From the same report:
(Emphasis mine.)
What do you think “gained remote access into energy sector networks” means?
Remember, the accusation came from the Trump administration. Not exactly an eager participant in accusing Russia of anything. Do you think they’re wrong about this?
Here’s a paragraph from CNN:
That sounds like about the right characterization to me, given what was released in the alert.
I think it means they hacked some power company’s email, and stole some PDFs and Excel spreadsheets. Not good, but a long ways short of being able to “shut power plants off at will”.
I think the media is wrong about their characterizations of what happened. I think they (the media) are exaggerating the severity of it to a significant degree. “scare-mongering” is the word I’d use, but I recognize that many of you are going to resist the idea that you got duped and that your favorite news source might be pedaling fear.
Well, Homeland Security and the FBI took the trouble to issue a public statement this time rather than a private one as they have in the past, so I suppose we’ve all been duped by them and they are “scare-mongering,” too. Rick Perry is so “scare-mongered” that he’s formed a new Office of Cyber Security and Emergency Response, according to the CNN article you cited. And since numerous news organizations have reported on this and indicated an elevated basis for concern that plants can now potentially be shut down, I thought maybe MSNBC had got it right just this once. But evidently one guy on CNN that “sounds like about the right characterization” knows better. Thanks for setting us all straight.
No, no they are not. THEY didn’t say that the Russians could “shut power plants off at will”. That was a fiction invented by Rachel Maddow and the NYT, AFAICT.
Sorry, I did not even read the thread. Just need to confirm context before I either move on or start trolling…
No, we’re not “debating FBI announcements now”, we’re debating the media’s gross mischaracterization of FBI announcements. Here, we’ll make this REALLY simple:
This is a link to the actual announcement: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors | CISA
Please quote the portion in there that says the Russians can now “shut power plants off at will” (which was how the NYT characterized it).
I disagree. I think the language in the report, “gained remote access into energy sector networks” is very clear. It ain’t email.
Here is a link to the alert, for those who want to follow along.
Here is full quote from your section above:
I’ve bolded the second paragraph that you omitted. You’ll note that they reference the HMI. The screenshot is a GUI, and very clearly NOT an excel spreadsheet. (Interested readers should look at the alert for a more complete understanding. Redacted areas appear to include accounts, spoofed data, and so on.)
The New York Times article also mentions specific detection work done by Symantec and Cloudstrike. These companies have unravelled state-actor level cyber-activity before. I take their conclusions seriously.
Where do we go from here? Whether Russia can shut down our power grid today or in 6 months, Russia is ramping up hostilities and we are nattering on about Trump Jr’s divorce, and porn stars.
No, it’s not clear. It’s terribly vague. “networks” could mean almost anything. I personally have “remote access into energy sector networks” (but was nowhere near able to shut down a power plant).
The headliner is this:
You think they conveniently left “SCADA systems” off this list?
I forgot to include the conclusion from Symantec that also supports the control of systems:
from the New York Times article
It goes back to October 2017, however, in this Wiredarticle
At that time, Symantec declined to publicly state which actor was responsible for the attacks, but was working with NERC and the DHS. Russia was rumored to be behind them. Today the kimono appears to have opened.
So Eric Chien has been pushing the same story line for at least 6 months now. Great. :rolleyes:
I’ve read the entire report, including skimming the code, and I’ll summarize for you. Using a wide variety of techniques from social engineering to far more sophisticated, hackers attempted to gain access to targeted (as opposed to random) agencies/utilities/etc. Their ultimate goal was always to gain access inside the network, either by gaining credentials (legitimate ones that are then used illegitimately), or creating illegitimate ones once they are able to get into the right layers of the network through another means (several are listed). Credentialed users can do all kinds of fun things with a network, from telling a network to do things, to learning more about how a system works, to copying all kinds of data and sending it out of the network to other people who want it. From that starting point, or parallel with it, you can insert other pieces of code into the network, for example to over-heat a reactor, or shut down a grid. If you can get into a network at that level, you can run it.
No the report will not say “shut plants off at will” because the writers of the report think that is obvious. I cannot see where you read that report and believe that they only thing at risk is some Excel files.
The base case is that we should not let anyone rummage around our core systems.
