U.S. officials say a Russian hacking operating penetrated a utility in Vermont. (Victoria Walker/The Washington Post)
The Washington Post
December 30 at 10:30 PM
A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid.
And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services.
Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.

Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

Sen. Patrick J. Leahy (D-Vt.) said he was briefed on the attempts to penetrate the electric grid by Vermont State Police onFriday evening. “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion may have been designed to disrupt the utility’s operations or as a test to see whether they could penetrate a portion of the grid.

Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.

“The question remains: Are they in other systems and what was the intent?” a U.S. official said.

This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries, a senior administration official said. Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official said.

The DHS and FBI also publicly posted information about the malware Thursday as part of a joint analysis report, saying that the Russian military and civilian services’ activity “is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.”

Another senior administration official, who also spoke on the condition of anonymity to discuss security matters, said in an email that “by exposing Russian malware” in the joint analysis report, “the administration sought to alert all network defenders in the United States and abroad to this malicious activity to better secure their networks and defend against Russian malicious cyber activity.”

According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.

Russian hackers, U.S. intelligence agencies say, earlier obtained a raft of internal emails from the Democratic National Committee, which were later released by WikiLeaks during this year’s presidential campaign.

President-elect Donald Trump has repeatedly questioned the veracity of U.S. intelligence pointing to Russia’s responsibility for hacks in the run-up to the Nov. 8 election. He also has spoken highly of Russian President Vladimir Putin, despite President Obama’s suggestion that the approval for hacking came from the highest levels of the Kremlin.

No automatic alt text available.

Trump spokesman Sean Spicer said it would be “highly inappropriate to comment” on the incident given the fact that Spicer has not been briefed by federal authorities at this point.

Obama has been criticized by lawmakers from both parties for not retaliating against Russia before the election. But officials said the president was concerned that U.S. countermeasures could prompt a wider effort by Moscow to disrupt the counting of votes on Election Day, potentially leading to a wider conflict.

Officials said Obama also was concerned that taking retaliatory action before the election would be perceived as an effort to help the campaign of Democratic presidential nominee Hillary Clinton.

On Thursday, when Obama announced new economic measures against Russia and the expulsion of 35 Russian officials from the United States in retaliation for what he said was a deliberate attempt to interfere with the election, Trump told reporters, “It’s time for our country to move on to bigger and better things.”

Trump has agreed to meet with U.S. intelligence officials next week to discuss allegations surrounding Russia’s online activity.

Russia has been accused in the past of launching a cyberattack on Ukraine’s electrical grid, something it has denied. Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power grid, causing a blackout in part of the Ukrainian capital. On Thursday, Ukranian President Petro ­Poroshenko accused Russia of waging a hacking war on his country that has entailed 6,500 attacks against Ukranian state institutions over the past two months.

Since at least 2009, U.S. authorities have tracked efforts by China, Russia and other countries to implant malicious software inside computers used by U.S. utilities. It is unclear if the code used in those earlier attacks was similar to what was found in the Vermont case. In November 2014, for example, federal authorities reported that a Russian malware known as BlackEnergy had been detected in the software controlling electric turbines in the United States.

Tensions between the U.S. and Russia have been on the rise in recent days since President Obama announced sanctions against Putin's government for hacking during the election. The two are pictured together in November 2015

Tensions between the U.S. and Russia have been on the rise in recent days since President Obama announced sanctions against Putin’s government for hacking during the election. The two are pictured together in November 2015

Read more: http://www.dailymail.co.uk/news/article-4077742/Russian-officials-accused-hacking-Vermont-power-grid.html#ixzz4UPf8NqV8
Follow us: @MailOnline on Twitter | DailyMail on Facebook

The Russian Embassy did not immediately respond to a request for comment. Representatives for the Energy Department and DHS declined to comment Friday.

Alice Crites and Carol Morello contributed to this report.



No automatic alt text available.

