Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
January 2019: America's Electric Grid Has a Vulnerable Back Door--and Russia Walked Through It
Blast from the past. It pays to clean up your old bookmarks every three or so years.
Thu Jan 10, 2019: America's Electric Grid Has a Vulnerable Back Door--and Russia Walked Through It
Source: Wall Street Journal
The cyberattack on the 15-person company near Salem, Ore., which works with utilities and government agencies, was an early thrust in the worst known hack by a foreign government into the nation’s electric grid. It set off so many alarms that U.S. officials took the unusual step in early 2018 of publicly blaming the Russian government.
A reconstruction of the hack reveals a glaring vulnerability at the heart of the country’s electric system. Rather than strike the utilities head on, the hackers went after the system’s unprotected underbelly—hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.
The scheme’s success came less from its technical prowess—though the attackers did use some clever tactics—than in how it exploited trusted business relationships using impersonation and trickery.
The hackers planted malware on sites of online publications frequently read by utility engineers. They sent out fake résumés with tainted attachments, pretending to be job seekers. Once they had computer-network credentials, they slipped through hidden portals used by utility technicians, in some cases getting into computer systems that monitor and control electricity flows.
Read more: https://www.wsj.com/articles/americas-electric-grid-has-a-vulnerable-back-doorand-russia-walked-through-it-11547137112
The cyberattack on the 15-person company near Salem, Ore., which works with utilities and government agencies, was an early thrust in the worst known hack by a foreign government into the nation’s electric grid. It set off so many alarms that U.S. officials took the unusual step in early 2018 of publicly blaming the Russian government.
A reconstruction of the hack reveals a glaring vulnerability at the heart of the country’s electric system. Rather than strike the utilities head on, the hackers went after the system’s unprotected underbelly—hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.
The scheme’s success came less from its technical prowess—though the attackers did use some clever tactics—than in how it exploited trusted business relationships using impersonation and trickery.
The hackers planted malware on sites of online publications frequently read by utility engineers. They sent out fake résumés with tainted attachments, pretending to be job seekers. Once they had computer-network credentials, they slipped through hidden portals used by utility technicians, in some cases getting into computer systems that monitor and control electricity flows.
Read more: https://www.wsj.com/articles/americas-electric-grid-has-a-vulnerable-back-doorand-russia-walked-through-it-11547137112
Thu Jan 10, 2019: By Rebecca Smith and Rob Barry
By Rebecca Smith and Rob Barry
Jan. 10, 2019 11:18 a.m. ET
https://twitter.com/SmithRebecca (but she hasn't posted there since 2016)
rebecca.smith@wsj.com
https://twitter.com/rob_barry
Rob.Barry@wsj.com
Links to previous articles by Rebecca Smith:
Last July:
DHS: Russian hackers got into control rooms of US utilities
I just finished posting this in the Economy Forum, and I thought it deserved to be in LBN.
Two years ago:
Coverup at French Nuclear Supplier Sparks Global Review
Five years ago:
Assault on California Power Station Raises Alarm on Potential for Terrorism
Jan. 10, 2019 11:18 a.m. ET
https://twitter.com/SmithRebecca (but she hasn't posted there since 2016)
rebecca.smith@wsj.com
https://twitter.com/rob_barry
Rob.Barry@wsj.com
Links to previous articles by Rebecca Smith:
Last July:
DHS: Russian hackers got into control rooms of US utilities
I just finished posting this in the Economy Forum, and I thought it deserved to be in LBN.
Two years ago:
Coverup at French Nuclear Supplier Sparks Global Review
Five years ago:
Assault on California Power Station Raises Alarm on Potential for Terrorism