CrashOverride Power Grid Malware - Is this the next Russian 'threat' to the West?

in #hacking7 years ago (edited)

A hack with malware called CrashOverride (aka Industroyer) can take down a power grid, and was previously demonstrated to work when launched in the Ukraine at Kiev last December, 2016. This attack was allegedly traced back to a hacker group dubbed "Electrum" which is suspected to be Russian, and even allied with the Russian government.

Watch out, the mainstream media is creating the image of Russia as the big-bad-wolf or bogeyman again. Russia is trying to find ways to attack the freedom-loving innocent Americans. Maybe they are right, or maybe not.


Credit: Flickr/Adam Thomas/REMIXED

The malware isn't for spying, but for cyber-sabotage of a nations infrastructure. Portions of a nation's grid can be induced with outages, but they can't take down the whole national grid.

Several news agencies are reporting this as a possible test run for an attack on Europe, or with a few tweaks be used to target the United States. A security firm called Dragos issued a report on the malware Monday, where they describe CrashOverride as a completely new platform and the first malware framework they know of that was created specifically to attack electric grid systems.

This isn't news to the US though, as the U.S. Computer Emergency Readinness Team has the CrashOverride malware evaluated as a yellow or medium risk. "A medium priority incident may affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence."

Another security company Eset also a report Monday, saying:

Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly.

Industroyer's dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind. That means that the attackers didn't need to be looking for protocol vulnerabilities; all they needed was to teach the malware "to speak" those protocols.

The malware looks to open circuit breakers that stop the flow of electricity, and stay closed even if a grid operator tries to close them. It also erases the software used to control the system, meaning the grid operator has to do everything with manual controls at the substation in order to restore the power.

Many people in the US government and media have made claims that the Russian government tried to disrupt the US presidential election and influence its outcome. Now they are adding on to that anti-Russian hysteria this new threat of a possible power grid attack. With the great dependence our modern Western lives have on electricity throughout the year and especially the winter, it's understandable that this threat -- whether real or not -- will elicit fear.

Some articles about this story are even saying that the attack was outright "carried out by Russian government hackers" according tot the US researchers they had information from. Not that the hacker group is likely Russian and suspected to be working with the Russian government due the hack behavior appearing to align with the image of a malicious foreign nation such as Russia. US government officials haven't claimed what some have as quoted above, but apparently in private some officials are beating a different drum.

iSight Partners is a cyberintelligence firm, and they believe, not that they know, but believe the attacks are linked directly to the security services in Russia as contractors or actual government agents. Dragos says the "Sandworm" group from previous attacks in 2015 and the new attack attributed to "Electrum" have forensic evidence that indicate they are related.

CrashOverride isn't the first malware designed to take down the control systems of some part of a nation. The U.S. and Israel did it first with the Stuxnet worm that was designed to disrupt Iran's nuclear program.

Experts say CrashOverride can potentially be modified to go after other control systems like those for the water or gas. This hasn't been done yet. Maybe there are more security upgrades on those installations? I'm curious about nuclear power plant control systems as well.

Whoever made this recent malware, it can be used to disrupt power at most for a couple of days, meaning it's not going to trigger a doomsday scenario where people are stuck without power, looting stores and fighting for bare survival in a post-electric world. As for it being a Russian government sponsored effort, I don't know, but the anti-Russian profile of the media gives me suspicion to doubt the beliefs of these security experts.


References:

Sort:  

This is one of those things that is just stupid.

Smart-meter stupid.

Our electrical grid infrastructure is archaic.
Their ideas of cyber-security are archaic.

The whole thing is just teetering.
And the whole thing can be brought down with just a few people who are willing to live in the dark for a while. This is a very important point of why there are no real terrorists in The US.

With the roll-out of the smart-meter, now anyone can hack the network. Anyone with a little know-how can cause all kinds of havoc.
Network security wasn't even on the evil power people's minds, it was all about control and being able to turn off anyone at will.

Yeah, built long ago, before networking security was much of a concern, then hooked up to networks... 0% potential problems there... Thanks for the feedback.

@Krnel it depends on who is hacking who and winning. The NSA , China , Isreal, Iran and Europe are into cyber attacks and hacking however it is cool for the press and western governments to place all blame on the so called buggy man ie Russia which increases their option poll and credibility in tte west and any contrary news is termed as Fake news. The reality, however, is that all are doing it and yes Russia is good at the game.

Ah, good point, they just want to target one party as the bad guy and blame them for being so "unethical" even though other started it ;)

@Krnel, now you are thinking wisely. remember CIA and NSA including other US and western intelligence have espionage and spying in their DNA . They even spies on their allies leaders and their family members. However now the buggy man is the russians and Iran...Lol. The issue with Russia is that they have a very strong leader who matches them strength with strength... so be wise and open your eyes, do your own smart reseach before comming into conclusion...thanks for your comment buddy and I am following you for more good post...lets stay in touch

RIP the west. Luckily I stay in a 3rd world shithole that no one cares about

The "Reds" are coming for you next! America is protecting the planet! LOL.

Your posts are amazing @krnel
Let me always follow you

Agreed @abudar! I always look forward to a @krnel post
GIF--Clap-applause-good-job-nice-one-clapping-Despicable-Me-Minion-Minions-GIF.gif

Physical harm from computer virus?

Been done before. Google stuxnet.

Great post, very interesting to read..

amazing
intellectually written
highly Appreciated

yea thats true

Waw is very dangerous
A very horrific attack
I just found out that the listri could be hacked

Maybe it should be vigilant to hackers who berserama with Russia

Talking about malware to override electrical grid, reminds me about this short video about potential threat to U.S.
Unfortunately U.S isn't doing a lot to change anything about it.

I like you comment at the very end.. anti-Russian vibe is really strong in U.S. media, whether it is for a reason or not, I don't know to comment.