Evidence of Hacking In Plain Sight
“But Our Executive Government Administration Doesn’t Care”
“Where do we sit while major security breaches take place that affect our nation. The Trump administration budget for national defense is approaching 1 trillion dollars a year for airplanes and tanks when our enemy is not on the ground but in the cloud. The fight has quickly moved from blusterous words, nuclear weapons and tanks to a desktop computer in a small room possibly in your neighborhood. Drones controlled by individuals sitting 7,000 miles away. But, where is our leader of the free world?? Hiding behind his desire to enrich his pockets with illegal gains, taking healthcare away from poor people and giving tax cuts to his wealthy friends. Filling his pockets while our country is under attack seems all he cares about since obtaining the stature of World Leader. Shame on you Trump and shame on Us for allowing this travesty “ The tale of our ongoing troubles sit below in the words from “Fake News” as “45” calls them.
“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.
“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.
American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June. On Thursday, both agencies offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyber attacks.”
It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States.
In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the Not-Petya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.
But the penalties have been light. So far, Mr. Trump has said little to nothing about the Russian role in those attacks.
The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.
That would suggest that at least three separate Russian cyber-operations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.
For years, American intelligence officials tracked a number of Russian state-sponsored hacking units as they successfully penetrated the computer networks of critical infrastructure operators across North America and Europe, including in Ukraine.
Some of the units worked inside Russia’s Federal Security Service, the K.G.B. successor known by its Russian acronym, F.S.B.; others were embedded in the Russian military intelligence agency, known as the G.R.U. Still others were made up of Russian contractors working at the behest of Moscow.
Russian cyberattacks surged last year, starting three months after Mr. Trump took office.
American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.
By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.
They included that of the Wolf Creek Nuclear Operating Corporation, which runs a nuclear plant near Burlington, Kan. But in that case, and those of other nuclear operators, Russian hackers had not leapt from the company’s business networks into the nuclear plant controls.
Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.
In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”
The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.
The Russians have gone farther.
In an updated warning to utility companies on Thursday, Homeland Security officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls.
American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.