• Grizzly Steppe code found on unconnected Vermont electricity grid laptop
    20 replies, posted
[quote]WASHINGTON (REUTERS) – A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected on a laptop associated with a Vermont electric utility but not connected to the grid, the utility said on Friday (Dec 31). “We took immediate action to isolate the laptop and alerted federal officials of this finding,” the Burlington Electric Department said in a statement. “Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.” The Department of Homeland Security alerted utilities on Thursday night about the malware code used in Grizzly Steppe, the Burlington Electric Department said. “We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organisation’s grid systems,” it said. On Thursday, President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking US political groups in the 2016 presidential election. The statement came after a Washington Post report that Russian hackers penetrated a Vermont utility. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerised and any disruptions can have disastrous implications for the functioning of medical and emergency services, the Post said. A senior Obama administration official said the administration had sought in its sanctions announcement on Thursday to alert “all network defenders” in the United States so they could “defend against Russian malicious cyber activity.” The Department of Homeland Security did not immediately respond to a request for comment. “This intrusion by itself was a minor incident that caused no damage,” a US intelligence official familiar with the incident and critical of Russian actions said on Friday night. “However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure,” the official said.[/quote] [URL]http://www.straitstimes.com/world/united-states/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont?utm_campaign=Echobox&utm_medium=Social&utm_source=Facebook&xtor=CS1-10#link_time=1483157249[/URL]
[quote]A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks. Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services. Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities. Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.” “Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.” Sen. Patrick J. Leahy (D-Vt.) said he was briefed on the attempts to penetrate the electric grid by Vermont State Police on Friday evening. “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.” American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion may have been designed to disrupt the utility’s operations or as a test to see whether they could penetrate a portion of the grid. Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted. “The question remains: Are they in other systems and what was the intent?” a U.S. official said. [/quote] [url=https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html]Washington Post[/url]
idk, maybe Trump is doing the ole keep yer enemies close frienemies closer thingaroo. either way, not gonna fool myself.
snip nvm
Couldn't tell which got posted first, so merged the threads; fuck it. If the code is on a laptop not connected to the grid systems, seems like it's not as serious of an issue imo. I would hope they have stringent regulations as to what external apparatus can be connected to the system.
[quote]Russian hackers penetrated US electricity grid through a utility in Vermont[/quote] [quote]A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected on a laptop associated with a Vermont electric utility [B]but not connected to the grid[/B][/quote] Title is a bit misleading, but holy shit that could have ended badly if it did get into the grid.
Weird, I live about a 5 minute walk from that facility. Maybe I'll take a look today and get to see all the feds roaming around
Welcome to the US Powergrid. Held together with good will and duct tape.
[QUOTE=Sgt Doom;51605144]Couldn't tell which got posted first, so merged the threads; fuck it. If the code is on a laptop not connected to the grid systems, seems like it's not as serious of an issue imo. I would hope they have stringent regulations as to what external apparatus can be connected to the system.[/QUOTE] All it takes is a single flash drive going between this laptop and a computer that is connected to the grid. Considering that a single laptop in Vermont was found with this malware, it will come as no surprise when we find out that many cities are completely infected by now. It is extremely unlikely that Burlington is the only place that was targeted.
what actual code is involved in grizzly steppe? wasnt it just phishing?
[QUOTE=OneFourth;51606351]what actual code is involved in grizzly steppe? wasnt it just phishing?[/QUOTE] The phishing was what they used to get information in order to install the malware. [t]http://i.imgur.com/twsGYGn.png[/t] [url]https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf[/url]
Maybe we should be listening to them number stations...
[QUOTE=Sgt Doom;51605144]Couldn't tell which got posted first, so merged the threads; fuck it. If the code is on a laptop not connected to the grid systems, seems like it's not as serious of an issue imo. I would hope they have stringent regulations as to what external apparatus can be connected to the system.[/QUOTE] Eeeeh it depends. I did a paper on Stuxnet and it was able to infect machines on separate networks through shared printers thanks to a zeroday
[QUOTE=OneFourth;51606351]what actual code is involved in grizzly steppe? wasnt it just phishing?[/QUOTE] it's pretty hilarious since they havent actually released any evidence about grizzly
The main problem with these kinds of attacks are the weakness of the US infrastructure, not with the sophistication of the attacks... Like, lets remove the whole russia part of the conversation for a moment... there is a sizeable part of power plant controllers still running on fucking NT 5.1 kernel and a smaller but still relevant portion running on older kernels, to the point that we know they are there, but we dont know where exactly or how many...
[url]https://www.washingtonpost.com/world/national-security/russian-government-hackers-do-not-appear-to-have-targeted-vermont-utility-say-people-close-to-investigation/2017/01/02/70c25956-d12c-11e6-945a-76f69a399dd5_story.html[/url] Ooops [quote]As federal officials investigate suspicious Internet activity found last week on a Vermont utility computer, they are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility, according to experts and officials close to the investigation. An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.[/quote]
snip
"'Fake News' And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid" [quote]On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.” Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts. [/quote] [url]http://www.forbes.com/sites/kalevleetaru/2017/01/01/fake-news-and-how-the-washington-post-rewrote-its-story-on-russian-hacking-of-the-power-grid/#7e002d97291e[/url] Forbes called them out on their shit.
Basically someone was watching porn on their work computer.
[QUOTE=Tudd;51618086]"'Fake News' And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid" [url]http://www.forbes.com/sites/kalevleetaru/2017/01/01/fake-news-and-how-the-washington-post-rewrote-its-story-on-russian-hacking-of-the-power-grid/#7e002d97291e[/url] Forbes called them out on their shit.[/QUOTE] A Forbes contributor*
[QUOTE=Tudd;51618086]"'Fake News' And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid" [url]http://www.forbes.com/sites/kalevleetaru/2017/01/01/fake-news-and-how-the-washington-post-rewrote-its-story-on-russian-hacking-of-the-power-grid/#7e002d97291e[/url] Forbes called them out on their shit.[/QUOTE] Damage is done, in the end nbarely anyone will see the fixed version, but everyone will be like "Remember when Russia hacked our power grid?"
Sorry, you need to Log In to post a reply to this thread.