Someone is hacking US electrical generating plants, and the chief suspect is Russia.
Hackers wrote highly targeted emails messages containing fake résumés for control engineering jobs and sent them to the senior industrial control engineers who maintain broad access to critical industrial control systems, the government report said.
The fake résumés were Microsoft Word documents that were laced with malicious code. Once the recipients clicked on those documents, attackers could steal their credentials and proceed to other machines on a network.
In some cases, the hackers also compromised legitimate websites that they knew their victims frequented — something security specialists call a watering hole attack. And in others, they deployed what are known as man-in-the-middle attacks in which they redirected their victims’ internet traffic through their own machines.
It appears, however, that control systems for the plants were not accessed. Common practice is to separate the control systems from anything connected to the internet.
Russian hackers actually have taken down parts of the Ukrainian electrical grid, so this is a real danger. It is the kind of thing one president might warn another president against doing, as President Barack Obama did President Putin last fall about the Russian interference with the election. Somehow, I don’t think this will be on the agenda for tomorrow.
CNN renews a story that’s been around for a while of throngs of Russian spies entering the country in place of Afghan girl robotics experts. Seems to be easy enough for the Russians to get visas and wander around uninhibited, mapping power lines and other points of interest.
Tonight Rachael Maddow said that numerous journalists have had skillfully forged documents supposedly on the Russia connection. Presumably the purpose is to discredit the organizations dumb enough to use them. All the surviving Nixon dirty tricks partners seem to have joined up with Trump, so it’s entirely possible that they are responsible for the documents.
Someone “shopping carefully forged documents” to news organizations of @realDonaldTrump campaign collusion with #Russia, says @maddow.
— Steve Herman (@W7VOA) July 7, 2017
Anyhoo, tomorrow the two presidents meet. From what I’ve seen, it will just be Trump and Tillerson, Putin and Lavrov, and their interpreters. At least I hope the US team has their own interpreters. Apparently no note-takers, though.
Total government experience in the room?
Russia: 80+ years
US: Less than 12 months https://t.co/RTE5Q6Dzy4
— Ivo Daalder (@IvoHDaalder) July 6, 2017
And open thread.
rikyrah
Pitiful??
Adam L Silverman
@rikyrah: Dangerous actually.
Omnes Omnibus
Oddly, the same is true of voting machines.
Omnes Omnibus
Back on topic, this kind of stuff makes me want to beat my head against brick walls or unretire from rugby.
SoupCatcher
Given the expectation that Trump will trade Alaska back to Russia, and that he usually manages to do worse than expected, I’m going to miss Fort Ross.
Yarrow
Wonder what Putin will ask/require Trump to do to keep the kompromat from becoming public.
Smiling Mortician
I’m leaving the country soon for a couple of months. Seriously wondering what, if anything, I’ll come back to.
Omnes Omnibus
@Yarrow: In the previous thread, I called give back Alaska.
Cheryl Rofer
oldster
“Tonight Rachael Maddow said that numerous journalists have had skillfully forged documents supposedly on the Russia connection.”
Yup. This is how Rove neutralized the Texas Air National Guard story that had the potential to hurt Bush.
Spread fake documents, even if they give the true account. Then muddy the waters and discredit the investigators by showing that they are fake. Anyone here old enough to remember “kerning”?
I’m glad Rachel and her gang are savvy to it.
Kraux Pas
It seems to me that creating fake documents to throw people off the trail and discredit investigators and journalists is every bit as scandalous as what they’re trying to hide. This fits Trump’s MO. Very similar to his threats to reveal secret tapes of Comey meetings that turned out to not exist.
glory b
@Smiling Mortician: Take us with you?
You’ll notice I didn’t ask where you are going.
wag
can we talk some more about The Princess Bride instead of talking about trump. My psyche can’t take this f***ed up reality show that we’re living through.
Omnes Omnibus
@wag: Step down a thread.
Omnes Omnibus
@Smiling Mortician: You may leave here for four days in space, but when you return it’s the same old place.
Yarrow
@Omnes Omnibus: Seems to be a popular option.
My guess is more pedestrian–giving back the compounds. I’m thinking something that will make Trump look (even more) ridiculous may also be in order. Whatever they have on him must be really juicy.
Omnes Omnibus
@Yarrow: Aaaaaaaaaaaaaaaaaaaarrrrrrrrrrrrrrrrrrrggggggggggggggggggggggggghhhhhhhhhhh!
randy khan
@wag:
As you wish.
