- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ 4 Years Ago
- Gun control proposal: Trump, lawmakers considering background check-conducting app Today 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Today 7:00 AM
- What are anons? Today 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Today 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Today 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
- Google Maps helped solve a decades-old missing persons case Saturday 12:27 PM
- Teen who plotted deadly swatting prank over Call of Duty argument gets prison time Saturday 11:58 AM
- RIP to the real star of ‘Stranger Things’: Steve Harrington’s mullet Saturday 11:04 AM
U.S. detects evidence of cyberattack on Ukrainian power company
Ukraine blames Russia, and several outside experts agree.
The U.S. Cyber Emergency Response Team said on Monday that it had identified a version of the BlackEnergy malware in the industrial-control systems of a Ukrainian energy company that announced major blackouts on Dec. 23.
BlackEnergy is associated with the ethnic Russian hacking group Sandworm, and Ukraine has blamed Russia for the outage. US-CERT, part of the Department of Homeland Security, previously found the malicious code in U.S. energy infrastructure in 2014. It apparently crept into the Ukrainian systems through an infected Microsoft Word file.
“The basic facts and overall circumstances of the cyber attacks that caused the electric power outage in Ukraine all suggest that an ethnically Russian cyber militia was responsible,” Scott Borg, the director of the U.S. Cyber Consequences Unit, a nonprofit cybersecurity research group, said in an email.
“The significant thing about this event is that the actual functions of a critical infrastructure industry were affected,” Borg said. “Russian cyber militias have always carefully avoided these sorts of targets in their previous cyber campaigns.”
If the outage is confirmed to be the result of a cyberattack, it would represent the first instance of a digital assault causing a physical blackout. Such a determination could prompt greater scrutiny of the international law of cyberspace, which is largely unwritten. The incident is already raising alarm bells in the U.S. energy sector.
Borg considered it “extremely unlikely” that the Russian government had carried out the attack itself, “using these tools.” The BlackEnergy malware’s relative simplicity instead pointed to non-state actors, said Borg, whose group studies the cyber campaigns of groups supporting Russia, China, and other states and causes.
“These cyberattacks did not demonstrate any great knowledge of how electric power systems operate,” he wrote. “They do not appear to have been designed to do maximum damage.”
Instead, he suggested that they “were simply a small political statement, containing a small implicit threat.”
Ukraine and Russia have been locked in political and military conflict since the late 2013 ouster of Ukraine’s pro-Russian president, and Russia has encouraged non-state actors to conduct cyber campaigns on its behalf in previous conflicts.
US-CERT said that it could not “confirm a causal link between the power outage [and] the presence of the malware,” suggesting a possible desire to avoid prematurely linking Russia to the incident. But Borg said that he “would be careful not to read too much into those wordings,” saying that US-CERT’s reports were “not heavily edited and vetted for diplomatic consequence.”
It is unclear whether the Obama administration will formally accuse pro-Russian forces of the attack. In an email to the Daily Dot, Jason Healey, a senior cyber research scholar at Columbia University’s School of International and Public Affairs, said that while “they likely will be under pressure to talk,” officials might let private-sector investigators release the definitive analysis.
The security firm iSIGHT Partners linked the attack to Sandworm in a Jan. 7 report.
Along with DHS, the National Security Agency and the Central Intelligence Agency are said to be investigating the outage.
Marty Edwards, the head of US-CERT’s industrial-control systems division, said at a conference on Wednesday that his investigators saw “more and more [attacks] that are gaining access to that control system layer” due to vulnerabilities in Internet-connected hardware.
Photo via Juanedc.com/Flickr (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.