FBI and DHS blame Russia for cyberattacks on critical US infrastructure

midian182

Posts: 9,632   +120
Staff member

The Department of Homeland Security (DHS) and the FBI have announced that hackers working at the behest of the Russian government are behind a campaign of cyberattacks against American infrastructure. The agencies’ report reveals that multiple attempts to compromise government entities and energy, nuclear, commercial, water, aviation, and critical manufacturing sectors have been taking place since at least March 2016.

Last September, security firm Symantec warned of a resurgence in energy sector attacks by a group of Kremlin-backed hackers known collectively as Dragonfly. Symantec and a few other researchers in 2014 exposed some of their activities, forcing them into a “quiet period.” The DHS and FBI wrote that the company's report “provides additional information about this ongoing campaign.”

Today’s alert reveals that the cyberattacks targeted two types of entities: staging and intended targets. The initial victims are organizations linked to the hackers’ primary targets, such as third-party suppliers who have less secure networks. These are used to plant malware and conduct spear phishing campaigns as a means of infiltrating the energy sector networks.

"After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems," reads the report.

The alert did not name the companies targeted, but it does reveal that they are “small commercial facilities,” some of which are highly vulnerable as they still run older systems. It’s unclear how close the hackers came to gaining control of the systems, and whether the attacks are still ongoing.

The report arrived on the same day that the Treasury Department imposed sanctions against five Russian entities, including the notorious Internet Research Agency, and 19 individuals for attempting to interfere in the 2016 US election and their involvement in a number of cyberattacks, including the NotPetya ransomware incident.

Permalink to story.

 
Putin needs an "outside threat" to consolidate his electorate. West reactions to Russian provocations gives him just that.
People who rule Russia never accepted the break-up of Soviet Union.
Putin's unofficial biography is a thrilling read.
 
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.
 
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.

There's other ways to corroborate evidence of hacking origins. It's not just "hey look it's coming from a russian ip address it must be russians". There are numerous IT forensics involved.
 
Yeah, its pretty much a safe bet these days that if you see a sophisticated attack originating from an IP address with a known country associated to it, then it is pretty much guaranteed that the attacker is not based in that particular country.

You'll also never here about CIA/NSA cyber exploits in Russia or China, because even if the Russians or Chinese are aware of them, they'll never publically disclose them - just to save face. Their governments need to appear impervious to outside meddling in order to remain stable. Its the Achilles heel of xenophobia-based policies.
 
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.
As I see it, that is the trouble. Even with verifiable forensics, I am not so sure that I trust the FBI or the DHS since 45 came into office.
 
All this stuff is called manufacturing consent so that the population will support actions taken against Russia ; as well as to justify increasing the already ridiculous military budget.
 
Last edited:
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.
As I see it, that is the trouble. Even with verifiable forensics, I am not so sure that I trust the FBI or the DHS since 45 came into office.

The career agents at the FBI and CIA are largely apolitical. The new director of the FBI has also seemed largely apolitical given the circumstances (though the CIA has been extremely political -- though that may change with a new director). Also, the other agencies involved in intelligence (like the NSA) have remained largely apolitical.

We shouldn't be too worried by the findings of the intelligence community. We should be extremely worried if cabinet members and executive branch are not using their information to make informed decisions and preparing ourselves against these attacks.
 
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.

Listen to McAffee who was saying long before the Vault 7 release.... "If it looks like Russia, IT'S NOT RUSSIA!". Oh wait, can't listen to that because he was on RT at the time with Larry King and what the hell is he doing there? Isn't it weird how all the people you used to think had some journalistic integrity have been fired and all seem to have skipped over there? Fortunately we've got Rachel Maddow to tell tell us what's really happening and for only $13,000 a week.

America is going to happily march off a cliff and take the rest of us along for the ride because they don't know Hacking 101. They sure think they do though. Could I borrow one of those hats of yours? My implant itches something fierce when I think.
 
Yeah, its pretty much a safe bet these days that if you see a sophisticated attack originating from an IP address with a known country associated to it, then it is pretty much guaranteed that the attacker is not based in that particular country.

You'll also never here about CIA/NSA cyber exploits in Russia or China, because even if the Russians or Chinese are aware of them, they'll never publically disclose them - just to save face. Their governments need to appear impervious to outside meddling in order to remain stable. Its the Achilles heel of xenophobia-based policies.

What's really horrifying is that there's reasonable skepticism here and honest debate, but everywhere else it's screeching weasels and jingoistic patriotism. Those of us in the know are far too small a demographic and "they" are exploiting the hell out of it.
 
There's other ways to corroborate evidence of hacking origins. It's not just "hey look it's coming from a russian ip address it must be russians". There are numerous IT forensics involved.

Yes, but you'll never hear about anything that conflicts with their narrative. How many people know for instance that the IP address that Crowdstrike uses as their smoking gun was from a C and C server that was taken down a year before the DNC "hack"? Why would they hard-code a known dead IP address into their malware? Just stupid that way? Compile times were all just five days before they announced the "hack" as well.
 
Dumb question time, now that we know that the intelligence agencies have the ability to hack systems and make it look like someone else did it, how can we trust any thing they announce like this?

They could just as easily be planting evidence to push an agenda.

Yea, I have a tin hat or two.

There's other ways to corroborate evidence of hacking origins. It's not just "hey look it's coming from a russian ip address it must be russians". There are numerous IT forensics involved.

Any you really think their tools don't take that into account?
 
Back