A breach of security in vital U.S. infrastructure, which has been active since 2011, has put hundreds of thousands of Americans at risk. According to the Department of Homeland Security (DHS), industrial control systems software, which controls oil and gas pipelines, power transmission grids, water distribution and filtration systems, and wind turbines have been hacked and infected with malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to a private computer. It was originally reported that some nuclear plants were threatened as well, but the Nuclear Energy Institute stated it has “recently received classified briefing by DHS on this Russian malware campaign,” which assured that “U.S. nuclear plants are isolated from external networks.”
According to ABC News, National Security sources have alerted that the presence of the malware is not a random attack by a rogue cyber-terror group. Rather, national security authorities believe the existence of the malware in essential U.S. industrial systems to be under the support of the Russian government. The malware could be used to “damage, modify, or otherwise disrupt” industrial controls.
This malware is quite advanced. According to Tech Times, it gives hackers the capability to control industrial operations with a smartphone, tablet, or a laptop. It also has the capacity for “collaborative control” and information sharing.
Rising tensions between Russia and the West amid the crisis in the Ukraine and other ongoing issues make this revelation all the more alarming. According to ABC, the DHS believes the Russians have “torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat”. DHS spokespersons also speculated Russia may be using the malware as a deterrent against possible future confrontation by the United States, harkening the old strategy of mutually assured destruction.
The malware used in this cyber-invasion has been called “BlackEnergy,” and according to the Washington Times it is the same malware used by the Russian espionage group “Sandworm.” This group is believed to be responsible for its ongoing hacking and spying on North Atlantic Treaty Organization (NATO) since 2009, which was only discovered this past October. Tech Times commented that besides NATO, “Hackers [of the Sandworm group] have been taking advantage of a vulnerability that existed in the Windows OS to conduct cyber espionage on Ukraine…and several other countries since 2009.” Microsoft claims it has since addressed the weaknesses which were exploited by Sandworm, according to the Washington Times. For some, it is becoming evident cyber attacks and cyber espionage is becoming a favorite tool of the Russian government.
This marks the third major allegedly Russian-sponsored cyber attack this year. The Washington Times stated JP Morgan Chase & Co. was hacked and the names and personal information of over 83 million people were compromised. The company was not able to shut out the hackers for weeks.
It seems possible to some to refer to these acts as terrorism by the Russian government. The Washington Times previously quoted a security analyst as describing the JP Morgan attack as scaring “the pants off people.” This latest incident involving critical industrial systems that American citizens depend on likely was in part purposed to evoke fear at home.
It is unclear what the response of the United States will be. It is also vague as to why and how this malware went undetected for three years.