How alleged Russian hackers managed to infiltrate critical U.S. infrastructure
Trump administration accused Moscow of an elaborate plot to penetrate America's electric grid
Hackers accused by U.S. authorities of penetrating the country's electrical grid and other critical infrastructure did not have enough access to cause "wide-scale damage," says a cybersecurity expert.
The Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America's electric grid, factories, water supply and even air travel through cyber hacking.
U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies determined Russian intelligence and others were behind a broad range of cyberattacks starting a year ago.
They said Russian hackers infiltrated the networks that run the basic services Americans rely on each day: nuclear power, water and manufacturing plants.
- AS IT HAPPENS: Occupy creator deceived by Russian troll farm
The cyber security firm Symantec warned of the hacks last October.
Vikram Thakur, the company's technical director, spoke with As It Happens host Carol Off. Here is part of that conversation.
What kind of damage could these hackers have done if they had actually flipped the switch and attacked the U.S. power grid?
We think that, overall, the damage would have been not as wide-scale as one would probably imagine. We don't think that the attackers had gotten access to every single organization's network that would be required to cause wide-scale damage or wide-scale kinetic impact.
What did they have the capacity to do?
They were on computer networks, which are connected directly with parts of the energy grid. Think about that as parts of the energy ecosystem where energy is created, distributed, recycled and all that.
So they were on different networks, but we do not believe that their intention at this very moment was to cause any wide-scale disruption if they so chose.
How did you find out that this was happening — that they had hacked in?
So we saw a concerted number of attacks going towards organizations, which are all in the energy sector.
We try to study what the attackers were trying to do in some cases when they got on to certain networks.
On observing them, we were able to gather that information, provide it to the different organizations saying that, "Hey, this seems to be the method and the tactic being employed by someone trying to get into your network."
In some cases, they have not been that successful. In some cases they've had moderate success. But, they seem to be looking for some documents or they seem to be looking for very specific documents.
We can see that on different networks they were attempting different things. We just pieced it all together based on the exact same tools that they were using across all these different networks.
That's how we figured that it's the same group as Dragonfly that we've known about for a few years at this point.
Dragonfly operates out of what country?
According to the U.S. government, Dragonfly operates out of Russia.
How can you be sure that they were hacking in order to possibly conduct some act of sabotage? ... How come that and not the possibility that they were stealing information, they were trying to get technology for their own use?
When an attacker gets onto your computer and starts searching for proprietary file formats which belong only to industrial control systems ... that's when you realize that the attacker is not looking for direct monetary gain from having access to your computers.
He's looking for information about the configuration of your power plants, which can only having one purpose, which is them trying to understand what the sensitive points within your network might be to impact some change in your industrial output.
Why is the U.S. government so convinced that it's the Russians and the Russian government that's behind this?
We have no idea about why the U.S. government thinks that this is Russia, but at the same time we do not have any data to doubt what their claim might be.
In fact, we actually don't even have any data to corroborate what they're saying. So we're sort of agnostic to where the hacking might be occurring from.
How concerned should Americans be with that little wave of the hand over there from Russia saying, "Hey. We can get in here"?
I think it is concerning. But I think what the government has done in this case is definitely commendable. They have put out a huge amount of technical information — very, very, very relevant to the constituents of the critical infrastructure.
And we know for a fact that all those organizations within the critical infrastructure in the U.S. are taking measures to date to raise their own security profile and improve the defences of their own networks.
I would say that if there is a silver lining to these attacks, it is that the collective critical infrastructure's defensive posture has gotten better in the past six months.