How Hackers Are Implanting 'Digital Grenades' In American Industrial Networks

Analysis

The United States pioneered the use of cyber weapons when it shattered Iran’s nuclear centrifuges in 2010 but such devastating tools have spread and are now boomeranging to make industrial digital sabotage a growing concern to the United States.


The weapons can wreak destruction and kill people. Experts say cyber weapons can turn off power grids, derail trains, cause offshore oil rigs to list, turn petrochemical plants into bombs and shut down factories.

Twice in the past eight months, federal authorities have issued public warnings that foreign hackers are seeking to penetrate the U.S. electric grid and other parts of national critical infrastructure. The intent: Insert digital grenades that are dormant until the hacker’s sponsor pulls the pin.

In a computer lab at Dragos, an industrial cybersecurity firm in Hanover, Md., founder and chief executive Robert M. Lee and his researchers chart the activities of foreign hacking teams plotting industrial sabotage. They say hackers are developing new, more sophisticated, cyber weapons at a quickening pace, and growing bolder in the process.

“My intel team is tracking eight different teams that are targeting infrastructure around the world,” said Lee, 30, who spent five years working at the National Security Agency and the Pentagon’s Cyber Command before forming his company three years ago.

Lee said his company tracks operations and techniques but does not verify which nations deploy the teams. The top U.S. spy, though, does point a finger of blame. In his annual assessment to Congress in February, Director of National Intelligence Dan Coats said that Russia, China, Iran and North Korea pose the greatest cyber threats to the United States.

“What we’re seeing almost exclusively maps to nation states and intelligence teams,” Lee said.

Lee and other cyber experts said industrial cyber sabotage will be a facet of future wars. Already, they see foreign hackers probing U.S. networks that control natural gas, petrochemical plants, power grids, liquid fuel distribution networks, ports and other industrial facilities.

“Adversaries want to hold our infrastructure at risk. They are seeking to establish persistent, sustained presence in infrastructure networks. They are preparing the battlefield today so that if needed they can attack in the future,” said Paul N. Stockton, a former assistant secretary of defense for homeland security who is now managing director of Sonecon LLC, an economic and security advisory firm in Washington.

U.S. and Israeli cyber warriors blazed the trail on industrial cyber sabotage when they used the Stuxnet digital worm to cause centrifuges at Iran’s Natanz nuclear facility to spin out of control and shatter, inflicting a major setback on Iran’s efforts to enrich uranium to power nuclear weapons and reactors.

More recently, demonstrations of destructive cyber sabotage have piled up.

Russian hackers took down three regions of the Ukrainian power grid in late 2015, causing an outage for several hours that hit 225,000 customers, drawing hardly a peep internationally.

“No senior government leader anywhere in the world came out and even admonished the attack. Forget attribution,” Lee said. “It kind of set a precedent of it being an allowable thing.”

A new attack, again believed to be from Russia, hit a Ukrainian transmission substation in late 2016 that caused three times more power loss than the attack a year earlier.

But high-decibel warnings about industrial vulnerability are growing louder, partly due to public U.S. government alerts but also due to work that Lee and his team at Dragos have done in pulling the veil on a cyberattack that could have caused a major explosion at a petrochemical plant in Saudi Arabia late last year.

Hackers targeted a key component at the petrochemical plan — its safety system.

Such systems guard against high heat, pressure or machinery that operates at too fast speeds. Hackers attempted to disable equipment made by a French supplier, Schneider Electric, at the Saudi plant, specifically its Triconex safety instrumented system controllers. There was no misinterpreting their goal, Lee said. They wanted to trigger an explosion.

“That was the first time malware was ever designed to kill people,” Lee said, referring to malicious computer code. “By targeting that safety system, there’s no reason to do that other than to try to kill people. It is extremely black and white.”

The only reason the hackers didn’t trigger a massive explosion at the Saudi plant, Lee said, is that they made “one simple coding error. It’s very obvious that they just messed up.”

Since reverse engineering the hackers’ code, Lee said Dragos has detected signs that the hacking group is operating far outside of the Middle East, their initial target, and have targeted different kinds of safety systems.

Concerns about foreign hacking of U.S. critical infrastructure often centers on possible attacks on the electric grid, a decentralized system that comprises more than 3,000 power companies. Any regional outage could cause distress, and even fatalities, depending on length.

