How Hackers Are Implanting 'Digital Grenades' In American Industrial Networks


The United States pioneered the use of cyber weapons when it shattered Iran’s nuclear centrifuges in 2010 but such devastating tools have spread and are now boomeranging to make industrial digital sabotage a growing concern to the United States.

The weapons can wreak destruction and kill people. Experts say cyber weapons can turn off power grids, derail trains, cause offshore oil rigs to list, turn petrochemical plants into bombs and shut down factories.

Twice in the past eight months, federal authorities have issued public warnings that foreign hackers are seeking to penetrate the U.S. electric grid and other parts of national critical infrastructure. The intent: Insert digital grenades that are dormant until the hacker’s sponsor pulls the pin.

In a computer lab at Dragos, an industrial cybersecurity firm in Hanover, Md., founder and chief executive Robert M. Lee and his researchers chart the activities of foreign hacking teams plotting industrial sabotage. They say hackers are developing new, more sophisticated, cyber weapons at a quickening pace, and growing bolder in the process.

“My intel team is tracking eight different teams that are targeting infrastructure around the world,” said Lee, 30, who spent five years working at the National Security Agency and the Pentagon’s Cyber Command before forming his company three years ago.

Lee said his company tracks operations and techniques but does not verify which nations deploy the teams. The top U.S. spy, though, does point a finger of blame. In his annual assessment to Congress in February, Director of National Intelligence Dan Coats said that Russia, China, Iran and North Korea pose the greatest cyber threats to the United States.

“What we’re seeing almost exclusively maps to nation states and intelligence teams,” Lee said.

Lee and other cyber experts said industrial cyber sabotage will be a facet of future wars. Already, they see foreign hackers probing U.S. networks that control natural gas, petrochemical plants, power grids, liquid fuel distribution networks, ports and other industrial facilities.

“Adversaries want to hold our infrastructure at risk. They are seeking to establish persistent, sustained presence in infrastructure networks. They are preparing the battlefield today so that if needed they can attack in the future,” said Paul N. Stockton, a former assistant secretary of defense for homeland security who is now managing director of Sonecon LLC, an economic and security advisory firm in Washington.

U.S. and Israeli cyber warriors blazed the trail on industrial cyber sabotage when they used the Stuxnet digital worm to cause centrifuges at Iran’s Natanz nuclear facility to spin out of control and shatter, inflicting a major setback on Iran’s efforts to enrich uranium to power nuclear weapons and reactors.

More recently, demonstrations of destructive cyber sabotage have piled up.

Russian hackers took down three regions of the Ukrainian power grid in late 2015, causing an outage for several hours that hit 225,000 customers, drawing hardly a peep internationally.

“No senior government leader anywhere in the world came out and even admonished the attack. Forget attribution,” Lee said. “It kind of set a precedent of it being an allowable thing.”

A new attack, again believed to be from Russia, hit a Ukrainian transmission substation in late 2016 that caused three times more power loss than the attack a year earlier.

But high-decibel warnings about industrial vulnerability are growing louder, partly due to public U.S. government alerts but also due to work that Lee and his team at Dragos have done in pulling the veil on a cyberattack that could have caused a major explosion at a petrochemical plant in Saudi Arabia late last year.

Hackers targeted a key component at the petrochemical plan — its safety system.

Such systems guard against high heat, pressure or machinery that operates at too fast speeds. Hackers attempted to disable equipment made by a French supplier, Schneider Electric, at the Saudi plant, specifically its Triconex safety instrumented system controllers. There was no misinterpreting their goal, Lee said. They wanted to trigger an explosion.

“That was the first time malware was ever designed to kill people,” Lee said, referring to malicious computer code. “By targeting that safety system, there’s no reason to do that other than to try to kill people. It is extremely black and white.”

The only reason the hackers didn’t trigger a massive explosion at the Saudi plant, Lee said, is that they made “one simple coding error. It’s very obvious that they just messed up.”

Since reverse engineering the hackers’ code, Lee said Dragos has detected signs that the hacking group is operating far outside of the Middle East, their initial target, and have targeted different kinds of safety systems.

Concerns about foreign hacking of U.S. critical infrastructure often centers on possible attacks on the electric grid, a decentralized system that comprises more than 3,000 power companies. Any regional outage could cause distress, and even fatalities, depending on length.

“If you were to impact the power grid in the middle of winter in the Northeast, you could have a significant lasting effect there,” said John Harbaugh, chief operating officer of R9B, a Colorado Springs, Colo., cybersecurity firm with roots in the Defense Department.

