NYC Boss

NYC Boss

The Cold War we don't hear about: Russian bears in the utility rooms

The Cold War we don't hear about: Russian bears in the utility rooms

To hear Democrats tell it, Russians are bad guys because they meddled in our election to steal the presidency from Hillary Clinton. Bad, bad, thing, meddling in our politics.

To hear some Republicans tell it, Russians are bad, because, well, they can't be trusted. See: Nikki Haley. There's all that stuff about how they treat their neighbors and dissidents, and who knows, maybe she knows more. But it seems to be an all-purpose kind of aversion at this point. I like Haley, but I think she comes down so hard in this instance there's no way the Russians can make any sort of deal.

But there's another reality we don't hear that much about, highlighted in today's top story in the Wall Street Journal:

They're in our utilities.

Here's the WSJ headline:

Which suggests some rather menacing preparations for a military conflict. The Journal reports:

Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.

The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.

…which should give us the creeps. Democrats, it seems, are exclusively focused on election meddling, which, as Trump-hating FBI counterintelligence chieftain Peter Strzok noted, has no 'there, there.' That's all they care about as far as Russia goes.

Republicans generally just focus through the lens of the old Cold War legacy.

But what's really going on are the things we don't really know about, not even the spies know as much as they want to know. They seem to be planning some kind of attack from our insides.

If you are wondering whether this is big, or just another blip, as we have heard from years on this state-sponsored hacker front, well, it seems that a state-linked hacking collective called 'Energetic Bear' has focused very carefully on invading utilities, often through contractors who have access to utilities' software.

And this has been an ongoing concern, actually.

Remember when President Trump shut down the Russian consulate last year? At the time it seemed so extreme, given that the consulate got through the Cold War without a shutdown, and given that Trump had seemed so Russia-friendly and interested in a rapprochment. According to this report in Foreign Policy, it was because they were caught mapping all the fiber optic networks in the Bay Area, steadily, steadily, one grain of sand at a time. This FP story is an absolute must-read for a sense of what went on.
So who's the big utility in San Francisco and the Bay Area? Pacific Gas & Electric. And what's their thing? Yep, fiber optics. See this stuff here. And it turns out a lot of them around the country are into fiber optics, see this report here.

 

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more obvious concentration in Europe and the US. In 2016-2017, the number of attacks on companies in Turkey increased significantly.

The main tactics of the group include sending phishing emails with malicious documents and infecting various servers. The group uses some of the infected servers for auxiliary purposes – to host tools and logs. Others are deliberately infected to use them in waterhole attacks in order to reach the group’s main targets.

Recent activity of the group against US organizations was discussed in a US-CERT advisory, which linked the actor to the Russian government, as well as an advisory by the UK National Cyber Security Centre.

So no wonder they got their consulate shut down. They weren't just targeting secrets from fourth-rate losers on the periphery of military installations, such as Bradley Manning and Ed Snowden, they were getting right into the installations themselves, positioning themselves to control them, and to control us. To heck with messing around with agents and secrets (though they do that, too).

President Trump knew what he was doing in the face of the kind of threat we now face.

Which once again points to the stupidity of the politicized investigations around the question of Russian election meddling. With this sort of stuff going on, it makes sense to give the intelligence agencies, as much berth as possible, to meet the new kind of competition from Russia. That, I argued recently, is being narrowed due to the threat the Mueller investigation is spreading to national security as it sets new terms for the spy war, centered around Getting Trump.

Maybe a story like this can shock the Washington establishment into some seriousness. Because so long as the focus on Russia is centered around collusion to steal the election from Hillary Clinton, real intelligence capacities are being undermined.

To hear Democrats tell it, Russians are bad guys because they meddled in our election to steal the presidency from Hillary Clinton. Bad, bad, thing, meddling in our politics.

To hear some Republicans tell it, Russians are bad, because, well, they can't be trusted. See: Nikki Haley. There's all that stuff about how they treat their neighbors and dissidents, and who knows, maybe she knows more. But it seems to be an all-purpose kind of aversion at this point. I like Haley, but I think she comes down so hard in this instance there's no way the Russians can make any sort of deal.

But there's another reality we don't hear that much about, highlighted in today's top story in the Wall Street Journal:

They're in our utilities.

Here's the WSJ headline:

Which suggests some rather menacing preparations for a military conflict. The Journal reports:

Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.

The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.

…which should give us the creeps. Democrats, it seems, are exclusively focused on election meddling, which, as Trump-hating FBI counterintelligence chieftain Peter Strzok noted, has no 'there, there.' That's all they care about as far as Russia goes.

Republicans generally just focus through the lens of the old Cold War legacy.

But what's really going on are the things we don't really know about, not even the spies know as much as they want to know. They seem to be planning some kind of attack from our insides.

If you are wondering whether this is big, or just another blip, as we have heard from years on this state-sponsored hacker front, well, it seems that a state-linked hacking collective called 'Energetic Bear' has focused very carefully on invading utilities, often through contractors who have access to utilities' software.

And this has been an ongoing concern, actually.

Remember when President Trump shut down the Russian consulate last year? At the time it seemed so extreme, given that the consulate got through the Cold War without a shutdown, and given that Trump had seemed so Russia-friendly and interested in a rapprochment. According to this report in Foreign Policy, it was because they were caught mapping all the fiber optic networks in the Bay Area, steadily, steadily, one grain of sand at a time. This FP story is an absolute must-read for a sense of what went on.
So who's the big utility in San Francisco and the Bay Area? Pacific Gas & Electric. And what's their thing? Yep, fiber optics. See this stuff here. And it turns out a lot of them around the country are into fiber optics, see this report here.

 

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more obvious concentration in Europe and the US. In 2016-2017, the number of attacks on companies in Turkey increased significantly.

The main tactics of the group include sending phishing emails with malicious documents and infecting various servers. The group uses some of the infected servers for auxiliary purposes – to host tools and logs. Others are deliberately infected to use them in waterhole attacks in order to reach the group’s main targets.

Recent activity of the group against US organizations was discussed in a US-CERT advisory, which linked the actor to the Russian government, as well as an advisory by the UK National Cyber Security Centre.

So no wonder they got their consulate shut down. They weren't just targeting secrets from fourth-rate losers on the periphery of military installations, such as Bradley Manning and Ed Snowden, they were getting right into the installations themselves, positioning themselves to control them, and to control us. To heck with messing around with agents and secrets (though they do that, too).

President Trump knew what he was doing in the face of the kind of threat we now face.

Which once again points to the stupidity of the politicized investigations around the question of Russian election meddling. With this sort of stuff going on, it makes sense to give the intelligence agencies, as much berth as possible, to meet the new kind of competition from Russia. That, I argued recently, is being narrowed due to the threat the Mueller investigation is spreading to national security as it sets new terms for the spy war, centered around Getting Trump.

Maybe a story like this can shock the Washington establishment into some seriousness. Because so long as the focus on Russia is centered around collusion to steal the election from Hillary Clinton, real intelligence capacities are being undermined.

Published at Tue, 24 Jul 2018 05:00:00 +0000