Bob's Blog

At least three hacking groups have the capability to interfere with or disrupt power grids across the US – and the number of cyber-criminal operations targeting electricity and other utilities is on the rise, according to a new report on the state of industrial control systems.

On Tuesday, the White House blamed North Korea for a massive cyber attack that destabilized hospitals, schools, businesses, and infrastructure across 150 countries in May.

"This was a careless and reckless attack. It affected individuals, industry, governments," said Tom Bossert, the president's homeland security and counterterrorism adviser.

"We do not make this allegation lightly. We do so with evidence, and we do so with partners," he added.

Bossert said the UK, Australia, Canada, New Zealand, and Japan concurred with the US government's analysis. He also called on US companies to partner with the government to help thwart future attacks.

The move comes seven months after suspected North Korean hackers targeted computer systems around the world with WannaCry malware, encrypting vital data and demanding ransom payments in Bitcoin.

The US government says its condemnation is intended to hold the attackers publicly accountable for "malicious behavior" that is "growing more egregious."

Eight Facts on the Hacks
1. The claim that the “election was hacked” is a bit of a misnomer. There’s no standing allegation by U.S. officials that the Russians (or anyone else) “hacked” into our elections system or altered vote counts. Instead, U.S. officials allege hackers connected to the government of Russian President Vladimir Putin, under his direction, stole internal emails from the Democratic National Committee (DNC) and Hillary campaign chairman John Podesta and provided them to WikiLeaks. (However, the U.S. joint report issued Thursday doesn’t mention the DNC, Podesta or WikiLeaks by name.)

Podesta Emails on WikiLeaks

DNC Emails on WikiLeaks

2. U.S. officials have not alleged that anyone falsified the emails provided to WikiLeaks.

3. U.S. intel officials have named the Russian hacking campaign “Grizzly Steppe.”

4. It seems a difficult task to prove the hacks somehow “affected the election” or “helped Donald Trump win.” For example:

One would have to show that tens of thousands of Trump voters were planning to vote for Clinton but changed their mind based solely on the WikiLeaks emails.


One would have to believe the emails somehow managed to only affect the electoral vote but not the popular vote (which Clinton won).

One would have to believe the emails somehow selectively swayed voters in key swing states, but not voters in states where Clinton won.

5. WikiLeaks disputes the U.S. assessment blaming Russia for the DNC leaks. WikiLeaks founder Julian Assange says: “Our source is not the Russian government… We have U.S. intelligence saying that say they know how we got our stuff and when we got it, and us saying we didn’t get it from a state.” Former British ambassador Craig Murray backs up Assange’s version: “I know who leaked them. I’ve met the person who leaked them, and they are certainly not Russian and it’s an insider. It’s a leak, not a hack; the two are different things.”

6. The private cyber firm Crowd Strike had already determined last June that Russian agencies were behind the DNC cyberattacks.

7. There have been many serious cyberattacks reported against U.S. government institutions, but no comparable news coverage or announced U.S. retaliatory measures. For example:

In 2015, Russian hackers attacked the State Department email system in what was called the “worst ever” cyberattack against a federal agency.

Also in 2015, the U.S. Office of Personnel Management reported 5.6 million Americans’ fingerprints were stolen in a malicious cyberattack.
The GAO reports that between 2006 and 2015, the number of cyberattacks climbed 1,300 percent — from 5,500 to over 77,000 a year at 24 federal agencies.
Last March, China government hackers continued a malicious pattern of cyber attacks on U.S. government and private networks, according to U.S. Cyber Command chief Mike Rogers. China has been linked by U.S. intelligence agencies to wide-ranging cyber attacks aimed at stealing information and mapping critical computer networks for future attacks in a crisis or conflict.
Despite the Chinese hacking activity, the Obama administration has taken no action against China for years of large-scale cyber attacks that officials say have cost the nation billions of dollars in stolen intellectual property and compromised networks.

Additionally, there have been no publicly-known retaliatory actions taken by the U.S. for hostile, non-cyber foreign threats such as Chinese fighter jets buzzing U.S. warships and spy planes, and Iran detaining 10 U.S. sailors. (However, the U.S. punished the sailors.)

8. The New York Times recently quoted anonymous U.S. officials who said they concluded Russians hacked the Republican National Committee (RNC), but did not release the information to WikiLeaks, proving that the intent was to help Trump. However, the RNC states that its network systems were not successfully hacked. The Times also anonymously quoted a senior government official who said attempts to penetrate the RNC were not successful.

