OMG Russians Hacked the Grid…Not

Faye HigbeeDecember 31, 2016

0 383 3 minutes read

Russians hacked the grid! Not so fast. A Vermont-based power company detected a malware on one of their laptops that was allegedly from Russian hackers. Except that the malware is readily available on the internet, created in the Ukraine, and it never made it to the actual power grid.

But the freakout continues in several stories by media such as the Washington Post and even Fox News. And legislators are literally screaming for Obama to do more against Russia. But think about it: the Vermont Power Company only services about 265,000 residents. WHY, if Russia wanted to “take down the power grid” would they target a lowly little company like that? Answer- they wouldn’t.

1. No they did not penetrate the grid. 2. The IOCs contained commodity malware – can’t attribute based off that alone. https://t.co/AMNMVzFpFW

— Robert M. Lee (@RobertMLee) December 31, 2016

3. May even be a false positive but have alerted based off of the IOC. 4. This is why the “OMG Russia!” noise distracts network defenders.

— Robert M. Lee (@RobertMLee) December 31, 2016

[Note: Robert M. Lee is the CEO of Dragos, Inc, a critical infrastructure/cyber security firm, and certified instructor. He is also a USAF veteran and was a Cyber Warfare Operations Officer during his service.]

Hacking into 1 US utility is not a penetration into “the grid” no more than popping one bank a penetration of the US financial system #WaPo

— Ron Fabela (@ron_fab) December 31, 2016

A wise note of caution, especially given @RobertMLee‘s critique of the DHS/FBI report (https://t.co/JPlqNs3X5N). https://t.co/6OtWlCQxKw

— Eric Geller (@ericgeller) December 31, 2016

Did Russia hack the DNC? Yes. Is the DHS/FBI report good? No. Does either have anything to do with the electric utility in Vermont? Nope.

— Robert M. Lee (@RobertMLee) December 31, 2016

What are we being distracted from?

Distraction is the operative word here. Recently a liberal asked me why I wasn’t concerned about “Russian hacking and interference in our election.”

Will this presidential election be the most important in American history?

Yes

Because all this “noise” and “frenzy” over it is obviously contrived. And just because some media sources report it, doesn’t make it true. This panic has a purpose:

“You never let a serious crisis go to waste. And what I mean by that it’s an opportunity to do things you think you could not do before.” Rahm Emanuel

WordFence, a group that provides security to websites reported,

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”

The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.

WordFence’s report says that the list of IP addresses provided by the US Government in their “release of proof” may literally be used be a wide range of “other malicious actors” and do not actually provide any “association with Russia.”

There is something else we are being distracted from, America. Don’t be so stupid as to think all this hysteria over Russia hasn’t got an agenda behind it.

H/T Uncle Sam’s Misguided Children

Related:

If you haven’t checked out and liked our Facebook page, please go here and do so.

And if you’re as concerned about Facebook censorship as we are, go here and order this new book: