First  Prev  1  2  3  Next  Last
Post Reply Well This Is Scary.... Russian Malware Found In A Vermont Utility Laptop
36291 cr points
Send Message: Send PM GB Post
38 / F / Seireitei, Soul S...
Offline
Posted 1/1/17
The Burlington Vermont Electric Department, in Burlington, Vermont, the electric department that powers the biggest city in Vermont, reported on Friday that they found Russian malware in one of the laptops that the company uses.

http://www.cbsnews.com/news/states-reexamine-cybersecurity-vermont-alleged-russian-malware/

Now, this is pretty scary considering Vermont is a very small state and there isn't much here that if shut down would cause major issues around the country. I mean, I live in South Burlington, which is right next to Burlington and is powered by Green Mountain Power luckily, but all we really have around here is the big airport for our state where the Air Force base is and an Army base a little further away in Colchester that's pretty small and mostly used for training. Certainly not bases big enough for the Russians to waste their time with trying to shut down. Small practice for trying to hack into bigger systems perhaps?
11808 cr points
Send Message: Send PM GB Post
20 / M / Winnipeg, MB.
Offline
Posted 1/1/17
http://www.telegraph.co.uk/news/2016/12/31/russian-hackers-penetrated-vermont-electric-utility-report/

Here's a different link because I know some people are unconfident about cbs' legitimacy.
Posted 1/1/17

BlackRose0607 wrote:

The Burlington Vermont Electric Department, in Burlington, Vermont, the electric department that powers the biggest city in Vermont, reported on Friday that they found Russian malware in one of the laptops that the company uses.

http://www.cbsnews.com/news/states-reexamine-cybersecurity-vermont-alleged-russian-malware/

Now, this is pretty scary considering Vermont is a very small state and there isn't much here that if shut down would cause major issues around the country. I mean, I live in South Burlington, which is right next to Burlington and is powered by Green Mountain Power luckily, but all we really have around here is the big airport for our state where the Air Force base is and an Army base a little further away in Colchester that's pretty small and mostly used for training. Certainly not bases big enough for the Russians to waste their time with trying to shut down. Small practice for trying to hack into bigger systems perhaps?


Your state sound like the perfect place to hide something. Like that description raises my concern about what the military maybe is hiding in the area.
11291 cr points
Send Message: Send PM GB Post
13 / F / California
Offline
Posted 1/1/17


29433 cr points
Send Message: Send PM GB Post
48 / M / Пенсильвания, Рес...
Offline
Posted 1/1/17
Does this mean Russia has the right to toss out an American Diplomat every time Malware of American origins in found in Russian computers?
11808 cr points
Send Message: Send PM GB Post
20 / M / Winnipeg, MB.
Offline
Posted 1/1/17 , edited 1/1/17

Shishiosa wrote:

Does this mean Russia has the right to toss out an American Diplomat every time Malware of American origins in found in Russian computers?


Yes. They have the right to toss out diplomats for just about any reason they want. It's their country.
1695 cr points
Send Message: Send PM GB Post
34 / M
Offline
Posted 1/1/17 , edited 1/2/17
So someone at the electric department in Burlington was downloading porn and caught some malware so it's time to goto war? Logic wins again!
1235 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 1/1/17

BlackRose0607 wrote:

The Burlington Vermont Electric Department, in Burlington, Vermont, the electric department that powers the biggest city in Vermont, reported on Friday that they found Russian malware in one of the laptops that the company uses.

http://www.cbsnews.com/news/states-reexamine-cybersecurity-vermont-alleged-russian-malware/

Now, this is pretty scary considering Vermont is a very small state and there isn't much here that if shut down would cause major issues around the country. I mean, I live in South Burlington, which is right next to Burlington and is powered by Green Mountain Power luckily, but all we really have around here is the big airport for our state where the Air Force base is and an Army base a little further away in Colchester that's pretty small and mostly used for training. Certainly not bases big enough for the Russians to waste their time with trying to shut down. Small practice for trying to hack into bigger systems perhaps?


Wow, man it's not like a lot of hackers are from Russia and China, nope! Those 60k ssh logins a day aren't real.
21973 cr points
Send Message: Send PM GB Post
The White House
Offline
Posted 1/2/17 , edited 1/2/17
I'd bet 1000 CR points that laptop is using windows. They should have installed linux.
Posted 1/2/17 , edited 1/2/17

Rujikin wrote:

I'd bet 1000 CR points that laptop is using windows. They should have installed linux.


