• Mossberg Owners is in the process of upgrading the software. Please bear with us while we transition to the new look and new upgraded software.

Newly Discovered ‘Nightmare’ Cyber Weapon Causing Blackouts

S

SHOOTER13

Guest
Seven minutes before midnight last Dec. 17, a bomb of sorts went off in a high voltage substation north of Kiev.

But if you were standing outside the 20 acres of gleaming metal transformers and coils, you wouldn’t have heard a bang or seen a flash. It wasn’t that kind of bomb. It was a piece of malicious software that had been hiding in a control room computer miles away, waiting for the right time to reveal itself. At 11:53 p.m., the logic bomb transmitted a staccato burst of pre-programmed commands to the substation, popping one circuit breaker after another until a strip of houses in and around western Kiev were plunged into darkness.

Technicians responded to the Pivnichna substation and took the circuit breakers off computer control, restoring power a little after 1 a.m. It was only the second confirmed case of a computer attack triggering an electrical blackout, and compared to the first, 12 months earlier—also in Ukraine—it was a fizzle, affecting far fewer customers and for a fraction of the time. In the six months since the Kiev attack, security researchers have wondered why the hackers even bothered with such a fleeting disruption and speculated that someone was using Ukraine as a testing ground for a more serious attack.

Now that dark assessment seems to be confirmed. Researchers at two security companies on Monday announced they’ve finally found and analyzed the malware that triggered the Kiev blackout, and it’s far worse than imagined. The computer code, dubbed “CrashOverride” by San Antonio-based Dragos, and “Industroyer” by ESET in Slovakia, is a genuine cyber weapon that can map out a power station’s control network and, with minimal human guidance, issue malicious commands directly to critical equipment. Only once before has the world seen malware designed for such sabotage, with the 2010 Stuxnet virus used against Iran’s nuclear program. CrashOverride is the first to target civilians and the first such malware built to target a nation’s power supply.

It’s unclear who created CrashOverrride. Both ESET and Dragos say it was built from scratch, leaving none of the usual fingerprints that allow analysts to link one hacking campaign to another. Ukraine has faced a near-biblical plague of cyber attacks since entering into hostilities with Russia three years ago, and many have led unequivocally to Moscow. But not so with CrashOverride.

The only thing that’s certain, says security researcher Robert Lee, CEO of Dragos, is that the malware wasn’t built as a one-time weapon. It’s designed from the ground up to be easily reconfigured for a variety of targets and contains some payloads that weren’t even fired off in the Kiev attack.

“It’s a nightmare,” Lee said. “The malware in its current state would be usable for every power plant in Europe. This is a framework designed to target other places.”

ESET was first to find samples of the malware, and the company shared its initial analysis with Dragos, which went on to find additional samples and new components of the code. Electric utilities throughout the United States and Canada were alerted to the new malware last week by the North American Electric Reliability Corporation, the industry group responsible for power grid security.

“We believe that our current protective measures provide an initial barrier,” said Marcus Sachs, NERC’s chief security officer, “and we are providing additional technical information to North American utilities specific to this malware.”
 
CrashOverride marks a significant escalation in the electronic arms race, at a time of overt saber cyber rattling from U.S. adversaries like Russia and North Korea, and increasingly loud warnings about the vulnerability of the power grid. Last January, the Department of Energy assessed that the U.S. now faces “imminent danger” of a cyber attack that would trigger a prolonged cascading outage that would “undermine U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens.”

Lee says CrashOverride is built to cause regional outages and in its current form doesn’t have the capability to start a cascade on the order of the 2003 northeastern U.S. blackout, nor to be easily repurposed to target other industrial control systems like water treatment plants or gas pipelines. But the amount of expertise and resources that went into creating the program augurs even more dangerous malware to come. “What makes this thing a holy crap moment is the understanding of grid operations encoded within it,” he said.

That’s because the code targets a crucial technology called SCADA, for Supervisory Control and Data Acquisition. A SCADA network is essentially a electronic nervous system that allows operators to remotely monitor and control all the pumps, motors, relays, and valves that undergird society’s infrastructure. The technology grew out of the electric industry beginning in the 1940s as a solution to the growing complexity of power distribution, which requires constant monitoring and adjustment of equipment at thousands of substations scattered around the country. Rather than keep technicians at every site, utilities began connecting the substation equipment to meters and knobs at centralized control centers, first by wire, later by radio, and today over serial ports and digital networks, with graphical computer controls replacing the meters and knobs.