Ten Years of Russian Cyber Attacks on Other Nations

By Robert Windrem
NBC News

In the past decade the Russian government has mounted more than a dozen significant cyber attacks against foreign countries, sometimes to help or harm a specific political candidate, sometimes to sow chaos, but always to project Russian power.

Starting in 2007, the Russians attacked former Soviet satellites like Estonia, Georgia, and Ukraine, and then branched out to Western nations like the U.S. and Germany. U.S. intelligence officials and cyber experts say a strategy that pairs cyber attacks with on-line propaganda was launched by Russian intelligence a decade ago and has been refined and expanded ever since, with Putin’s blessing. Russia has shut down whole segments of cyber space to punish or threaten countries.

Related: FBI Agrees With CIA Assessment That Russia Wanted Trump to Win

Mike McFaul, the former U.S. ambassador to Russia, says there is a bottom line to the pattern of hacking.

“For years now, the Kremlin has looked for ways to disrupt democracies, to help the people that they like to come to power and to undermine the credibility of the democratic process,” said McFaul. Russia also seeks to weaken the European Union and NATO.

Image may contain: 1 person, eyeglasses

 Stefan Meister

Stefan Meister, who has written extensively on Russian security strategies for the German Council of Foreign Relations, calls the attacks, which often include fake news, “a security strategy, not a media strategy.”

“It is a growing policy that’s strong and successful and they’re getting bolder,” Meister told NBC News. “They are risk takers. Putin is a risk taker, who thinks, ‘If this doesn’t work, we’ll do something else.'”

A chronology developed by NBC News from U.S. intelligence sources shows Russia was involved in the following attacks:

  • April – May 2007: Estonia, a tiny Baltic nation that was occupied by the Soviet Union until 1991, angered Moscow by planning to move a Russian World War II memorial and Russian soldiers’ graves. Russia retaliating by temporarily disabling Estonia’s internet, an especially harsh blow in the world’s most internet dependent economy. The distributed denial of service (DDoS) attack focused on government offices and financial institutions, disrupting communications.
  • June 2008: In a similar attack, Russia punished another former possession in the Baltic. When the Lithuanian government outlawed the display of Soviet symbols, Russian hackers defaced government web pages with hammer-and-sickles and five-pointed stars.
  • August 2008: After Georgia’s pro-Western government sent troops into a breakaway republic backed by Moscow, Russian land, sea and air units invaded the country – and Russian hackers attacked Georgia’s internet, the first time Russia coordinated military and cyber action. Georgia’s internal communications were effectively shut down.
  • January 2009: As part of an effort to persuade the president of Kyrgyzstan to evict an American military base, Russian hackers shut down two of the country’s four internet service providers with a DDOS attack. It worked. Kyrgyzstan removed the military base. Subsequently, Kyrgyzstan received $2 billion in aid and loans from the Kremlin.
  • April 2009: After a media outlet in Kazakhstan published a statement by Kazakhstan’s president that criticized Russia, a DDOS attack attributed to Russian elements shut down the outlet.

Image may contain: sky, cloud and outdoor


  • August 2009: Russian hackers shut down Twitter and Facebook in Georgia to commemorate the first anniversary of the Russian invasion.
  • May 2014: Three days before Ukraine’s presidential election, a Russia-based hacking group, took down the country’s election commission in an overnight attack. Even a back-up system was taken down, but Ukrainian computer experts were able to restore the system before election day. Ukrainian police say they arrested hackers who were trying to rig the results. The attack was aimed at creating chaos and hurting the nationalist candidate while helping the pro-Russian candidate. Russia’s preferred candidate lost.
  • March 2014: For the second time, the Russian government allegedly coordinated military and cyber action. A DDOS attack 32 times larger than the largest known attack used during Russia’s invasion of Georgia disrupted the internet in Ukraine while Russian-armed pro-Russian rebels were seizing control of the Crimea.
  • May 2015: German investigators discovered hackers had penetrated the computer network of the German Bundestag, the most significant hack in German history. The BfV, German’s domestic intelligence service, later said Russia was behind the attack and that they were seeking information not just on the workings of the Bundestag, but German leaders and NATO, among others. Security experts said hackers were trying to penetrate the computers of Chancellor Angela Merkel’s Christian Democratic party.