I'd raise that bet to 10000 CR points, that it was using a branch of UNIX (if it was an infrastructure or web server).
Most electrical grid systems in the US require a UNIX backbone. If this was an individual workstation, chances are it was due to poor security standards by their network administrator (regardless of the OS).

If it were a workstation, it just meant that they didn't really pay much attention to security policies internally. This tends to be an issue with small towns and the likes; their CTO will usually have a Linux/UNIX background but will have to suffice to use Windows or MacOS for workstations because Linux isn't user-friendly for most offices.
Linux has its fair share of rootkits and malware issues - never assume that just because you're not running in a closed source environment that you're safe from viruses, rootkits, and such.

Posted 1/2/17 , edited 1/2/17
Considering the myriad of ways to become infected with malware from, well, anywhere, I'm going to have to take a step back. Neither story links on this thread divulge any info on so much as the type of malware. I'm concerned that this malware case is an example of "jumping at shadows," or something.
Posted 1/2/17 , edited 1/2/17

aeb0717 wrote:

Considering the myriad of ways to become infected with malware from, well, anywhere, I'm going to have to take a step back. Neither story links on this thread divulge any info on so much as the type of malware. I'm concerned that this malware case is an example of "jumping at shadows," or something.


Maybe, but it's not common for a company to reveal a known exploit until after it's been patched, resolved, and analyzed.
I would like to know the type of malware that was utilized in this attack; just from professional curiosity (I handle server infrastructure for a telecommunication company). But I doubt there would be any real news here without some type of confirmation from the CTO of the company.

Edit:

Scratch that - this was a laptop that was compromised. Seven Days article that outlines some of the details that weren't published by mainstream news organizations. I won't say they were "jumping at shadows" but it appears that traffic was being monitored during the "hysteria" of Russian hacking and the federal agencies monitoring for digital footprints that link to Russian hacking groups. It seems that known spearfishing attempts probably worked on the Burlington Electric Department.

So here's what we know about this story so far (objective as possible):

1. Malware was found on the laptop of a Burlington Electric Department employee. (Source)
2. It was not related to the infrastructure for BED nor did it have access to customer information. (Source)
3. This was a result of Homeland Security informing all U.S.-based utility companies of code that was linked back to Grizzly Steppe (a Russian hacking campaign/group). BED scanned all computers and found this malware code executing on one of their laptops (Source).

The legitimacy of the malware can be put into question, to a degree. However, it is also known that Grizzly Steppe is notorious for spearfishing (the act of sending spoofed or fake emails that seem genuine to an employee that doesn't know any better to convince them to install malware) and this would collaborate with the fact that it was an employee computer that was compromised.
126 cr points
Send Message: Send PM GB Post
Online
Posted 1/2/17 , edited 1/2/17
given the general vibe of the media towards russia at the moment if they didnt tell you - its probably adware or something ridiculous.

otherwise they would been exaggerating that it would knock a zillion US people off the grid when putin personally pushed the big red button that says destroy america.
1235 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 1/2/17 , edited 1/2/17

ninjitsuko wrote:


Rujikin wrote:

I'd bet 1000 CR points that laptop is using windows. They should have installed linux.


I'd raise that bet to 10000 CR points, that it was using a branch of UNIX (if it was an infrastructure or web server).
Most electrical grid systems in the US require a UNIX backbone. If this was an individual workstation, chances are it was due to poor security standards by their network administrator (regardless of the OS).

If it were a workstation, it just meant that they didn't really pay much attention to security policies internally. This tends to be an issue with small towns and the likes; their CTO will usually have a Linux/UNIX background but will have to suffice to use Windows or MacOS for workstations because Linux isn't user-friendly for most offices.
Linux has its fair share of rootkits and malware issues - never assume that just because you're not running in a closed source environment that you're safe from viruses, rootkits, and such.



I somehow doubt it was using a *nix because it was a (gut feeling here)laptop.
39169 cr points
Send Message: Send PM GB Post
M
Offline
Posted 1/2/17 , edited 1/2/17
You know what is REALLY SCARY? China has been doing a whole lot more, and a whole lot worse, and there has been no U.S. response....
First  Prev  1  2  3  Next  Last
You must be logged in to post.