Opinion | With Hacking, the United States Needs to Stop Playing the Victim

As solid as the U.S. cyberoffense is, the defense leaves much to be desired, richly demonstrated by the litany of digital disasters, including the hacks of SolarWinds, the Office of Personnel Management, Equifax and Sony. The reality is that the U.S. government and private companies both underinvest in cybersecurity. Effective defense is a collective effort, but agencies and companies are often clueless and defenseless when it comes to countering the intrusions of countries like Russia, China or Iran.

In recent years, there have been suggestions that the United States might explore international agreements by which nations would agree to put constraints on cyberwarfare and espionage. But this idea isn’t really taken seriously. There’s a sense that rules are written by those with the biggest guns — that is Washington — can unilaterally impose global cyberorder.

The SolarWinds hack lays waste to that notion. Confidence that the United States possesses a monopoly on cyberweapons borders on hubris. Even though federal agencies do possess some of the greatest cyberespionage and warfare tools and talent on the planet, the playing field is disturbingly even.

Unlike nuclear weapons, or even sophisticated conventional arms, powerful cyberweapons are cheap to produce, proliferate with alarming speed and have no regard for borders. Unable to match the United States in military spending, Russia, China, Iran and even North Korea view cybertools as a great equalizer. Why? Because the United States is singularly vulnerable to cyberattack: America is more reliant on financial, commercial and government networks than our adversaries, and, at the same time, our systems are frighteningly open and vulnerable to attack. American networks represent targets for our adversaries that are simply too soft, juicy and valuable to resist.

So, does the United States give up and do nothing? Of course not.

First, the United States should recognize that it has entered an age of perpetual cyberconflict. Unlike conventional wars, we cannot end this fight by withdrawing troops from the battlefield. For the indefinite future, our adversaries, large and small, will test our defenses, attack our networks and steal…


The Russian Hackers Playing ‘Chekhov’s Gun’ with U.S. Infrastructure – Homeland Security Today

Over the last half a decade, Russian state-sponsored hackers have triggered blackouts in Ukrainereleased history’s most destructive computer worm, and stolen and leaked emails from Democratic targets in an effort to help elect Donald Trump. In that same stretch, one particular group of Kremlin-controlled hackers has gained a reputation for a very different habit: walking right up to the edge of cybersabotage—sometimes with hands-on-the-switches access to US critical infrastructure—and stopping just short.

Last week the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well as aviation sector targets. The hackers breached the networks of at least two of those victims. The news of those intrusions, which was reported earlier last week by the news outlet Cyberscoop, presents the troubling but unconfirmed possibility that Russia may be laying the groundwork to disrupt the 2020 election with its access to election-adjacent local government IT systems.

In the context of Berserk Bear’s long history of US intrusions, though, it’s much harder to gauge the actual threat it poses. Since as early as 2012, cybersecurity researchers have been shocked to repeatedly find the group’s fingerprints deep inside infrastructure around the globe, from electric distribution utilities to nuclear power plants.

Read more at WIRED

(Visited 1 times, 1 visits today)


The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure

In 2017, Symantec discovered the same hackers carrying out a more targeted set of attacks against US energy sector targets. At the time, the security researchers described it as a “handful” of victims, but Thakur now says they numbered in the dozens, ranging from coal mining operations to electric utilities. In some cases, Symantec found, the hackers had gone so far as to screenshot control panels of circuit breakers, a sign that their reconnaissance efforts had gone deep enough that they could have started “flipping switches” at will—likely enough to cause some sort of disruption if not necessarily a sustained blackout. But again, the hackers appear not to have taken full advantage. “We did not see them turning off the lights anywhere,” he says.

Six months later, in February of 2018, the FBI and DHS would warn that the hacking campaign—which they named Palmetto Fusion—had been carried out by Russian state-sponsored hackers, and also confirmed reports that the hackers’ victims had included at least one nuclear power generation facility. The hackers had gained access only to the utility’s IT network, though, not its far more sensitive industrial control systems.

Going Berserk

Today Berserk Bear is widely suspected of working in the service of Russia’s FSB internal intelligence agency, the successor to the Soviet-era KGB. CrowdStrike’s Meyers says the company’s analysts have come to that conclusion with “pretty decent confidence,” due in part to evidence that aside from its foreign infrastructure hacking, Berserk Bear has also periodically targeted domestic Russian entities and individuals, including political dissidents and potential subjects of law enforcement and counterterrorism investigation, all in line with the FSB’s mission.

That’s a contrast with other widely reported state-sponsored Russian hacking groups Fancy Bear and Sandworm, who have been identified as members of Russia’s GRU military intelligence agency. Fancy Bear hackers were indicted in 2018 for breaching the Democratic National Committee and the Clinton campaign in a hack-and-leak operation designed to interfere with the 2016 US presidential election. Six alleged members of Sandworm were indicted by the US…