As products of a more innocent time, the major SCADA protocols were never designed for security. “We use the term ‘insecure by design,’” said veteran SCADA security guru Dale Peterson. “You can switch relays on and off without any authentication. Everything an attacker would want is a documented feature of the device.”
By the 1990s, the U.S. was eyeing SCADA as a potentially critical vulnerability. In 1997 President Bill Clinton ordered a risk assessment of the power grid, and his advisers found it riddled with holes, including equipment reachable through corporate networks and open dial-up modems.

The electric industry has been developing and enforcing stricter security standards ever since. But with the entry of nation state cyber attackers the risks have only grown, and the industry now regards cyber blackouts as something to plan for, like the inevitable outages triggered by extreme weather. The key, said NERC’s Sachs, is to “ensure rapid restoration should an outage occur, regardless of the cause.”

That gloomy outlook owes much to the first Ukrainian power hack in December 2015. In that attack, intruders used conventional hacking tools and techniques to seize the Windows machines in a utility control room, where they dragged the mouse cursor across the screen and clicked on the controls for a trio of local substations. The resulting blackout left 225,000 people without power. Ukrainian security services attributed the attack to Russia.

BBCz01f.img

© Provided by The Daily Beast - Photo Illustration by The Daily Beast

While successful, that attack suffered from a critical weakness from a cyber warfare perspective: It didn’t scale. The hack required manual effort by a control system expert sitting at a keyboard. That limitation is obliterated by CrashOverride, which, once it is configured and deployed, operates invisibly and automatically at the lowest levels of a plant network.

The code used in Kiev included swappable modules for four SCADA protocols prevalent in Europe. When the proper module is activated, it runs under the name of the legitimate Windows process controlling equipment at the remote substation. CrashOverride kills the original program and starts issuing its own commands over the SCADA link, cycling through a range of circuit breaker addresses and systematically tripping each of them, then starting again at the top. Even if the control center is able to send its own commands to restore the circuit, CrashOverride will just hit the breaker again, running continuously in an infinite loop. “It’s like a popup on a website where you close it, and it just keeps opening again,” said Lee. “That’s what they’re doing to circuit breakers.”

Peterson said he expects CrashOverride to inspire copycat efforts, particularly among nation state attackers. “To see something that’s been predicted for so long actually happen… More people will think they should be doing it.”

“If we haven’t had enough of a wakeup call already, this is it,” said Dragos’ Joe Slowik, who helped analyze the code. “The time is running out until someone either gets lucky or deliberately targets a network that all U.S. citizens care about, instead of saying, ‘Oh, it’s Ukraine who cares.’”

SOURCE: The Daily Beast by Kevin Poulsen
 
Well, guess it's good I'll soon be getting a true wood/coal fired cookstove. And I've got a generator to power the well pump for a time. I think I know where I'm gonna sink my shallow well though. Should maybe get on that. The garden, and pigs are growing well. Guess all I really gotta worry about is the neighbors. And I didn't want them here in the first place
 
I would guess it was written by or the infrastructure information was provided by someone who designed or worked on the grid software.

Cyber warefare is no joke. Think about how much of our lives we trust to software and internet based services. Whether you own a compter, smarf phone, etc or not your bank, township, government, gas station, grocery store, pension plan, 401K, social.services, etc all do. Even those off the grid will be affected indirectly.
 
Just one of the reasons I'm a prepper...

My job with the DoD was IT...Information Assurance ...CISSP {Certified Information Systems Security Professional}...job description was to Detect/Protect/Preserve/Investigate/Prosecute...the last eight years on a Cybercrime Task Force...TS Clearance...gathered and preserved custody chain of all electronic devices at the scene...performed forensics on hard drives to retrieve data and gather evidence required to prosecute enemies both foreign and domestic.

Hell of a job that had me traveling all over the world...

Our Challenge Coins:

{ In Latin: Formidable Hunter }







 
I often wondered what you did for DOD, but didn't want to ask. That's not something that casually comes up. I respect other folks' privacy.
 
No thanks necessary Gentlemen...though I do appreciate the sentiments.

I was proud to serve !!

My Wife { Sergeant Major US Army CID ret } is my Hero...27 Years Active Duty.

