect victims’ log-in and password data so that they could sneak into the network and poke around.

Galina Antova, co-founder of the cyberfirm Claroty, said: “There’s no need for hype and hysteria, but this is an issue that should be taken seriously because of the state of the industrial networks” — in particular the non-nuclear systems.

The current cyber-campaign, dubbed Palmetto Fusion by the government, is significant as a warning, officials said. “It signals an ability to get into a system and potentially have a continued presence there, which at a future date, at someone else’s determination, might be exploited to have an effect” that could be particularly disruptive.

[ballsofsteel]

This is a lie! Who are you going to believe US officials or Putin?

[Dill]

(07-09-2017, 07:28 AM)Belsnickel Wrote: ...have penetrated energy and nuclear company business networks.

Sorry for the drama in the title, not enough room to paste the whole title.

https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html?hpid=hp_rhp-top-table-main_russiacyber-855pm%3Ahomepage%2Fstory&utm_term=.e86b3bda2c17

Russia is going to be our friend, Bels. I don't think we need worry that much about cyber-threats from that quarter.

Anyway, did you see that erroneous tweet about the Polish first lady's handshake? How can we trust the US Press anymore?
I am waiting for confirmation on Breitbart and Infowars before I buy this story.

[ballsofsteel]

(07-09-2017, 09:14 AM)Dill Wrote: Russia is going to be our friend, Bels. I don't think we need worry that much about cyber-threats from that quarter.

Anyway, did you see that erroneous tweet about the Polish first lady's handshake? How can we trust the US Press anymore?
I am waiting for confirmation on Breitbart and Infowars before I buy this story.

Don't forget this bastion of accurate reporting, The Daily Wire!

[Vlad]

So is this a grasping at straws thread or just a discussion on cyber attacks?

If its the latter, why limit it to Russia?

Top 5 countries where cyber attacks originate.

https://securitytoday.com/Articles/2017/03/03/Top-5-Countries-Where-Cyber-Attacks-Originate.aspx?Page=2

Did we forget about Snowden?
A bit from Wiki...

In 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China's biggest research institutions, as well as home to one of China's six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies has been watching China and Hong Kong for years.[10]

According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei's technology so that when the company sold equipment to other countries—including both allies and nations that avoid buying American products—the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations

[Dill]

(07-09-2017, 10:09 AM)Vlad Wrote: So is this a grasping at straws thread or just a discussion on cyber attacks?
If its the latter, why limit it to Russia?
Top 5 countries where cyber attacks originate.
https://securitytoday.com/Articles/2017/03/03/Top-5-Countries-Where-Cyber-Attacks-Originate.aspx?Page=2
Did we forget about Snowden?

I don't think the topic of the thread is either "grasping at straws" or cyber attacks in general. It is about the Russian penetration of the US infrastructure, which extends the concern most of us already have about their disruption of the presidential election and national politics.

In any case, the charge against Russia at the moment is not "spying," which is the issue in your Snowden excerpt, but attack and disruption. The US did not hack a mobile phone company in China to disrupt elections there, or otherwise disrupt government functions. Your example posits a false equivalence.

The Russians, who may have invented "whataboutery," usually defend their various aggressions by pointing to another country, usually the US, and saying "What about when the US invaded X?"  Imagine you were falsely accused of murder and at your trial your lawyer, instead of proving your innocence, asked jury and judge "What about all the other murderers in Vlad's town. Why isn't anyone accusing them!?"

[Benton]

It would seem that this would go along with the "17 agencies" that seemed unlikely to some.

[Belsnickel]

(07-09-2017, 10:09 AM)Vlad Wrote: So is this a grasping at straws thread or just a discussion on cyber attacks?

It is a thread about the news story that Russia has engaged in these particular attacks on our energy infrastructure's business and administrative networks.

[Nebuchadnezzar]

I just wonder why our systems of importance such as nuclear power stations, are not on a closed system?

Seriously, why are things like this connected to the Internet where bad people can get in and cause trouble?

Also, why are these guys messing around with nuclear power stations? They could cause more damage and chaos by messing with Wall Street and other financial institutions. You can potentially cause a nuclear meltdown, murder 100,000 people and no one will care all that much but if you mess with money, they will drop a bomb on your house.

[*TheLeonardLeap*]

(07-09-2017, 01:43 PM)Nebuchadnezzar Wrote: I just wonder why our systems of importance such as nuclear power stations, are not on a closed system?