Tissue Thin Pseudonym
Oh, hey, I work security for a bunch of electricity generating plants. Not anything to do with the IT end of things, but more protecting the physical security perimeters. So this is good t know.
Omnes Omnibus
@Tissue Thin Pseudonym: It was nice (virtually) knowing you, old boy.
Mnemosyne
@oldster:
Yup. IIRC, it’s one of Rove’s oldest tricks. He was pulling this shit back in college.
Yarrow
@Omnes Omnibus: Yep.
@Tissue Thin Pseudonym: Have they sent out any memos about it yet? Seems like those in charge might want to alert staff.
Omnes Omnibus
@Mnemosyne: Dems learn. Something that worked once is unlikely to work again.
BBA
I’m torn between “Russia is a nothingburger, they’re not behind the hacks but they like it just fine if we think they are” or “Russia is hacking us and doesn’t care whether we think so or not”
It’s just too damn obvious and if they were clever they wouldn’t be leaving such footprints…UNLESS…
trollhattan
@Tissue Thin Pseudonym:
My employer has generating, pumping-generating and pumping plants so hopefully is on this shit (not my sandbox). What concerns me is automation and remote control systems are all ad-ons and not integrated from the design phase. I’m imagining Scotty reporting “I’ll have to drive her from here, kap’n.” if things go pear-shaped.
Another Scott
@trollhattan: Yup. Everyone in industries like that needs to understand what happened with Stuxnet:
Clever beasty.
:-/
Cheers,
Scott.
Mnemosyne
@BBA:
Remember “The Monsters Are Due On Maple Street”?
The Russians are playing the role of the aliens in that episode.
Aleta
Thanks Cheryl.
Aleta
@Another Scott: Thanks.
mai naem mobile
Fuck Mitch McConnell. I hope the first electical grid down is Kentucky so he can answer to his constituents why he thought Putin was such an awesome man.
feebog
@mai naem mobile:
They have electricity in Kentucky?
cmorenc
@oldster:
This is among the reasons Special Counsel Mueller and his team are patiently taking their time making sure the evidence they have and will present is rock-solid and not the kind of forged rendition that Rove employed to discredit the credibility of the actual facts and anyone who tried to present them.
Smedley Darlington Prunebanks (Formerly Mumphrey, et al.)
I’m so sick of this shit. Hell, I can remember when Republicans didn’t kiss Russian dictators’ asses. Can we go back to those days? Really, what the fuck are they trying to do? Are they just selling off the country to Putin and his oligarch friends? I don’t get this.
In college, I took a class wherein the teacher told us a tale about Huey Long. He had some Black constituents come to him and complain that they couldn’t get work even in hospitals that served Black patients. They were understandably a little peeved about that, the Depression being on and all. So Long told them he’d take care of it, but that they should take care to watch what he did, and not what he said. So he went out and made a big stink about how white people were waiting on Black patients! The horror! And sure enough, before you could snap your fingers and wiggle your toes, the white workers were out on their asses and Black people had those jobs.
Anyway, the lesson stayed with me. Give heed to what people do, not what they say. And so far, a whole lot of Republicans have tut tutted about Russia and how worried they are, and how they wish Czar Manbaby would stop kissing Putin’s ass, but they haven’t done anything about it. Nothing. They had to be dragged against their will into even holding hearings about the meddling in the election. You can tell how seriously they take this shit by what they do, and what they’re doing isn’t too damned much at all. All I can conclude is that they just truly don’t give two shits. What else could the reason be?
Ruckus
@Smedley Darlington Prunebanks (Formerly Mumphrey, et al.):
Well…….. They could be fucking stupid. They could be evil. They could be being paid off by the russians, either the government or the oil barons. The could think (damn I can crack myself up sometimes) that they might get a payoff if I fuck over the US for russia. They could be wondering how nice it would be not to have to actually run for office, they just get to keep their easy peasy jobs for life.
I’m going with all of the fucking above. There may be more. I wouldn’t bet against it.
Yarrow
@Smedley Darlington Prunebanks (Formerly Mumphrey, et al.):
That they too are part of the Russia treason. Perhaps been recorded doing or saying some things they don’t want to get out. Perhaps there are records of lawbreaking activities. All it takes is for the senior leadership of the GOP to be caught up in the this Russian treason stuff and they’ll slow-walk the investigation as much as they can. They’re hoping they can thread the needle so someone else pays for the Russian treason and they get to walk away. I don’t think it’ll work like that for them, but that’s at least part of why they’re doing as little as possible. They’ll go down too and when the truth comes out and they know it.