No automatic alt text available.

German Bundestag

  • December 2015: Hackers believed to Russian took over the control center of a Ukrainian power station, locking controllers out of their own systems and eventually leaving 235,000 homes without power.
  • June 2015 – November 2016: In the U.S., Russian hackers penetrated Democratic party computers, and gained access to the personal emails of Democratic officials, which in turn were distributed to the global media by WikiLeaks. Both the CIA and the FBI now believe the intrusions were intended to undermine the election, hurt Hillary Clinton and help Donald Trump win.
  • October 2015: Security experts believe that the Russian government tried to hack into the Dutch government’s computers to pull out a report about the shoot down of Flight MH17 over Ukraine. The Dutch Safety Board headed the investigation of the Malaysia Airlines downing, and concluded that the passenger plane was brought down by a Russian-made missile fired from an area held by pro-Russian rebels.
  • January 2016: A security firm announces that it believes Russian hackers were behind attacks on Finland’s Foreign Ministry several years before.
  • December 2016: Earlier this month, BfV head Hans-Georg Maasen warned “There is growing evidence of attempts to influence the federal election next year,” referring to German parliamentary elections likely to take place in September 2017. Maasen specifically cited Russia as the source of the attacks, adding, “We expect a further increase in cyber attacks in the run-up to the elections.” Experts believe the Russians are trying to damage incumbent Chancellor Merkel, who supported sanctions against Putin’s personal associates after Russia annexed Crimea.

Scott Borg, president of U.S. Consequences Unit, a cybersecurity firm that tracks Russian attacks, says that even as Russia’s ambition grows it also acts on a much smaller scale. Said Borg, “They have tried to influence local elections in three or four eastern European countries as well as Germany.”

The variety of the attacks does not surprise Meister of the German Council of Foreign Relations. He says the Russians tailor the attacks to the circumstances of each country.

“I think our politicians still underestimate the Russian activities,” he added, saying protection against cyber attacks still doesn’t have the priority it should.

Despite U.S. intelligence’s belief that Russian hacks of the U.S. election were aimed at helping Trump or spreading doubt about the outcome, Meister thinks there is a simpler explanation: The Russians just revel in it.

“Their successful hacking and influencing — we are frightened by that and that makes them happy,” said Meister.

Meister and Borg also believe the rise in Russian cyber attacks has been encouraged by the most powerful men in Russia, pointing to 2012 papers by Vladimir Putin and Gen. Valery Gerasimov, the head of the military. Putin wrote an article in 2012 called “Russia in a Changing World” that advocated using a “complex of tools and methods for achieving foreign policy goals without deploying weapons.” The piece called the internet and social media “effective tool[s].”

Exclusive: Why the White House Waited to Act on Russian Hacking 3:01

Around that same time, said Borg, Russia more effectively organized its cyber efforts, increasingly using its intelligence services to do the job rather than contracting with cyber gangs.

Both Meister and Borg believe Russia sees its cyber effort as a response to Western pressure and as an effective weapon for a nation that knows its conventional military arsenal of tanks, planes and ships is outmatched.

Related: Why Obama Didn’t Do More About Russian Hack

As a senior U.S. intelligence official told NBC News, “Nukes may give them status but cyber gives them a usable strategic capacity, potential for active measures.”

“It’s pragmatic,” said Borg. “If they can put in a good effort, even if they don’t have a good shot at winning, they’ll do it. The benefits are so great they are willing to take risks. If you can greatly diminish NATO or undermine U.S. relations with Europe, it’s worth it to them.”