I am a bit surprised at the lack of interest in this work. Beyond Greenberg being a shill for American/Israeli intelligence, just the time frame in which the work is set should get curious minds to take a deeper look. Let's get real folks and talk about the American involvement in the USSR's economic implosion. Very naive to think that there would never be any retaliation on Russia's part for Project Hammer.
[..The Christmas blackout attack on Ukraine made clear that Russia’s hackers were indeed waging cyber war—perhaps the first true, wide scale cyber war in history. They had crossed the same line as Stuxnet’s creators, from digital hacking to tangible sabotage. And they had also crossed a line from military to civilian, combining the unrestricted hybrid-warfare tactics of Estonia and Georgia with vastly more sophisticated and dangerous hacking techniques.
But even in late January 2016, only a handful of people in the world were aware of that ongoing threat. Two of them were Mike Assante and Rob Lee. When Assante had returned from the U.S. delegation’s fact-finding trip to Ukraine, he couldn’t share what he’d learned with Lee, since the agencies involved had put a firewall around the information as “for official use only.” But Lee, working from the network logs his Ukrainian contacts had shared with him and other forensic evidence, had already pieced together the anatomy of an extraordinary, multipart intrusion: BlackEnergy, KillDisk, rewritten firmware to lock out defenders, the telephone DDoS attack, disabling on-site electrical backups, and finally the phantom mouse attack that had hijacked the controls of the utility operators.
There was nothing to stop Sandworm from attacking again. Lee and Assante agreed they had played the government’s bureaucratic games long enough. It was time to publish a full report and warn the world.
But as Lee and Assante assembled their findings, they learned that the White House was still insisting on keeping the details of Ukraine’s blackout out of the public eye until the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Readiness Team, or ICS-CERT, could publish a warning to electric utilities. When that report finally came in late February—two months after Sandworm’s attack—it included a statement that left Lee furious: “Public reports indicate that the BlackEnergy (BE) malware was discovered on the companies’ computer networks, however it is important to note that the role of BE in this event remains unknown pending further technical analysis.”
Lee and Assante knew perfectly well how BlackEnergy had been used in the attack: It was the remote-access Trojan planted on victim machines that had begun the long, devious chain of intrusions, leading up to the hackers opening the utilities’ circuit breakers.
Lee saw that ICS-CERT statement as practically a cover-up. By questioning BlackEnergy’s role in the attack, or even its existence on the utilities’ network, the DHS was obscuring a key fact: that the hackers who’d planted that malware had used the same tool to target American utilities just a year earlier—that Americans, too, were at risk.
“The message was: ‘This doesn’t map to us; this is a Ukrainian thing,’ ” says Lee. “They misled the entire community.” ....
[..In the United States, meanwhile, the second Ukrainian blackout resonated momentarily through the cybersecurity community, stealing back a modicum of attention from the frenzy around Russia’s election focused attacks. For the first time in history, as Lee described it to me, a group of hackers had shown it was willing and able to repeatedly attack critical infrastructure. They’d refined their techniques over multiple, evolving assaults. And they’d planted their malware on the U.S. grid once before.
All of that meant, Lee argued, that American utilities and government officials needed to see Russia’s escalating cyberwar operations not only as Ukraine’s problem but as their own. “The people who understand the U.S. power grid know that it can happen here,” he told me.
When I’d run that notion by NERC’s chief security officer, Marcus Sachs, in a phone call, he’d downplayed the threat. American power companies have already learned from Ukraine’s victimization, he argued. Sachs pointed to the road show of briefings he and others had performed for U.S. utilities to educate them about the attacks, hammering into them that they need to shore up their basic cybersecurity practices and turn off remote access to their critical systems whenever possible. And for all the sophistication of the Ukraine grid hacks, he pointed out, even they didn’t really constitute a catastrophe; the lights did, after all, come back on.
“It would be hard to say we’re not vulnerable. Anything connected to something else is vulnerable,” Sachs said. “To make the leap and suggest that the grid is milliseconds away from collapse is irresponsible.”
But to hackers like Sandworm, Lee countered, the United States could present an even more convenient set of targets. U.S. power firms are more attuned to cybersecurity, but they’re also more automated and modern than those in Ukraine, with more computer-controlled equipment. In other words, they present more of a digital “attack surface” to hackers than some older systems.
American engineers, he argued, also have less experience with manual recovery from frequent blackouts than a country like Ukraine. Regional utilities in Ukraine, and even Ukrenergo in Kiev, are all far more accustomed to blackouts from the usual equipment failures than American utilities. They have fleets of trucks ready to drive out to substations and manually switch the power back on, as Ukrainian utilities did in 2015 when the hackers first hit them. Not every hyper automated American utility is prepared for that all-hands, on-the-ground manual override. “Taking down the American grid would be harder than Ukraine,” Lee said. “Keeping it down might be easier.”...]
FULL TEXT
https://exploringrealhistory.blogspot.com/2023/03/part-4-sandworm-new-era-of-cyberwar.html