The Burlington Electric Department, one of Vermont’s two largest electric utilities, said that it had found malware associated with the Russian cyberattacks in one of its laptops.
The Burlington Electric Department said that so far there are no indications that its electric grid or customer information has been compromised. The company said it was unfortunate that “an official or officials improperly shared inaccurate information” to the media.
“On Thursday night, the Burlington Electric Department was alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to recent malicious cyber activity,” Neale Lunderville, general manager of the company said in a statement. “We acted quickly to scan all computers in our system for the malware signature. We detected suspicious Internet traffic in a single Burlington Electric Department computer not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
The company said federal officials have indicated that the specific type of Internet traffic “has been observed elsewhere in the country and is not unique to Burlington Electric.”
The situation with the company has since been determined to be less threatening than earlier reported.
However the Washington Post reported that an official who asked not to be identified, said that while the Russian’s did not use the code to disrupt Burlington Electric’s operations, it presence does emphasize the vulnerability of America’s electric power grid and raises fears that the Russian government is actively trying to penetrate it for a potential attack.
Electric generation facilities are highly computerized and interconnected. A breach of one system could cascade and impact other systems causing widespread disruption.
Last Friday, Vermont Gov. Peter Shumlin (D) called on officials to carry out an investigation into the incident and “undertake remedies to ensure that this never happens again.”
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” he said in a statement.
Meanwhile, questions continue to linger on whether the hacking operations against the Democrat’s computer systems were indeed carried out by the Russian government of lone wolves.
An article in ArsTechnica said that while security companies have for months maintained the attacks were the handy work of people working for the Russian government, other security experts say it is very hard to determine the real origins of the attacks.
Robert Lee, founder of the Dragos security company also wrote in his blog what the joint FBI-DHS report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.”
He said the report lays done its intent as:
- The report is intended to help network defenders; it is not the technical evidence of attribution
- The report contains a combination of private sector data and declassified government data
- The report will help defenders identify and block Russian malware – this is specifically declassified government data, not private sector data
- The report goes beyond indicators to include new tradecraft and techniques used by the Russian intelligence services
The report “does not follow the intent laid out by the White House and confuses readers to think that this report is about attribution and not the intended purpose of helping network defenders,” Lee said.
He also said the reporters failed to properly inform the report’s readers where its data came from.
“Or said more simply: always tell people where you got your data, separate it from your own data which you have a higher confidence level in having observed first hand, and if you are using other people’s campaign names, data, analysis, etc. explain why so that analysts can do something with it instead of treating it as random situational awareness,” Lee said.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…