The Obama administration is preparing to publicly attribute a 2013 cyber attack against a New York dam to Iranian hackers, according to U.S. officials familiar with the investigation.

The Justice Department has prepared an indictment against people thought to be behind the attack, according to the officials. An announcement could come in the next week.

The intrusion at the Bowman Avenue Dam, around 30 miles north of New York City in suburban Rye, New York, isn't considered sophisticated -- the hackers managed only to get access to some back office systems, not the operational systems of the dam, U.S. officials say. U.S. investigators quickly determined the attack was carried out by hackers working for the Iranian government.

...The public attribution of the dam attack is part of a U.S. strategy shift in recent years to publicly "name and shame" countries and, if possible, people behind the proliferation of cyber intrusions targeting U.S. companies and government networks.

In 2014, the Justice Department filed charges against members of the Chinese military allegedly behind a series of intrusions of U.S. industrial companies. Last year, the FBI publicly named North Korea as behind the devastating attack on Sony Pictures Entertainment.

..."The fact that you can affect the infrastructure with stuff you can download off the Internet shouldn't give us any comfort," Taddeo said. It shows that "actors with very little skill" can do tremendous damage, he added.

Iranian cyber activity is on the upswing, and top U.S. intelligence officials say they are increasing resources to counter the possible threat, even amid a diplomatic rapprochement between the U.S. and Iran following the nuclear agreement.

The U.S. has also been partly behind cyber attacks on Iran's nuclear program. In 2009 and 2010, U.S. and Israeli spies used a malicious computer bug called Stuxnet to damage an Iranian nuclear facility.

Iranian computer hackers accessed the control system of a small dam outside of New York City two years ago, raising red flags throughout the U.S. government, according to a published report.

...According to the Wall Street Journal, the Department of Homeland Security was notified of 295 industrial-control-system hacking incidents over the 12 months ending Sept. 30. Over the previous 12 months, the number was 245.

Investigators say they believe the same Russian hackers that carried out attacks on the White House and State Department last year and the attempted penetration of the Pentagon last month were responsible for a major cyberattack that shut down the Joint Chiefs of Staff email for the past 11 days, The Daily Beast has learned.

In all of the attacks, hackers broke into unclassified email networks by sending legitimate-looking emails than turned out to be malware or “spear phishing” attempts. In April, President Obama’s unclassified emails were among those compromised, along with the State Department.

Ten days before the July 27 hacking of the Joint Staff system, the Pentagon sent an email warning “at least five” DOD computer users had been targeted, which was first reported by The Daily Beast. The notice linked those attacks to penetrations of unclassified networks at the White House and State Department that began last year. The Joint Chiefs then suffered what one defense official called the “most sophisticated” attack on its unclassified network, one that has shut down communications ever since for the 4,000 employees on the Joint Staff unclassified server.

Xiafen “Sherry” Chen, an employee of the National Oceanic and Atmospheric Administration (NOAA) office in Ohio, was arrested in October and charged in a federal grand jury indictment with illegally accessing the Army’s National Inventory of Dams (NID).

The NID is a sensitive database containing information on all U.S. dams. U.S. intelligence officials have said the database was compromised by Chinese hackers in 2013 as part of covert efforts by Beijing to gather sensitive information on critical U.S. infrastructure for possible use in a future conflict.

Ms. Chen is charged with stealing sensitive data “involving critical national infrastructure” after accessing the Army Corps of Engineers dam inventory in May 2012 without authorization. She also is charged with lying to investigators.

A 59-year-old naturalized American, Ms. Chen has pleaded not guilty.

An FBI memorandum dated July 11, 2014, outlining a federal search of Ms. Chen’s email, reveals that the probe was part of an investigation of Chinese economic espionage.

The Washington Free Beacon disclosed on May 1, 2013, that U.S. intelligence agencies had traced a cyber intrusion into the Corps of Engineers dam database to the Chinese government. That hacking took place against the Corps of Engineer’s NID and involved an “unauthorized person” who conducted the intrusion in January 2013.

Adm. Mike Rogers, head of the U.S. Cyber Command and director of the National Security Agency, told Congress in November that key networks and control systems for financial, water, and other sectors have been penetrated by foreign states in preparation for future cyberattacks aimed at crippling critical infrastructure.