Last October, the Department of Homeland Security and the FBI issued an alert that foreign hackers had targeted “energy, water, aviation, nuclear, and critical manufacturing sectors.” Private cybersecurity companies, such as FireEye, a Milpitas, Calif., cybersecurity company that also investigated the Triconex attack, blamed North Korea for the probing.

Then on March 15, DHS and the FBI issued an alert saying that Russian government hackers had launched “a multistage intrusion campaign” into U.S. nuclear and other energy facilities, using sophisticated tools to implant digital code and hijack networks, carefully covering tracks as they worked. The U.S. government hasn’t said how successful its attempts to thwart such intrusions have been.

Larger utilities have been beefing up their cyber defenses, though, and any power disruption is likely to be only regional.

“I have more concern about Washington, D.C., losing power for 30 minutes than I do about the North American power grid going down,” Lee said, noting that the patchwork, distributed nature of U.S. power generation offers it some resiliency.

While a limited regional outage could alarm citizens, Lee is far more concerned about foreign hackers hitting gas pipelines, petrochemical plants, transportation networks and high-end manufacturing plants, including pharmaceutical companies. Gas pipeline companies don’t operate with the rigorous standards and regulations that restrict power companies, he said.


©2018 McClatchy Washington Bureau. Distributed by Tribune Content Agency, LLC.

Former Army 1st Lt. Clint Lorance, whom President Donald Trump recently pardoned of his 2013 murder conviction, claims he was nothing more than a pawn whom generals sacrificed for political expediency.

The infantry officer had been sentenced to 19 years in prison for ordering his soldiers to open fire on three unarmed Afghan men in 2012. Two of the men were killed.

During a Monday interview on Fox & Friends, Lorance accused his superiors of betraying him.

"A service member who knows that their commanders love them will go to the gates of hell for their country and knock them down," Lorance said. "I think that's extremely important. Anybody who is not part of the senior Pentagon brass will tell you the same thing."

"I think folks that start putting stars on their collar — anybody that has got to be confirmed by the Senate for a promotion — they are no longer a soldier, they are a politician," he continued. "And so I think they lose some of their values — and they certainly lose a lot of their respect from their subordinates — when they do what they did to me, which was throw me under the bus."

Read More Show Less
Members of the Iranian Revolutionary Guard Corps march during a parade to commemorate the anniversary of the Iran-Iraq war (1980-88), in Tehran September 22, 2011. (Reuters photo)

Fifteen years after the U.S. military toppled the regime of Saddam Hussein, the Army's massive two-volume study of the Iraq War closed with a sobering assessment of the campaign's outcome: With nearly 3,500 U.S. service members killed in action and trillions of dollars spent, "an emboldened and expansionist Iran appears to be the only victor.

Thanks to roughly 700 pages of newly-publicized secret Iranian intelligence cables, we now have a good idea as to why.

Read More Show Less
(Associated Press photo)

BANGKOK (Reuters) - Defense Secretary Mark Esper expressed confidence on Sunday in the U.S. military justice system's ability to hold troops to account, two days after President Donald Trump pardoned two Army officers accused of war crimes in Afghanistan.

Trump also restored the rank of a Navy SEAL platoon commander who was demoted for actions in Iraq.

Asked how he would reassure countries such as Afghanistan and Iraq in the wake of the pardons, Esper said: "We have a very effective military justice system."

"I have great faith in the military justice system," Esper told reporters during a trip to Bangkok, in his first remarks about the issue since Trump issued the pardons.

Read More Show Less
U.S. Army Rangers resting in the vicinity of Pointe du Hoc, which they assaulted in support of "Omaha" Beach landings on "D-Day," June 6, 1944. (Public domain)

Editor's Note: This article by Richard Sisk originally appeared on, a leading source of news for the military and veteran community.

For one veteran who fought through the crossfires of German heavy machine guns in the D-Day landings, receiving a Congressional Gold Medal on behalf of his service and that of his World War II comrades would be "quite meaningful."

Bills have been introduced in the House and Senate to award the Army Rangers of World War II the medal, the highest civilian award bestowed by the United States, along with the Presidential Medal of Freedom.

Read More Show Less
Senior Airman Marlon Xavier Cruz Gonzalez

An airman at Seymour Johnson Air Force Base was arrested and charged with murder on Sunday after a shooting at a Raleigh night club that killed a 21-year-old man, the Air Force and the Raleigh Police Department said.

Read More Show Less