- The US accused Russia on Thursday of orchestrating cyberattacks against American energy facilities.
- The hackers have been targeting US interests since at least 2015.
- Reports indicate the hackers could have shut down nuclear power plants, water, and electric facilities, but instead gathered intelligence that cybersecurity experts fear will be used for future attacks.
The US has accused Russia of launching cyberattacks that allowed the Kremlin remote access into American nuclear power plants, water facilities, and other critical infrastructure, according to a joint report released Thursday by the Department of Homeland Security and the FBI.
Russian hackers installed malware on vital energy networks and conducted spear phishing operations to gain entry into US computer systems operating a wide range of commercial facilities and nuclear plants, the report said.
Although the hackers didn’t inflict any physical damage, the report’s findings indicate that they had the capabilities to do so by manipulating control systems and shutting down power plants with relative ease.
“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” Eric Chien, a cybersecurity expert at Symantec, a digital security firm, told The New York Times. “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation.”
Last October, Symantec detailed a group called “Dragonfly,” which the cybersecurity firm believes is behind ongoing cyber attacks against the US energy sector.
Cybersecurity firms, including Symantec, fear the group of hackers intentionally avoided inflicting damage and instead infiltrated US computer systems to gather intelligence that would lay the groundwork for future attacks.
“Why trigger an attack when you don’t need it?” Jeff Bardin, the chief intelligence officer at the cyber intelligence firm Treadstone 71, told Business Insider, adding that the Russians may be waiting for an economic emergency to launch a full-throated cyberattack.
Theoretically, the US could respond tit-for-tat by launching its own attack into Russia’s energy sector, but Bardin says this could expose US cyber capabilities. A more practical approach, he says, would be to “hit Putin’s pocketbooks” and “make him look weak” by amplifying Russia’s alleged role in chemical weapons attacks in the UK and Syria.
“You have to make Putin look weak and you have to go after the money,” Bardin said. “Weakness is something Russians hate in their leadership.”
Russia has long targeted US interests
The Dragonfly group, according to Symantec, emerged in 2011, but started launching accelerated attacks in late 2015.
By that point, Russia’s alleged campaign to interfere in the US presidential election and sow discord among Americans was already underway.
US officials have been warning American energy and utility facilities for years of the risks of increasing cyber attacks.
Last year, unidentified hackers targeted a number of US energy companies, including one called Wolf Creek Nuclear Operating Corporation, which controls a nuclear plant in Kansas.
Although the hackers didn’t cause any physical damage, US officials suspected the attack had been orchestrated in an attempt to better understand the layout of critical computer networks.
The energy sector is often an ideal target for cyber attackers looking to inflict serious damage. In December 2015, suspected Russian hackers breached Ukraine’s power grid, causing some 225,000 people to lose electricity. It is believed to be the first known cyberattack to cause a major power outage.
The US has also accused Russia of being behind a series of cyber attacks – dubbed ‘NotPetya’ – last year on various European entities, including electrical facilities in Ukraine.
Last month, White House press secretary Sarah Huckabee Sanders said it was “the most destructive and costly cyber-attack in history.”
The US would know. In 2009-’10, a cyberattack on Iran delivered a devastating blow to the country’s nuclear weapons program.
Malicious code, planted in Iranian control systems, sped up or slowed down nuclear centrifuges until they destroyed themselves – all while the operators’ computer screens showed everything was working as normal.
The US and Israel are believed to have orchestrated the attack together.
“We’ve never seen this before,” Liam O’Murchu, a security researcher, said in a 2016 documentary about the famous attack. “We’ve actually never seen this since, either.”