- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago 3 Years Ago
- NYPD sergeant who watched Eric Garner die punished with lost vacation days 3 Years Ago
- Brie Larson haters have a meltdown over a joke about Thor’s hammer 3 Years Ago
- This comedian attempted to make fun of women on Twitter—and it did not go over well 3 Years Ago
- Logan Paul wants to help the Amazon rainforest Today 12:36 PM
- Nutaku announces redesign and filters for LGBTQ porn games Today 12:25 PM
- This video of dozens of inflatable mattresses taking off in the wind is perfect Today 12:20 PM
- Reddit mods restore Tiananmen Square image after censorship claims Today 12:18 PM
- Billie Eilish parody takes dad jokes to a whole new level Today 11:52 AM
- How to stream Eagles vs. Ravens in NFL preseason action Today 11:26 AM
- How to create your very own Instagram hoax Today 11:15 AM
- ‘Spider-Man’ fans want to ‘storm’ Sony’s office in New York to protest him leaving the MCU Today 11:13 AM
- White House proposing ‘Minority Report’-style office to use data to predict crime Today 11:12 AM
- Streamer OnlyUseMeBlade accused of sexually assaulting a sleeping woman Today 10:50 AM
- How to stream Raiders vs. Packers in NFL preseason action Today 10:07 AM
U.S. confirms cyberattack caused Ukrainian power outage
It’s the first confirmed case of a power outage from a cyber attack.
The Obama administration on Thursday confirmed that a “synchronized and coordinated” cyberattack hit Ukrainian energy companies last year in what is believed to be the first case of a digital assault causing a power outage.
The United States Computer Emergency Readiness Team said in an alert released Thursday night that “remote cyber intrusions at three regional electric power distribution companies” caused the Dec. 23 outage, which affected nearly a quarter of a million people in Ukraine‘s western region. The outage, first widely reported on Dec. 31, attracted international attention because of the largely uncharted legal waters governing cyberspace.
“The cyberattack was reportedly synchronized and coordinated, probably following extensive reconnaissance of the victim networks,” US-CERT, the Department of Homeland Security team that leads the government’s cyber incident response, said in its alert. “According to company personnel, the cyberattacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities.”
Investigators believe that the intruders remotely accessed the industrial control systems that run the plants by using previously acquired high-level login credentials.
Feverish speculation has surrounded the identity of the attackers. Malware called BlackEnergy, which has been linked to a Russian hacker collective called Sandworm Team, was found on each company’s computers. The government of Russian President Vladimir Putin is known to encourage ethnic Russian hackers to conduct attacks that support its foreign-policy goals, such as in Estonia in 2007 and Georgia in 2008.
“The significant thing about this event is that the actual functions of a critical infrastructure industry were affected,” Scott Borg, the director of the U.S. Cyber Consequences Unit, which advises the public and private sectors on cybersecurity, told the Daily Dot in an email on Jan. 13. “Russian cyber militias have always carefully avoided these sorts of targets in their previous cyber campaigns.”
U.S. investigators stressed that the connection between BlackEnergy and this cyberattack was unclear. It could theoretically have been left over from a previous, still-secret breach, or it could have been implanted in preparation for an attack yet to come.
The attribution of cyberattacks is very difficult because the perpetrators can route their digital assaults through innocent computer networks to mask their true origin. China and Russia, often considered the two largest state sponsors of cybercrime, also have some of the most porous networks in the world.
Perhaps owing to the malware’s Russian origins and the tense state of diplomatic relations between the former Cold War rivals—which are locked in conflicts over Iran and Syria—the U.S. cyber response team took pains to avoid directly implicating BlackEnergy.
“It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials; however, this information is still being evaluated,” US-CERT said. “It is important to underscore that any remote access Trojan could have been used and none of BlackEnergy’s specific capabilities were reportedly leveraged.”
In early January, Ukrainian investigators found malware similar to BlackEnergy on the computers of one of the country’s major airports after it, too, suffered a cyberattack.
Congressional Republicans and even some Democrats have assailed the White House for moving slowly to design and execute offensive and defensive policies for cyberspace, which has become a key battlefield in the past few years as more critical infrastructure systems become interconnected.
Photo via J Brew/Flickr (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.