A day after the FBI released details on Russian hacking activities within the United States, reports indicate that Burlington Electric in Vermont discovered malware connected to the Grizzly Steppe operation that may have ties to the 2016 presidential election. Earlier details indicated that the malware discovery may have uncovered meddling within the U.S. power grid, but the statement from the company made clear that the code was discovered on an unconnected device according to The Washington Post:
Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.
Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”
Statement from the Burlington utility, per that BFP story. pic.twitter.com/25cHENWh0a
— Eric Geller (@ericgeller) December 31, 2016
Along with Governor. Shumlin, Senator Patrick Leahy of Vermont released an official statement condemning the hack and highlighting the potential dangers of an actual hack on the power grid:
State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example. My staff and I were briefed by Vermont State Police Colonel Matthew Brimingham this evening. This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont and we do not take it lightly.
Some experts have questioned the validity of the discovery according to Engadget, with some claiming it is unclear what code was discovered on the laptop and that the reported malware could be the result of a “false positive or shared code.” Some were also quick to say that that any rush to blame Grizzly Steppe may be a mistake.
No one should be making any attribution conclusions purely from the indicators in the USCERT report. It was all a jumbled mess https://t.co/t4gJayv01i
— Dmitri Alperovitch (@DAlperovitch) December 31, 2016
https://twitter.com/dellcam/status/815043480741408768
Clearly, tensions are high at the moment, so any mention of hacking — especially connected to the nation’s utilities — will raise alarms. Russia has been connected to hacks against a nation’s power grid in the past, with recent hacks against Ukraine giving the fear a tangible example in action.
(Via The Washington Post / Engadget)