The Cold War we don't hear about: Russian bears in the utility rooms

To hear Democrats tell it, Russians are bad guys because they meddled in our election to steal the presidency from Hillary Clinton.  Bad, bad, thing, meddling in our politics.

There's another reality we don't hear that much about, highlighted in today's top story in the Wall Street Journal: they're in our utilities.

Here's the WSJ headline: "Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say."

This suggests some rather menacing preparations for a military conflict. The Journal reports:

Hackers working for Russia claimed "hundreds of victims" last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.  They said the campaign likely is continuing.

The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, "air-gapped" or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

"They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.

This should give us the creeps.  Democrats, it seems, are exclusively focused on election meddling, which, as Trump-hating FBI counterintelligence chieftain Peter Strzok noted, has no "'there' there."  That's all they care about as far as Russia goes.

What's really going on are the things we don't really know about.  Not even the spies know as much as they want to know.  They seem to be planning some kind of attack from our insides.

If you are wondering whether this is big or just another blip, as we have heard for years on this state-sponsored hacker front, well, it seems that a state-linked hacking collective called "Energetic Bear" has focused carefully on invading utilities, often through contractors who have access to utilities' software.

This has been an ongoing concern, actually.

Remember when President Trump shut down the Russian consulate last year?  At the time, it seemed so extreme, given that the consulate got through the Cold War without a shutdown, and given that Trump had seemed so Russia-friendly and interested in a rapprochement.  According to this report in Foreign Policy, it was because they were caught mapping all the fiber-optic networks in the Bay Area, steadily, steadily, one grain of sand at a time.  This FP story is an absolute must-read for a sense of what went on.

So who's the big utility in San Francisco and the Bay Area?  Pacific Gas & Electric.  And what's their thing?  Yep, fiber optics.  See this stuff here.  And it turns out a lot of them around the country are into fiber optics.  See this report here.

Here's what Kaspersky Lab, a watcher of cyber-threats, has to say about these guys:

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010.  The group tends to attack different companies with a strong focus on the energy and industrial sectors.  Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more obvious concentration in Europe and the US. In 2016-2017, the number of attacks on companies in Turkey increased significantly.

The main tactics of the group include sending phishing emails with malicious documents and infecting various servers.  The group uses some of the infected servers for auxiliary purposes – to host tools and logs.  Others are deliberately infected to use them in waterhole attacks in order to reach the group's main targets.

Recent activity of the group against US organizations was discussed in a US-CERT advisory, which linked the actor to the Russian government, as well as an advisory by the UK National Cyber Security Centre.

No wonder the Russians got their consulate shut down.  They weren't just targeting secrets from fourth-rate losers on the periphery of military installations, such as Bradley Manning and Ed Snowden; they were getting right into the installations themselves, positioning themselves to control them and to control us.  To heck with messing around with agents and secrets (though they do that, too).

President Trump knew what he was doing in the face of that kind of threat.

This once again points to the stupidity of the politicized investigations around the question of Russian election meddling.  With this sort of scary utility-hacking going on, it makes sense to give the intelligence agencies as much berth as possible to meet the new kind of competition from Russia.  That, I argued recently, is being narrowed due to the threat the Mueller investigation is spreading to national security as it sets new terms for the spy war, centered on Getting Trump, and making it all a strictly law enforcement matter.

Maybe a story like this can shock the Washington establishment into some seriousness.  So long as the focus on Russia is centered on collusion to steal the election from Hillary Clinton, real intelligence capacities are being undermined.

 

This post has been updated -MS

 

To hear Democrats tell it, Russians are bad guys because they meddled in our election to steal the presidency from Hillary Clinton.  Bad, bad, thing, meddling in our politics.

There's another reality we don't hear that much about, highlighted in today's top story in the Wall Street Journal: they're in our utilities.

Here's the WSJ headline: "Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say."

This suggests some rather menacing preparations for a military conflict. The Journal reports:

Hackers working for Russia claimed "hundreds of victims" last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.  They said the campaign likely is continuing.

The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, "air-gapped" or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

"They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.

This should give us the creeps.  Democrats, it seems, are exclusively focused on election meddling, which, as Trump-hating FBI counterintelligence chieftain Peter Strzok noted, has no "'there' there."  That's all they care about as far as Russia goes.

What's really going on are the things we don't really know about.  Not even the spies know as much as they want to know.  They seem to be planning some kind of attack from our insides.

If you are wondering whether this is big or just another blip, as we have heard for years on this state-sponsored hacker front, well, it seems that a state-linked hacking collective called "Energetic Bear" has focused carefully on invading utilities, often through contractors who have access to utilities' software.

This has been an ongoing concern, actually.

Remember when President Trump shut down the Russian consulate last year?  At the time, it seemed so extreme, given that the consulate got through the Cold War without a shutdown, and given that Trump had seemed so Russia-friendly and interested in a rapprochement.  According to this report in Foreign Policy, it was because they were caught mapping all the fiber-optic networks in the Bay Area, steadily, steadily, one grain of sand at a time.  This FP story is an absolute must-read for a sense of what went on.

So who's the big utility in San Francisco and the Bay Area?  Pacific Gas & Electric.  And what's their thing?  Yep, fiber optics.  See this stuff here.  And it turns out a lot of them around the country are into fiber optics.  See this report here.

Here's what Kaspersky Lab, a watcher of cyber-threats, has to say about these guys:

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010.  The group tends to attack different companies with a strong focus on the energy and industrial sectors.  Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more obvious concentration in Europe and the US. In 2016-2017, the number of attacks on companies in Turkey increased significantly.

The main tactics of the group include sending phishing emails with malicious documents and infecting various servers.  The group uses some of the infected servers for auxiliary purposes – to host tools and logs.  Others are deliberately infected to use them in waterhole attacks in order to reach the group's main targets.

Recent activity of the group against US organizations was discussed in a US-CERT advisory, which linked the actor to the Russian government, as well as an advisory by the UK National Cyber Security Centre.

No wonder the Russians got their consulate shut down.  They weren't just targeting secrets from fourth-rate losers on the periphery of military installations, such as Bradley Manning and Ed Snowden; they were getting right into the installations themselves, positioning themselves to control them and to control us.  To heck with messing around with agents and secrets (though they do that, too).

President Trump knew what he was doing in the face of that kind of threat.

This once again points to the stupidity of the politicized investigations around the question of Russian election meddling.  With this sort of scary utility-hacking going on, it makes sense to give the intelligence agencies as much berth as possible to meet the new kind of competition from Russia.  That, I argued recently, is being narrowed due to the threat the Mueller investigation is spreading to national security as it sets new terms for the spy war, centered on Getting Trump, and making it all a strictly law enforcement matter.

Maybe a story like this can shock the Washington establishment into some seriousness.  So long as the focus on Russia is centered on collusion to steal the election from Hillary Clinton, real intelligence capacities are being undermined.

 

This post has been updated -MS