Seriously, why are things like this connected to the Internet where bad people can get in and cause trouble?

Also, why are these guys messing around with nuclear power stations? They could cause more damage and chaos by messing with Wall Street and other financial institutions. You can potentially cause a nuclear meltdown, murder 100,000 people and no one will care all that much but if you mess with money, they will drop a bomb on your house.

Breath deep and focus on the two most important words... "business systems"... of US Nuclear Power. Not operational systems.

So they hacked into the system that they use when they need to place an order to restock the snack machines, or order more toilet paper, or put out a memo that Friday is the day you can wear your local sports team's shirt.

Most important part of that article:

Quote:The U.S. officials all stressed that the latest intrusions did not affect systems that control the production of nuclear or electric power.


“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the DHS and FBI said in a joint statement Friday.

One nuclear power company that was penetrated, Wolf Creek Nuclear Operating Corp. in Kansas, issued a statement saying that “there has been absolutely no operational impact to Wolf Creek.” The reason is that the plant’s operational computer systems are completely separate from the corporate network, spokeswoman Jenny Hageman said. “The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the Internet,” she said.

In general, the nation’s 100 or so commercial nuclear power plants are safer from cyberattack than other energy plants because they isolate their control systems from the open Internet, said Bill Gross, director of incident preparedness at the Nuclear Energy Institute.

But you can be damn sure that there's going to be a ton of people resharing this article all over the internet, mongering up fear that the Russians are going to blow us all up with our own nuclear power plants.

[Benton]

(07-09-2017, 02:23 PM)TheLeonardLeap Wrote: Breath deep and focus on the two most important words... "business systems"... of US Nuclear Power. Not operational systems.

So they hacked into the system that they use when they need to place an order to restock the snack machines, or order more toilet paper, or put out a memo that Friday is the day you can wear your local sports team's shirt.

Most important part of that article:


But you can be damn sure that there's going to be a ton of people resharing this article all over the internet, mongering up fear that the Russians are going to blow us all up with our own nuclear power plants.

From what I understand they weren't looking into vending machine requests but trying to gauge what our nuclear community is up to based off of money trails. To sum it up in a single word, "spying."

The operational networks should be less of an issue as presumably they have better security.

[xxlt]

(07-09-2017, 09:00 AM)ballsofsteel Wrote: This is a lie! Who are you going to believe US officials or Putin?

[xxlt]

(07-09-2017, 12:13 PM)Belsnickel Wrote: It is a thread about the news story that Russia has engaged in these particular attacks on our energy infrastructure's business and administrative networks.

Saint Savior! I am confused. That's what I thought it was about, but I usually have significant difficulty discerning what a thread is about, or so I am often told. Is that what it is really about, or are you just obfuscating!?

[Belsnickel]

(07-09-2017, 02:41 PM)xxlt Wrote: Saint Savior! I am confused. That's what I thought it was about, but I usually have significant difficulty discerning what a thread is about, or so I am often told. Is that what it is really about, or are you just obfuscating!?

Well, there may just be the hint of irony there that this was announced after the announcement from Trump about working with Russia on cyber security. But I was trying to just share the news and let people come up with that on their own.

[Vlad]

(07-09-2017, 09:14 AM)Dill Wrote: Russia is going to be our friend, Bels.

Was that the same thing you said when Hillary offered the Russian Foreign Minister a "reset button" symbolizing the unified resetting of U.S./Russian relations...except you weren't being sarcastic?

During one of the Obama/Romney debates, were you with the crowd that scoffed at Romneys assertion that Russia would pose problems in the future...going along with the imbecile Obamas belief that the Russians were our buddies?

So when Trump makes an honest attempt to mend and improve relations you want to mock? Why?

[xxlt]

(07-09-2017, 03:03 PM)Belsnickel Wrote: Well, there may just be the hint of irony there that this was announced after the announcement from Trump about working with Russia on cyber security. But I was trying to just share the news and let people come up with that on their own.

Pretty sneaky Bels!

[NATI BENGALS]

(07-09-2017, 02:23 PM)TheLeonardLeap Wrote: Breath deep and focus on the two most important words... "business systems"... of US Nuclear Power. Not operational systems.

So they hacked into the system that they use when they need to place an order to restock the snack machines, or order more toilet paper, or put out a memo that Friday is the day you can wear your local sports team's shirt.

Most important part of that article:


But you can be damn sure that there's going to be a ton of people resharing this article all over the internet, mongering up fear that the Russians are going to blow us all up with our own nuclear power plants.

