Stories
Slash Boxes
Comments

SoylentNews is people

US Injected Malware in Russian Infrastructure

posted by martyb on Monday June 17 2019, @06:00AM   Printer-friendly
from the not-the-pandora-box-again dept.

quietus writes:

"We will impose costs on you until you get the point." (National Security Advisor John Bolton, Wall Street Journal conference, Tuesday June 11)

Since at least 2012, the United States has been injecting malware into the control systems of the Russian electricity grid, reports the New York Times.

While the campaign originally started as a reconnaissance mission, it became more aggressive under new authorities granted to United States Cyber Command.

As a result, under a "defend forward" policy,

American strategy has shifted more toward offense ... with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before.

The new authorities can be found in two documents, the National Security Presidential Memoranda 13 (classified) and the John S. McCain National Defense Authorization Act, in which

Congress affirms that the activities or operations referred to in subsection (a), when appropriately authorized, include the conduct of military activities or operations in cyberspace short of hostilities (as such term is used in the War Powers Resolution (Public Law 93-148; 50 U.S.C. 1541 et seq.)) or in areas in which hostilities are not occurring, including for the purpose of preparation of the environment, information operations, force protection, and deterrence of hostilities, or counterterrorism operations involving the Armed Forces of the United States.

These activities are now considered a routine matter, for which only Secretary of Defense approval is needed. With section (c) of SEC. 1632. of the Act specifying that the "clandestine military activity or operation in cyberspace shall be considered a traditional military activity", the Secretary is not even required to brief the President.

One can't help to think of a couple of other milestones targeting power networks: stuxnet (2009), the Ukraine power grid attacks of 2015, 2016, 2017 and 2018 involving Industroyer (2016) and note that, ultimately, such attacks did not remain restricted to the original target area.

Original Submission

 
This discussion has been archived. No new comments can be posted.
US Injected Malware in Russian Infrastructure | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by khallow on Tuesday June 18 2019, @12:21PM (2 children)

    by khallow (3766) Subscriber Badge on Tuesday June 18 2019, @12:21PM (#856943) Journal

    a cyber attack

    What makes this a "cyber attack"? I guess we have a target, but what harm has been done to the target? Once again, I return to my earlier observation. You need to have harm, not merely some uncomfortable feeling of insecurity come of this.

  • (Score: 2) by quietus on Tuesday June 18 2019, @09:40PM (1 child)

    by quietus (6328) on Tuesday June 18 2019, @09:40PM (#857186) Journal

    Excellent question. There does not seem to be a commonly accepted definition yet, either. Even the term cyber threat seems not clearly defined, though DDoS, malware and disinformation operations are mentioned.

    NATO Review however, in a historical timeline of cyber attacks [nato.int], mentions that in 2007, the US Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders as part of a larger series of attacks to access and exploit the Pentagon's networks. In that same year, spywares were found in the computers of classified departments within China Aerospace Science & Industry Corporation.

    In Summer 2008, the databases of both Republican and Democratic presidential campaigns were hacked and downloaded by unknown foreign intruders. In August of that year, computer networks in Georgia were hacked by unknown foreign intruders around the time that the country was in conflict with Russia. Graffiti appeared on Georgian government websites. There was little or no disruption of services but the hacks did put political pressure on the Georgian government and appeared to be coordinated with Russian military actions.

    All of the above should apparently be considered as 'cyber attacks', even if no direct, obvious, harm was done.

    Interestingly, a 2016 NATO document [nato.int] defines a couple of types of cyber attack as follows:

    Two main types of cyberattack are particularly relevant in considering NATO’s role on the cyber stage. First, cyber-enabled espionage – whether at the strategic or operational level – can compromise the confidentiality of information and information systems, potentially giving away secrets and sensitive information to adversaries. Second, cyber-enabled sabotage can have important physical ramifications, especially when infrastructures such as energy or transportation networks are targeted or where data is manipulated to confuse the target and undermine command and control decision making.

    It might be moot, though, what we, or NATO, think about this: what is important is what the purported target thinks about breaking, entering and installing malware on their power networks.

    This is what apparently Russian military doctrine [eng.mil.ru]'s definition is of information war:

    Information War is the confrontation between two or more states in the information space with the purpose of inflicting damage to information systems, processes and resources, critical and other structures, undermining the political, economic and social systems, a massive psychological manipulation of the population to destabilize the state and society, as well as coercion of the state to take decisions for the benefit of the opposing force.

    I put that last part in bold, as you will agree that having the power to send back a nation to the 1800s at the flick of a switch, from thousands of miles away ... is unacceptable to any other nation.

    • (Score: 1) by khallow on Wednesday June 19 2019, @12:36PM

      by khallow (3766) Subscriber Badge on Wednesday June 19 2019, @12:36PM (#857412) Journal

      I put that last part in bold, as you will agree that having the power to send back a nation to the 1800s at the flick of a switch, from thousands of miles away ... is unacceptable to any other nation.

      So what? How should one respond to that? Let the nukes fly? Or respond in kind?