{ John: after 9 years of retirement...I'm sure I've been declassified :rolleyes: }
 
Ah Yes...the "Crypto Shack"...and later on working in the SCIF { Sensitive Compartmented Information Facility } ...

as well as the TS clearance was instrumental in getting me picked for the CITF.

The old days
...Optic Scanners...Magnetic Tapes...80 Column punched cards...JCL...Cobol...Fortran...Assembly Language...Dumb Terminals...IBM 360/370 Mainframes...we sure did see it from the beginning eh !?
 
I never got to do any G2 stuff. It was sorta my choice, as I was recruited after the DOD exams. I just wasn't up for it.

Growing up on a dozen different posts around the US, I had heard so many folks gripe about the rigors of service life (not the least of all, my own mother & half the other wives) that by the age of majority I was totally allergic to the idea of government service.

Dad was a COBOL/360 guy, but the first real machine I got my hands on was a Burroughs 6700, and I wrote in Basic and Fortran, and later Moon on the IBM system 32, G-Code and other obscure stuff like AMADA.

But I started out on an analog binary machine. Just a primitive calculator really, with flashing lights and manual switches. There was no programming: it was hard-wired on a "breadboard".

The clock drive was literally an alarm clock motor, and with practice I could run it at maybe 0.1 Hertz. LOL

In the end, I was Mr. Backup. Before the Advent of real-time backup, I did daily, weekly, quarterly and yearly backups of our system. I had extra copies of our data on disk, and on three live machines, in two locations.

Nobody else at work wanted to go to the tedious exercise of doing good backup, let alone testing the backups. This gave me frequent opportunities to be the hero, when other people screwed up.
 
I learned "Pascal" while taking the required computer science course in college. Created a census-type program. Many late nights working on that thing... I bombed the final (sort of) and ended up with a "C". Haven't touched Pascal since... :rolleyes: Helped me determine I was not going to be a computer scientist.

We had a Commodore 64 I played with when I was a kid. With cassette tape storage! :D I think I got as far as "10 type hello", "20 go to 10", then "run" or something like that... (endless loop of "hello") :)
 
I'm such a proud guy, not because of my enormous accomplishments as a computer programmer (which were in fact quick minuscule*) but because both of my daughters, and my wife, and my grandchildren, have all taken a huge interest in computers. This was partly because of me and because of the time I was willing to spend with them on it.

(*particularly compared to my father who got a Letter of Commendation from Congress for his "...absolutely Superior programming..." on some project he would never talk about. As I recall, that was back in the Reagan Star Wars days. We were trying to figure out how to shoot down other people's missiles and my dad came out of radar into computer so that's what I suspect it was about.)

Somewhere here I posted a photo of my elder daughter doing board-level repairs on it modern computerized TV. That's a crappy photo but it warms my heart.

My younger daughter takes after me a bit as well, and I remember feeling a little strange when I gave her a battery charger for her birthday. But then at Christmas time she asked me for an air compressor. :D:D:D
 
Somewhere here I posted a photo of my elder daughter doing board-level repairs on it modern computerized TV.

I picked up a 40" Visio for $20 not working. It near perfect condition with remote, just wouldn't "boot". I bought an ebay board for it that didn't get it running and then put it back up on ebay as I still had the original packaging and was charging extra for shipping. Broke even on it and the guy who bought it agreed to let me know what was wrong with it. He ended up replacing the diodes for the screen.

I have a surround sound receiver with a bulged cap--is she taking side jobs? ;)
 
I own a Commodore 128...taught myself Basic with it...put it back in it's original box...would boot up today if I pulled it out.

5 1/2 Inch Floppies...remember them !?
 
I own a Commodore 128...taught myself Basic with it...put it back in it's original box...would boot up today if I pulled it out.

5 1/2 Inch Floppies...remember them !?

Don't count on it. I booted up my C64 a year or two ago to ship to a friend that wanted it for his collection and it would not boot up. Worked fine when I stored it. I had both the cassette drive and floppy drive with it.


I loved the old days of being able to double the floppy disk capacity by just cutting a notch in the side and inserting it upside down. If you were really committed you bought the special notcher available at the computer shows. LOL.

Now I'm working on a laptop powerful enough to run multiple database engines, multiple instanced of Visual Studio and a plethora other tools concurrently without flinching.
 
Back
Top