- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets canceled over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
- ‘Starfish’ is a heartbreaking tale of BFFs, grief, and apocalyptic alien invasions Saturday 10:35 AM
- How to stream UFC Fight Night 148 for free Saturday 10:00 AM
- The kids are making scantron memes instead of studying Saturday 9:29 AM
- Every installment of Hulu’s ‘Into the Dark,’ ranked Saturday 6:00 AM
- The internet is mocking Robert Mueller’s report deadline Friday 7:53 PM
- Instagram blocks some anti-vax hashtags—but still has far to go Friday 6:20 PM
- Study: Netflix released more originals than licensed titles last year Friday 2:26 PM
- Laura Ingraham, Dinesh D’Souza slam journalist for having a job Friday 1:40 PM
- Netflix is testing a cheap-as-hell mobile-only plan Friday 1:08 PM
- Astrology app Co-Star’s bizarre push notifications are now a meme Friday 12:18 PM
Ukraine blames Russia, and several outside experts agree.
The U.S. Cyber Emergency Response Team said on Monday that it had identified a version of the BlackEnergy malware in the industrial-control systems of a Ukrainian energy company that announced major blackouts on Dec. 23.
BlackEnergy is associated with the ethnic Russian hacking group Sandworm, and Ukraine has blamed Russia for the outage. US-CERT, part of the Department of Homeland Security, previously found the malicious code in U.S. energy infrastructure in 2014. It apparently crept into the Ukrainian systems through an infected Microsoft Word file.
“The basic facts and overall circumstances of the cyber attacks that caused the electric power outage in Ukraine all suggest that an ethnically Russian cyber militia was responsible,” Scott Borg, the director of the U.S. Cyber Consequences Unit, a nonprofit cybersecurity research group, said in an email.
“The significant thing about this event is that the actual functions of a critical infrastructure industry were affected,” Borg said. “Russian cyber militias have always carefully avoided these sorts of targets in their previous cyber campaigns.”
If the outage is confirmed to be the result of a cyberattack, it would represent the first instance of a digital assault causing a physical blackout. Such a determination could prompt greater scrutiny of the international law of cyberspace, which is largely unwritten. The incident is already raising alarm bells in the U.S. energy sector.
Borg considered it “extremely unlikely” that the Russian government had carried out the attack itself, “using these tools.” The BlackEnergy malware’s relative simplicity instead pointed to non-state actors, said Borg, whose group studies the cyber campaigns of groups supporting Russia, China, and other states and causes.
“These cyberattacks did not demonstrate any great knowledge of how electric power systems operate,” he wrote. “They do not appear to have been designed to do maximum damage.”
Instead, he suggested that they “were simply a small political statement, containing a small implicit threat.”
Ukraine and Russia have been locked in political and military conflict since the late 2013 ouster of Ukraine’s pro-Russian president, and Russia has encouraged non-state actors to conduct cyber campaigns on its behalf in previous conflicts.
US-CERT said that it could not “confirm a causal link between the power outage [and] the presence of the malware,” suggesting a possible desire to avoid prematurely linking Russia to the incident. But Borg said that he “would be careful not to read too much into those wordings,” saying that US-CERT’s reports were “not heavily edited and vetted for diplomatic consequence.”
It is unclear whether the Obama administration will formally accuse pro-Russian forces of the attack. In an email to the Daily Dot, Jason Healey, a senior cyber research scholar at Columbia University’s School of International and Public Affairs, said that while “they likely will be under pressure to talk,” officials might let private-sector investigators release the definitive analysis.
The security firm iSIGHT Partners linked the attack to Sandworm in a Jan. 7 report.
Along with DHS, the National Security Agency and the Central Intelligence Agency are said to be investigating the outage.
Marty Edwards, the head of US-CERT’s industrial-control systems division, said at a conference on Wednesday that his investigators saw “more and more [attacks] that are gaining access to that control system layer” due to vulnerabilities in Internet-connected hardware.
Photo via Juanedc.com/Flickr (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.