Russians said to target U.S. power grid
WASHINGTON — State-sponsored Russian hackers appear far more interested in demonstrating that they can disrupt the U.S. electric utility grid than the midterm elections, according to U.S. intelligence officials and technology company executives.
Intelligence officials said they have seen little activity by Russian military hackers aimed at either major U.S. political figures or state voter registration systems, other than attempts to infiltrate the online accounts of two Senate Democrats up for re-election.
By comparison, according to intelligence officials and executives of companies that oversee the world’s computer networks, far more effort has been directed at implanting malware in the electrical grid.
The officials spoke on the condition of anonymity to discuss intelligence findings, but their conclusions were confirmed by several executives of technology and technology security firms.
The Department of Homeland Security recently reported that over the past year, Russia’s military intelligence agency has infiltrated the control rooms of power plants across the United States.
In theory, that could enable it to take control of parts of the grid by remote control.
While the department cited “hundreds of victims” of the attacks, far more than it had previously acknowledged, there is no evidence that the hackers tried to take over the plants, as Russian actors did in Ukraine in 2015 and 2016.
In interviews, U.S. intelligence officials said that the department had understated the scope of the threat.
So far, the White House has said little about the intrusions other than that the U.S. must maintain old coal plants in case they are needed to recover from a major attack.
On Friday, President Donald Trump was briefed on government efforts to protect the coming midterm elections from what a White House statement described as “malign foreign actors.” It said it was giving cybersecurity support to state and local governments to protect their election systems.
“The president has made it clear that his administration will not tolerate foreign interference in our elections from any nation state to other malicious actors,” the statement said.
But that has not completely deterred Russia’s intelligence agencies from targeting politicians.
Microsoft announced at a security conference earlier this month that it had stopped an attack last fall aimed at Senate staff offices.
While the company did not identify who was targeted, Sen. Claire McCaskill, D-Mo., who faces a tight race for re-election, said Thursday night that her office had been the focus of what she called an unsuccessful attack.
She acknowledged the breach only after The Daily Beast identified her as one of the lawmakers whose offices had been the target of an effort to obtain passwords.
“Russia continues to engage in cyberwarfare against our democracy,” McCaskill said in a statement. “While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated.”
U.S. officials said it was unclear whether the attack was related to McCaskill’s re-election bid.
She serves on the Senate Armed Services Committee, and one senior official said it was possible that the hackers were seeking a way into the panel’s access to classified military operations and budgets.
Officials of Microsoft, which detected the intrusion in October and November, agreed.
“When we see an attempt like this, we have no way of discerning what the attacker’s motivation is,” Tom Burt, the vice president for customer security and trust at Microsoft, said Friday.
McCaskill was one of two legislators whose offices Microsoft found were being targeted by the Russian hackers; the company has declined to name the other.
Burt initially said at this month’s Aspen Security Forum that three members of Congress had been targeted, but he said Friday that the many accounts that were targeted now appear to have belonged to employees from only two legislative offices.
Microsoft blocked the attacks with a special court order that allowed it to seize control of Internet domains created by Russians that appeared to be official Microsoft sites but were not. The company has used that procedure at least three times against hackers who are linked to Russian military intelligence.
In the cases described by the Department of Homeland Security, as presented to the electric utilities and outside experts, the Russian hackers went into the power plants through the networks of contractors, some of whom were ill-protected. Those contractors provided software to utility company systems. Then the hackers used “spearphishing” emails, trying to trick utility operators into changing their passwords.
That is exactly the approach used against McCaskill’s staff members, the officials said.