"In December 2015, Russian hackers disrupted the electric system in Ukraine, plunging 225,000 customers into darkness. Last December, they tested a new cyberweapon in Kiev, the Ukrainian capital, capable of disrupting power grids around the world."


They were probably just looking for vending machine snack stocking tips when they accidently cut off power to parts of the country they were invading.


I wrapped another layer of wool over my eyes when i got up today too.


I dont worry about the little stuff either. The guy russia wanted to run our country got the job so it is all good. Time to move past this stuff and start sharing our cyber security secrets with our friends in Russia.

[NATI BENGALS]

(07-09-2017, 04:32 PM)Vlad Wrote: Was that the same thing you said when Hillary offered the Russian Foreign Minister a "reset button" symbolizing the unified resetting of U.S./Russian relations...except you weren't being sarcastic?

During one of the Obama/Romney debates, were you with the crowd that scoffed at Romneys assertion that Russia would pose problems in the future...going along with the imbecile Obamas belief that the Russians were our buddies?

So when Trump makes an honest attempt to mend and improve relations you want to mock? Why?

Was that right after Russia helped get Obama and Hillary elected?

Its like giving some guy who just doused your house in gasoline a lighter.

[Dill]

(07-09-2017, 04:32 PM)Vlad Wrote: Was that the same thing you said when Hillary offered the Russian Foreign Minister a "reset button" symbolizing the unified resetting of U.S./Russian relations...except you weren't being sarcastic?

During one of the Obama/Romney debates, were you with the crowd that scoffed at Romneys assertion that Russia would pose problems in the future...going along with the imbecile Obamas belief that the Russians were our buddies?

So when Trump makes an honest attempt to mend and improve relations you want to mock? Why?

Pretty easy to explain.

1. I didn't say anything when Hillary offered a reset button, though in hindsight, given circumstances at the time, it was not a bad move. The reset was also while Medvedev was president. not Putin.

2. Romney didn't say Russia would "pose problems." He said Russia was our #1 geopolitical foe. And he said it while Obama was amidst negotiations with the Russians about arms limitations. So no, Obama is not going to say "darn right it is" and then expect cooperation.

3. Something has changed since the debate between Romney and Obama. Putin was a different animal from Medvedev. He was offered some concessions, such as removal of missiles from Poland, but he responded by becoming more aggressive. E.g. he invaded Crimea in 2014. So much for "reset."  Further, under Putin Russia has become more authoritarian, with no effective free press. Meeting Russia halfway did not work

 Then last year, Russia made a concerted effort to interfere with US elections to insure a Trump win. Obama confronted him, kicked out a dozen plus spies, confiscated their property, and imposed sanctions on Russia.

So it is not like Trump would be starting from the same place as Obama/Hillary. And there is no reason to believe Putin would regard a weaker president as anything but an opportunity rather than a "friend."

Worse, Trump has rejected the conclusion of the US Intel services that Russia was behind the interference. He has publicly dissed those services and invited our "greatest geopolitical foe" into the Oval office with recording equipment and practically unsupervised. It's like Russia kicked us in the ass and our leader's response is "who knows who really kicked us in the ass?"; let's let bygones be bygones. Russia could be our friend.

So Trump's "honest attempt" strikes me as a rather bad move. Now that Russia is more authoritarian and has attacked us, and never, under Putin, responded to gestures of friendship, why would we expect this to change under a president ignorant of international relations, willing to reduce sanctions on Russia without concessions, ready to withdraw the US from its position of world leadership, and unable to criticize Putin--while more than ready to criticize his own Intel services and free press? This seems more than just incompetence.

[*TheLeonardLeap*]

(07-09-2017, 04:35 PM)NATI BENGALS Wrote: "In December 2015, Russian hackers disrupted the electric system in Ukraine, plunging 225,000 customers into darkness. Last December, they tested a new cyberweapon in Kiev, the Ukrainian capital, capable of disrupting power grids around the world."


They were probably just looking for vending machine snack stocking tips when they accidently cut off power to parts of the country they were invading.


I wrapped another layer of wool over my eyes when i got up today too.


I dont worry about the little stuff either. The guy russia wanted to run our country got the job so it is all good. Time to move past this stuff and start sharing our cyber security secrets with our friends in Russia.

Which would worry me more if you weren't trying to compare a Ukraine power station and a US nuclear power facility's cyber security and security procedures.


PS: Nice enormous font.