This editorial is brought to you by a former Chief of Police and current staff writer for Law Enforcement Today.
WASHINGTON, DC- Feckless Energy Secretary Jennifer Granholm, who last month laughed off the cyberattack that shut down the Colonial Pipeline by saying people with electric cars didn’t have to worry about it, is now claiming that the U.S. is subject to having its power grid disabled by foreign actors.
While Joe Biden says “white supremacy” is the greatest threat facing the American people, you have China and Russia rattling sabers, including Russian assets being responsible for the ransomware attack on Colonial. Now this warning from Granholm.
“I think that there are very malign actors who are trying,” she said, according to ABC News. “Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally.”
With all of this going on, you have Democrats in Congress more concerned about solidifying their power in perpetuity, attacking law enforcement officers, and putting a revolving door at the border. Priorities, apparently.
Granholm addressed the recent Colonial attack and while not mentioning that company by name, discouraged energy companies from paying any type of ransom.
“The bottom line is, people, whether you’re private sector, public sector, whatever, you shouldn’t be paying ransomware attacks, because it only encourages the bad guys,” she said.
She of course offered no solutions, nor did she say what, if anything the federal government was doing to prevent such attacks. As always, Granholm mentioned legislation…but not against those who actually commit the crime.
What she did favor is a law that would prohibit companies from paying such a ransom, adding, “I don’t know whether Congress or the president is at that point.”
Granholm was asked if bad actors currently have the capability of shutting down the U.S. power grid, to which she responded, “Yes, they do.”
Former Secretary of State Condoleeza Rice, appearing on CBS’ Face the Nation, said the U.S. as well as other countries should speak to countries such as Russia, which is where the ransomware attack at least on Colonial was believed to have originated, about how the countries could cooperate on a law enforcement and intelligence perspective to shut such attacks down.
This, Rice said would “test the reality of how much the Russian government is or is not involved” in these cyberattacks.
As always, one needs to pay attention to what the other hand is doing while the government attempts to distract you with the “shiny” object in the other. Granholm’s comments could be nothing more than trying to get Americans ginned up about a possible attack on the electric grid in order to offer a distraction as to what else they have going on.
Meanwhile, the Justice Department and the FBI announced Monday they had been able to seize 63.7 bitcoins (worth about $2.3 million at the time) from a Bitcoin wallet which is believed to be tied into the cybercriminals who instituted the ransomware attack on Colonial, the Washington Examiner reported.
Do you want to join our private family of first responders and supporters? Get unprecedented access to some of the most powerful stories that the media refuses to show you. Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories. Click to check it out.
The Russia-based group, called DarkSide operates off such attacks as a business model. The fact the money was recovered in less than a month came as a surprise to many, shocked that it was recovered at all.
While details of the recovery effort are mostly unclear, the Examiner noted that one puzzling question is how the FIB was able to obtain the “private key” used to unlock and pull assets from DarkSide in the first place. Such keys are similar to passwords and are typically closely guarded especially where it concerns such large sums of money.
After the seizure was announced, cryptocurrency markets took a beating, with Bitcoin falling off below 10% Tuesday. Bitcoin had largely been seen as a way to shield money from government regulators and the fact the FBI was able to get into the system shook many crypto investors, the Examiner said.
There are several theories as to how the feds were able to get the information, with April Falcon Doss, executive director of the Institute for Technology, Law and Policy at Georgetown Law School saying some were more plausible than others.
For example, Doss, who worked for over ten years at the National Security Agency said the most likely theory is that the individual or group who had possession of the crypto funds was using what is referred to as a “hot wallet,” or in other words one that was connected to the internet.
She also noted that one of those involved in the attack may merely have used poor judgment on security and passed the private key through channels the FBI was able to conduct surveillance on.
“More sophisticated cybercriminals are not going to leave funds on an exchange with a hot wallet,” she said.
She said, however that if someone in the group of cybercriminals were “less sophisticated,” they could have erred and put the money in the so-called hot wallet during a series of transactions.
In an affidavit, the FB I said it used something called a “blockchain explorer” to examine the public Bitcoin ledger in order to track down where payments went and how the Bitcoin was moved among various addresses across several transactions. The FBI then was able to trace the funds that ended up in a singular address on May 27, where it stopped moving.