I am slain by your rebuttal. I’ll retire to lick my wounds. :dubious:
Ditka, let it go. You’ve shared your interpretation of the alert, and I’ve shared mine. We disagree, and you’ve presented nothing to change my mind. You need to substantively address the points Sunny Daze raised in Posts #29 and 31. She is showing you exactly where the conclusions about having control to turn off/sabotage the power plants are coming from, and you seem to be simply trying to indulge a strong confirmation bias. I think you saw my user name coupled with the words, “Maddow” and “MSNBC” and drew an instant and erroneous conclusion. I hope you can stop doing this as it adds nothing to the debate. (The mansplaining was funny, though, so thanks for that.)
Sunny Daze, I think your statement about our being in dismaying disarray is spot on and so important. A path forward does seem to be coming into focus, and as much as I hate to invoke politics into your thread, we must regain control over our government as soon as possible in order to mount any meaningful, cohesive and coherent response to what Russia is doing. They know it, too – which is why the disruption is going to be horrendous ahead of the mid-term elections. I liken it to landing a plane through a hurricane. I do think the majority of citizens recognize this. It’s just a long damn time till November. Porn stars and Trump Jr.'s divorce are perhaps just ways to pass the time until more impactful things can be accomplished.
We need to mend fences with our allies as soon as possible. We need to somehow reestablish trust between their intelligence services and our own, so that information can again be freely shared. It is going to be a massive challenge.
We need to be critical of and wide-ranging in our news sources and never, ever take news from social media. Ditka obviously hates MSNBC and Maddow, but my own experience is that they are doing a great job and are often ahead of the curve for what is shown to be true as other agencies catch up. Moreover, I confirmed the story I heard on Maddow with Bloomberg, New York Times, BBC and others before saying anything on the board, as you also did. I don’t care where the news comes from. I only care that it’s factually true. This is one of the biggest problems we face: Being able to discern actual information from false information – and be willing to be wrong.
Like you, I feel gloomy and sad about our present circumstances. Until we find a way to have discussions without imposing preconceived notions about the motivations of our partners in conversation, it will be extremely difficult. With a president who not only thrives on chaos and confict but encourages it as a means of obfuscating his own transgressions, it is going to take an Herculean effort to see our way through to the other side.
Bayard made good points without snark and I hope s/he will return to the thread and give us an interpretation of the additional information you have provided here. S/he may have some additional ideas about what more we might do in the face of this challenge.
I personally think the best thing we can do right now is to be aware of the concerns, share the information with those who are receptive to hearing it and make sure the information informs their votes going foward. We need people in government who are able to recognize and respond to these threats seriously. I am no fan of Rick Perry, but I give him credit for at least trying.
Beyond that, I’m at a loss.
Oh the irony.
Hurricane Ditka was there more?
I’m sorry. Did I misunderstand your meaning? Were you actually expressing admiration for MSNBC and Maddow? 'Coz it just seemed like in virtually every post you made, you were denigrating these news sources and the people who consider them to be credible.
Geez, a guy goes to bed, and people go right on having an engaging conversation without him! The nerve!
So, I have to eat some crow, which I prefer medium well with mustard. I did not read the CERT alert very closely last night. I read the first bit of it, assumed it was like the other 100s of them I’ve seen, and went back to drinking my beer. I should have read it to othe end. It got good.
I’m more inclined to agree with this now. Reading to the end of the CERT alert, I see (as you also quoted later in this thread) that the threat actors got into the intended targets’ networks and moved laterally to the point that they were able to gain control of a computer that apparently used VNC to manage a device involved in power generation. The screenshot is really concerning. It does look like the bad guys had control of a Programmable Logic Controller (PLC), and they quite possibly could have shut down some systems or caused a dangerous condition.
So, in the clear light of day and without beers to drink, this is starting to look like a brown trousers moment. This report has the attackers getting farther than I had assumed they did. Russia has used attacks like this on power grids, notably against Ukraine, so it’s not surprising that they’re targeting us. And I hope we’re doing the same to them. But the extent the which they succeeded here is pretty worrisome.
And stories like this are why I drink in the first place.
My apologies again for shooting from the hip before reading the whole alert.
ETA: And to the power plant people: airgap the nuke systems, guys.
More credible than Rachel? YGTBK