One of the scenarios that doomsday preppers in America fear most is that the United States will one day see its power grids shut down, disrupted, or eliminated. Such a scenario usually involves the disintegration of social structures, transportation systems, food supplies, and communications systems, all within the first few weeks without power. Experts are now saying that Russia has such a powerful weapon, a cyber weapon that can disrupt the normal workings of a power grid.
The Washington Post reported this week that malware used to disrupt a power grid in Ukraine in December (responsible for one-fifth of the electricity supplied to Ukraine) has been redeveloped into a cyber weapon that can be used against power grids in the U.S. that would effectively disrupt their operations and/or shut them completely down.
Sergio Caltagirone, director of threat intelligence for Dragos, a cyber security firm that studied the so-called CrashOverride malware used in Ukraine, stated in a report that, with a few modifications, the malware can be used as a cyber weapon against U.S. electric transmission and distribution systems. With Russian government hackers already showing a predilection for attacking U.S. utilities, the development, according to Caltagirone, is the product of a decade of hacking and would be a “game changer.”
News of this potential new cyber weapon comes as Washington is embroiled in the various personal and administrative scandals concerning the alleged hacking into and tampering with the 2016 U.S. presidential election. In fact, a Bloomberg report noted this week that Russian hackers made incursions into the voter databases and voting systems of 39 states. This followed in the wake of the leaked National Security Agency’s report to The Intercept that Russian military intelligence conducted a cyber attack on a U.S. voting software company.
The cyber security firm Dragos named the group that created the new malware Electrum, and believes it used the same computer systems as the Russian hackers who attacked the Ukraine power grid in 2015.
John Hultquist, director of intelligence analysis at the cyber security firm FireEye, believes (after analyzing the incidents when attached to iSight Partners, which is now owned by FireEye) the hackers that attacked Ukraine in 2015 were the same that targeted U.S. control systems in 2014. That group of hackers were given the name Sandworm.
“We believe that Sandworm is tied in some way to the Russian government — whether they’re contractors or actual government officials, we’re not sure,” Hultquist said. “We believe they are linked to the security services.”
Other security services concur. Although the U.S. government has not officially blamed the Russian government for involvement in any of the attacks, the Post notes that officials privately agree with the private sector analysis.
According to Robert M. Lee, chief executive of Dragos, Sandworm and Electrum may be the same group or two distinct groups working within the same organization. Either way, forensic evidence indicates they are related in some way.
The CrashOverride malware used in 2015 was remotely manipulated by hackers to cause the blackout.
Dan Gunter, a senior threat hunter for Dragos, warns that “what is particularly alarming… is that it [CrashOverride] is all part of a larger framework.”
The fear that power grids could be down for weeks or months and result in massive social, economic and political upheaval has prompted millions of Americans to prepare for such a worst-case scenario. Called “doomsday preppers,” they accumulate survival techniques and material, weapons and foodstuffs just in case such an incident occurs. Many who adhere to the philosophy point to the power blackout in the northeast U.S. and Canada in August 2003 as a dire warning for future blackouts. According to Mental Floss, eight U.S. states and southeast Canada went without power for two days due to a domino effect of power grid crashes, leaving 11 dead and 50 million people without electricity in the largest outage in North American history.
Still, Lee says that the malware currently is capable of disrupting and/or shutting down a power grids for hours or days but have no long-term effect. This is due to power operators in the U.S. being trained to switch to manual operations when disruptions arise.
Lee says the new malware is “a significant leap forward in tradecraft, it’s also not a doomsday scenario.”
But with more modifications…
[Featured Image by Seongman Mann Kim/Shutterstock]