The cybercriminals moved the money around to various addresses in an attempt to cover their tracks in a move similar to money laundering, Bloomberg said. The blockchain explorer helped the FBI track the money along the way.
Another theory is that since DarkSide was already known to law enforcement prior to the cyberattack, the FBI could have possibly had some members already under surveillance.
Finally, another and probably less likely scenario is that someone involved in the ransomware attack or in DarkSide tipped off the FBI.
“All the buzz is around how the FBI did this, and not surprisingly, the FBI is keeping mum because whatever investigative tools and techniques they used, they certainly will want to be able to use those in future cases,” Doss said.
She also noted that the best way to determine how the FBI was able to retrieve Colonial’s money will come over the next several months if similar incidents lead to FBI success.
“Then we’ll start having a better idea whether this was sort of a lucky accident or something that they can replicate in other ransomware incidents,” she said.
The DOJ recently announced they have formed a task force, Ransomware and Digital Extortion Task Force to crack down on such groups and affiliates. Sarah Kreps, director of the Cornell Tech Policy Lab told the Washington Examiner she thinks the formation is a “meaningful step” in preventing future attacks.
Kreps said the fact the FBI was able to seize the ransom paid by Colonial Pipeline might give other bad actors pause in engaging in future ransomware attacks. She noted the quick recovery might help in the fight against such attacks, since in many cases the hacker has advantage over the victim and the quick recovery shows that victims of such attacks may not necessarily be defenseless.
Flashback to January – Terror threat: Hacking groups looking to take down power grid in America
Editor note: This article was originally published on January 12, 2020 on Law Enforcement Today. In light of the massive and unprecedented cyber attack targeting U.S. government and private networks, we thought it was worth revisiting. Especially given this:
“One estimate is that within a year or so, two-thirds of the United States population would die.
The other estimate is that within a year or so, 90% of the U.S. population would die. We’re talking about total devastation. We’re not talking about just a regular catastrophe.”
Here is the original article.
WASHINGTON, D.C.- A new report shows that at least three hacking groups have the ability to interfere with or take down power grids across America. And the results would be catastrophic.
Cyber security company Dragos said the number of cyber-criminal operations targeting electricity and other utilities is rapidly rising, and the timing seems to coincide with the political and military tensions in the Gulf.
“The threat landscape focusing on electric utilities in North America is expansive and increasing, led by numerous intrusions into ICS networks for reconnaissance and research purposes and ICS activity groups demonstrating new interest in the electric sector,” the report warned.
The comments were made in the North American Electric Cyber Threat Perspective report.
They said there are currently seven groups being tracked by security researchers.
All of them are targeting electrical facilities in North America, and the report said three of these have proven they can “infiltrate or disrupt” electrical power networks.
The company Dragos doesn’t identify which countries or cyber-criminal groups could be behind these attacks.
But they have detailed three different operations that show evidence of disruption capabilities: Xenotime, Dymalloy and Electrum.
According to the report, Xenotime is the hacking group behind the Triton cyberattack that disrupted oil and gas facilities in Saudi Arabia in 2017.
It’s an attack that targeted Triconex safety controllers. In the report, researchers said that “represented an escalation of ICS attacks due to its potential catastrophic capabilities and consequences”.
The threat hasn’t gone away, they say – it’s gotten worse. The group has apparently expanded activity to include electric facilities in North America, alongside utilities across Europe, Australia and the Middle East.
Time and time again, they’ve shown they can “access, operate, and conduct attacks in an industrial environment and Dragos believes the group capable of attacks against US-based systems”.
The second group is called Dymalloy, and is described as a “highly aggressive and capable activity group”. They’ve got the proven ability to “achieve long-term and persistent access to IT and operational environments for both intelligence-gathering and possible disruption”.
The group has demonstrated successes in hacking campaigns across Turkey, Europe and North America, and is believed to have links to the Dragonfly hacking group.
The third big threat is a group called Electrum, which is also described as “capable of developing malware that can modify electric equipment processes” and ICS protocols.
In the past, their attacks mostly focused on Ukraine – and caused huge power outages during the winter.
They’re recognized as being well-resourced.
Dragos included in their report an urgent warning that the group is capable of physically disruptive events.
“North American electric utilities should consider Electrum to be a serious threat,” they warn.