Shalimar
@Yarrow: There was a report last week that Trump had asked his staff for “deliverables” for the meeting with Putin. No interest in what we would ask for in return. The compounds seem like the first item on a list that could get very long by the time that meeting is over. Maybe he will even trade Melania for several peeing hookers to be named later.
Zach
That’s weak security. Unencrypted gmail passwords weren’t accessible from the internet IIRC. Any system that can be accessed by blackmailing a handful of people is insecure; the hack was probably aimed at compromising the engineers. Then you hit with increasingly illegal asks until they’re shutting down whatever parts of the grid you want on command.
Zach
@Smedley Darlington Prunebanks (Formerly Mumphrey, et al.): “Hell, I can remember when Republicans didn’t kiss Russian dictators’ asses.”
One of the most depressing parts of this for me is realizing that (1) the Graham/McCain new Cold War rah rah crowd is actually very small and (2) it’s less scary than the stronger and more durable oposition with powerful folks such as Manafort and Dole being turned long ago… especially weird how Dole’s mostly escaped scrutiny since he was key in normalizing Trump pre-convention and securing the religious right coalition.
NorthLeft12
@Yarrow: I am finding it increasingly hard to understand why anyone would open an unsolicited email. I work at a chemical plant and we have been directed to forward any unsolicited emails to the IT Security group for review. And NOT, repeat, NOT to open them.
I’m sorry, but those engineers are dumbasses for opening them and are in need of serious retraining. A day with the IT group should ensure they never do something this stupid again.
Cheryl Rofer
@Zach: I agree that something like that was probably the objective. Or leaving malware on their computers that could be transferred if they use thumb drives from one to the other. I don’t know all the ins and outs of such things, including the security at the plants. But I wouldn’t be surprised if it needed updating. That could be a national initiative, maybe with the help of the NSA, but it would at least need funding and perhaps some other things from Congress. One more of the opportunity costs of electing The Orange One President and a bunch of granny-haters to Congress.
J R in WV
@NorthLeft12:
A
dayMonth with the IT group should ensure they never do something this stupid again.FTFY
Some people never learn! Others take a long time. The ones that take a while but get it eventually are the ones that shouldn’t get fired. Everyone else should find another line of work, without email, ever.
J R in WV
Also, great to see Steve Herman reporting. He’s a good reporter.
We were friends back in the day, he started with The AP here, and taught me how sushi is supposed to be done. Invited us to join him for Pink Floyd at OSU stadium.
Those were the days, my friend!
MomSense
Nothing to worry about here. So the Russians are hacking our nuclear power plants and trump is concerned with what concessions he can offer to Putin today. It’s all good because Rick Perry will keep us safe.
Chris
@BBA:
No, no, no, no, no. They want to leave footprints. They want to make sure everybody knows that they can do whatever the fuck they want in the United States and suffer no consequences for it. They want everybody to see them interfering in U.S. politics, economics, infrastructure, wev, as brazenly as possible, and they want everybody to see the Republicans covering for them for all they’re worth.
To half the foreign ministries and intelligence agencies that’re looking at this point, we barely even look like a sovereign nation anymore. We look like one of those Cold War era banana republics with a puppet government that’s happy to let its CIA or KGB handlers run amok. Every time the Russians are caught with their hand in a cookie jar, and Republicans immediately try to paper over it, it’s another neon light telling everyone who’s watching “the U.S. is no longer a reliable international partner, especially for those of you who were counting on it to be a partner against the Russians.” The specific action they’re taking, be it to the U.S. power grid or to the U.S. electoral machines, is almost meaningless next to that – what’s really important is that they be seen doing it and seen getting away with it.
That’s why the incessant Republican attempts to cover for Trump are, at the end of the day, probably the single most damaging part of this. That more than anything else is what tells anyone watching that the fix is in – because why wouldn’t they want to get to the bottom of this, especially knowing how obsessed and neurotic they are about national security in every other instance, unless they were all completely up to their eyeballs in this? And it drives home the point that this problem isn’t just with some orange weirdo who’ll be gone in a few years anyway, but with the entire American political class.
Grung_e_Gene
We are Trumputin you will be assimilated, resistance is futile.