“If you were to impact the power grid in the middle of winter in the Northeast, you could have a significant lasting effect there,” said John Harbaugh, chief operating officer of R9B, a Colorado Springs, Colo., cybersecurity firm with roots in the Defense Department.

Last October, the Department of Homeland Security and the FBI issued an alert that foreign hackers had targeted “energy, water, aviation, nuclear, and critical manufacturing sectors.” Private cybersecurity companies, such as FireEye, a Milpitas, Calif., cybersecurity company that also investigated the Triconex attack, blamed North Korea for the probing.

Then on March 15, DHS and the FBI issued an alert saying that Russian government hackers had launched “a multistage intrusion campaign” into U.S. nuclear and other energy facilities, using sophisticated tools to implant digital code and hijack networks, carefully covering tracks as they worked. The U.S. government hasn’t said how successful its attempts to thwart such intrusions have been.

Larger utilities have been beefing up their cyber defenses, though, and any power disruption is likely to be only regional.

“I have more concern about Washington, D.C., losing power for 30 minutes than I do about the North American power grid going down,” Lee said, noting that the patchwork, distributed nature of U.S. power generation offers it some resiliency.

While a limited regional outage could alarm citizens, Lee is far more concerned about foreign hackers hitting gas pipelines, petrochemical plants, transportation networks and high-end manufacturing plants, including pharmaceutical companies. Gas pipeline companies don’t operate with the rigorous standards and regulations that restrict power companies, he said.

———

©2018 McClatchy Washington Bureau. Distributed by Tribune Content Agency, LLC.

Casperassets.rbl.ms

Benjamin Franklin nailed it when he said, "Fatigue is the best pillow." True story, Benny. There's nothing like pushing your body so far past exhaustion that you'd willingly, even longingly, take a nap on a concrete slab.

Take $75 off a Casper Mattress and $150 off a Wave Mattress with code TASKANDPURPOSE

And no one knows that better than military service members and we have the pictures to prove it.

Read More Show Less

A low-flying C-17 gave Nashville residents a fright on Friday when the aircraft made several unannounced passes over the city's bustling downtown.

Read More Show Less
George W. Bush/Instagram

This article originally appeared on Business Insider.

Former President George W. Bush is calling for an end to the partial government shutdown, which is about to hit the one-month mark and is currently the longest shutdown in US history.

In an appeal made on Instagram, the 43rd president called on "leaders on both sides to put politics aside, come together, and end this shutdown." The caption was posted with an image of him and former First Lady Laura Bush giving pizza to their Secret Service detail.

Read More Show Less
Staff Sgt. Daniel Christopher Evans was arrested on Jan. 29, 2018. (Photo courtesy of Wilmington Police Department, North Carolina.)

A special operations Marine is due in court on March 7 after being arrested last year for allegedly assaulting his girlfriend, Task & Purpose has learned.

Staff Sgt. Daniel Christopher Evans was arrested and charged with assault inflicting serious injury on July 29, 2018, according to Jennifer Dandron, a spokeswoman for police in Wilmington, North Carolina. Evans is currently assigned as a Critical Skills Operator with the 2nd Marine Raider Battalion at Camp Lejeune, North Carolina, according to the Marine Corps Personnel Locator.

Read More Show Less
U.S. Army 1st Lt. Elyse Ping Medvigy conducts a call-for-fire during an artillery shoot south of Kandahar Airfield, Afghanistan, Aug. 22, 2014. Medvigy, a fire support officer assigned to the 4th Infantry Division's Company D, 1st Battalion, 12th Infantry Regiment, 4th Infantry Brigade Combat Team, is the first female company fire support officer to serve in an infantry brigade combat team supporting Operation Enduring Freedom. U.S. Army photo by Staff Sgt. Whitney Houston (Photo by U.S. Army photo by Staff Sgt. Whitney Houston)

Following Trump's inauguration, some supporters of ground combat integration assumed he would quickly move to reinstate a ban on women in jobs like the infantry. When this did not happen, advocates breathed a collective sigh of relief, and hundreds of qualified women charted a course in history by entering the newly opened occupational fields.

So earlier this week when the Wall Street Journal published an editorial against women in ground combat by conservative political commentator Heather Mac Donald, the inclination of many ground combat integration supporters was to dismiss it outright. But given Trump's proclivity to make knee jerk policy decisions in response to falling approval ratings and the court's tradition of deference to the military when it comes to policies affecting good order and discipline, it would be unwise to assume the 2016 lifting of the ban on women in ground combat is a done deal.

Read More Show Less