When President Trump signed an executive order to protect America’s electric grid and other infrastructure against an electromagnetic pulse (EMP), it received very little media coverage.
But with the growing threat from Iran, it’s a conversation we need to be having. Because if the grid were to be taken out by either an EMP or through wide-spread cyberattacks, the results would be catastrophic.
In 2015, Sen. Ron Johnson (R- Wisconsin) said that there’s “100% certainty” that a large electromagnetic pulse (EMP) or geomagnetic disturbance (GMD) event would hit at some time in the future.
He also said that when it happens, as many as 9 out of 10 people in the U.S. could die.
At the time, Johnson was chairman of the U.S. Senate Committee on Homeland Security & Governmental Affairs.
He asked a series of questions to witnesses testifying on Capitol Hill before his committee.
Among them was a question directed at R. James Woolsley, then chairman of the Foundation for Defense of Democracies and former director of the Central Intelligence Agency. He wanted to know what would happen to society if the electrical grid were to be down for an extended period of time, such as a year or two.
Here was Woolsley’s response:
“It’s briefly dealt with in the commission report of . There are essentially two estimates on how many people would die from hunger, from starvation, from lack of water, and from social disruption. One estimate is that within a year or so, two-thirds of the United States population would die.
The other estimate is that within a year or so, 90% of the U.S. population would die. We’re talking about total devastation. We’re not talking about just a regular catastrophe.”
The scary truth is that a nuclear EMP attack or cyber warfare from Russia, China, North Korea, Iran, or other adversary is an existential threat to the United States. Not only that, but it’s actually part of the military doctrines of Russia, China, North Korea, and Iran.
Here’s what it would mean.
A first-strike EMP attack would disrupt command, control, and communications for America’s military along with almost all of the supporting critical infrastructures.
And although our strategic nuclear forces are protected against being hit with the impact of an EMP, the truth is that most other military and civilian equipment remains vulnerable.
Even domestic military bases ultimately depend on the commercial electric grid for their water and power. And the fact remains that the grid is almost completely unprotected against EMP.
Countries like Iran don’t believe in “mutually assured destruction” – they believe that by taking down a nation’s ability to command and control its military and civilians would help ensure that a retaliatory strike is difficult to achieve.
If you’re not familiar with what an EMP attack is, it would involve a nuclear device being exploded high in the atmosphere, leaving no blast, radiation, thermal or local fallout on the ground.
Yet it would kill many more people than a ground-level nuclear attack. That’s because without electricity, most people would starve or die of disease.
If the attack were to happen, high intensity ultra-fast (E1) pulses would destroy the electronics, switches, and control systems on which essentially all critical infrastructures depend.
LET has a private home for those who support emergency responders and veterans called LET Unity. We reinvest the proceeds into sharing untold stories of those patriotic Americans. Click to check it out.
We’re talking about the electric grid, gas and oil pipelines, the internet and telecommunications systems and most modern cars being completely disabled, creating a blackout lasting months or years.
It’s been proven to be effective.
In 1962, we saw just that with the Starfish Prime test.
It was a high altitude nuclear explosion that took out communications and street lights in Hawaii some 900 miles away. And that was LONG before we had the type of electronic infrastructure and internet that we are blessed with today.
The truth of it is that in the age of advanced technology that we live in today, a cyberattack of any kind could be detrimental to our livelihoods.
Of course we all keep tabs on what we can mostly control at the individual level, like wifi, but what about the bigger fish? What about the community reliance on our electricity?
Our nation’s electric grid is, put simply, a sitting duck. It’s just floating along, licking its feathers or whatever ducks do. Waiting for a hunter to come shoot it and cook it for dinner.
The hunter in this scenario is, of course, terrorists.
They know how much Americans rely on technology for day-to-day living locally, as well as nationally. Being on the west coast, if my wifi went out, I might have to wait 3 or 4 full days to hear the latest on what’s happening in DC. Like a Neanderthal!
All joking aside, it really is a serious threat, especially given our Department of Energy (DOE) relying on information that sometimes dates back to the 1980’s when implementing the assessment of electric grid security.
The assessments were sufficient for that time period, but times have changed: Our population as vastly expanded. Our technological needs have grown. And so have our enemies’.
Earlier this week, the Federal Depository Library (yes, that’s actually a thing) was said to have been hacked by a pro-Iranian group, or by Iranians themselves.
