The overriding U.S. intelligence consensus (despite what President Trump still insists) is that Russia interfered with the U.S. election in an effort to ensure a Trump victory. In early June, reports surfaced that indicated more Russian shenanigans, this time involving attempts to map the telecommunications infrastructure throughout the U.S. And on the eve of Trump’s first face-to-face meeting with Russian President Vladimir Putin, the New York Times is reporting that hackers — who possibly hail from Russia — have been targeting U.S. nuclear facilities since (at least) May.
The NY Times cites an “urgent joint report” (of the amber variety, which is the 2nd highest possible) from the FBI and Homeland Security. The document details the hacking of one targeted facility, Wolf Creek Nuclear Operating Corporation in Kansas. The hacking doesn’t appear to have breached any “operations systems” to control the facilities themselves but did breach administrative networks. However, the true hacking goal remains elusive. That is, the hackers could have been engaging in either espionage (of industrial secrets) or — even worse — a means to plot destruction. What is clear is that the hackers were attempting to map out the facilities’ networks:
The hackers appeared determined to map out computer networks for future attacks, the report concluded. But investigators have not been able to analyze the malicious “payload” of the hackers’ code, which would offer more detail into what they were after.
The report does not draw conclusions of the countries where the hackers may have originated. However, the attacks appear to have been government sponsored (from the “‘active persistent threat’ actor” language used to describe those responsible). Not only that, but sources with knowledge of the ongoing investigation revealed to the NY Times that “Energetic Bear” (a known Russian hacking group) uses the same sort of hacking techniques as those revealed in the joint report.
While the FBI told the NY Times that they believe that this hacking presents no current danger to the public, other unsettling details surfaced from the report. This would include email messages from the hackers to individuals with access to critical facility systems, and the messages would contain fake resumes or other documents that contained malicious code to retrieve user login credentials and spread throughout the network. As it stands, the investigation prompted by the joint F.B.I. and Homeland Security report has only just begun, and more information is sure to be on the horizon.
(Via New York Times)