The website showed the bloody head of President Trump with a fist smashing into it, representing Iran based on the sleeve insignia. One message on the site said this was only “a small part of Iran’s cyber ability.”
The FDL was the only part of the US Government Publishing Office to be affected and it has since been shut down.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security took the incident as an opportunity to remind organizations and citizens that “in these times of increased threats,” they should “increasingly monitor their sites for cyberattacks, back up data and use multi-factor authentication to protect account and login information.”
Texas Governor Greg Abbott said yesterday that his state’s Department of Information Resources (DIR) has fielded approximate 10,000 cyberattacks from Iran.
Read that again.
These attacks had started increasing in the last 48 hours before he made the announcement.
So far there hasn’t been any successful attempts as far as the department knows. Executive Director of the DIR, Amanda Crawford said:
“We have no way of knowing whether anything is government-based or not, or government-sanctioned. What we’re doing is scanning on our state networks, and we can see where attacks are coming from.”
Governor Abbott warned:
“It’s very important that everybody be particularly vigilant right now about what may happen out of Iran.”
He said that a successful hacking into the DIR could bring with it compromised data and/or the shut down of state agency websites.
Well done, Texas, for curbing these cyberattacks in your region.
However, at the national level, we are still vastly vulnerable. The Government Accountability Office (GAO) has reported that the Department of Energy doesn’t have a truly national strategy to be able to confront possible cyberattacks that could strike the electric grid, leaving it as vulnerable as that duck.
Last year, the U.S. Director of National Intelligence office released a report called the Worldwide Threat Assessment of the US Intelligence Community. According to the report, “nation-states such as Russia, criminal groups and terrorists pose the most significant and current cyberthreats to U.S. critical infrastructure. Hackers and hacktivists, as well as malicious insiders, also pose significant risks to the U.S. power grid as well.”
Remote access has made our system more vulnerable to attacks. Clearly, someone, or 10,000 someones per minute, in Iran has shown a desire to cyberattack our nation. If attacks escalate, they are likely to go after our power grid.
If hackers (Iran or otherwise) are successful with their attacks, there could be massive power outages. Just to be clear, I’m not talking about a few hours where you can’t watch TV in your house, you miss a hot shower, and you have to treat traffic lights like stop signs.
I’m talking about lengthy, painful power outages where civilization as we know it is chaotically interrupted.
What would an outage of this magnitude look like?
Stores would have to shut down because, well, they wouldn’t have any power. They couldn’t accept credit cards. They couldn’t reorder food and supplies on the phone or online.
And if there’s anything I’ve learned from working the streets of Oakland, CA, it’s that when stores are forced to board up for any period of time (due to natural disasters, riots, or power outages), they will get looted.
Police would have to deal with them, or just make sure the good citizens stay away from their pillaging because there wouldn’t be anywhere to take the criminals anyway.
People would freak out. They would be worrying about their families, their food supply, their safety. They would go to the police for answers, and when the police don’t have any, people would take to the streets.
I don’t mean to make it sound all doom-and-gloom, but people just wouldn’t know what else to do; they’d be scared. Aside from looting stores, some would turn to looting their neighbors, attempting to survive over them.
Police would not be able to keep up with the amount of looting and theft. They wouldn’t be able to keep people safe.
Phone and cell services would be interrupted. Schools wouldn’t be open. Communities would run out of gas. With the size of our cities and the understaffed levels of police departments, how are police supposed to respond to calls for help with no gas for their vehicles?
Police would still show up. They’d still be there for their communities. It would likely be unpaid since there wouldn’t be any access to money other than what the banks keep in the vault. And even then, what would they do with that money anyway?
Listen, I’m not trying to get all crazy, conspiracy theory, the-world-is-ending-so-every-man-for-himself on you.
It’s just realistic, and it shows the amount of damage that Iran or other terrorists could do to our country with one triumphant attack to our power grid.
All it takes is one time. One EMP. One successful hacking. One cyberattack to do the damage intended, and our whole country is knocked on its proverbial ass.
The nation of Iran is trying to get that one “win” in order to do just that. It’s trying 10,000 times per minute.
Want to make sure you never miss a story from Law Enforcement Today? With so much “stuff” happening in the world on social media, it’s easy for things to get lost.