Objection! Russia Has Not Been Implicated in Power Grid Hack

At the time I write this, stories from The Washington Post, USA Today (subsidiaries), and others are circulating around the web making the bold claim that the Left’s new boogeyman, Russia, is behind an attempt to compromise a power grid. Unfortunately, none of the sources perpetuating this lie have any evidence whatsoever to substantiate this claim.

Malicious software believed tied to a Russian hacking group associated with attempts to influence the U.S. presidential election was found Friday within a computer that belongs to Burlington Electric, one of Vermont’s electrical utilities.

This is where the so-called evidence starts and ends. The ‘smoking gun’ that Russia is the culprit is that malware found on a laptop not even connected to the aforementioned power grid that has been ‘linked to Russia’. It’s just too bad that doesn’t prove anything.

Malware is like normal software in every respect other than function. Rather than performing a task that the user wants, it performs a task that the attacker wants, usually to the detriment of the user. Malware, like software, can be used by anyone with access to it.

As a result, the claim that the attack can be linked to anyone at all is silly. Do we really know that the Russian Government secretly developed this malware, and has kept it secret since deployment? Actually, the claim that the attack is state-sponsored at all is dubious. The Joint-Access Report (JAR) released by the FBI and Department of homeland security is responsible for the claim that the attack is state sponsored.

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party.

Other than the fact that this claim has nothing backing it, the very same document provides a signature for the malware allegedly used by these RIS hackers:

rule PAS_TOOL_PHP_WEB_KIT
{
meta:
description = “PAS TOOL PHP WEB KIT FOUND”
strings:
$php = “<?php”
$base64decode = /\=’base’\.\(\d+\*\d+\)\.’_de’\.’code’/
$strreplace = “(str_replace(”
$md5 = “.substr(md5(strrev(”
$gzinflate = “gzinflate”
$cookie = “_COOKIE”
$isset = “isset”
condition:
(filesize > 20KB and filesize < 22KB) and
#cookie == 2 and
#isset == 3 and
all of them
}

This is just a simple rule that is used to search for malware on a compromised system, to analyze the attack after it has been done. The key here is “PAS_TOOL_PHP_WEB_KIT”, which refers to a tool called ‘P.A.S’, which is freely available for download.

Which of course means the claim is total bunk. The fact that Russian hackers use a tool called PAS doesn’t mean that PAS is exclusively used by Russians.


Ultimately, this little slice of… err… ‘fake news’ is just more Russian sensationalism. The amount of evidence actually linking the ‘attack’ to Russia is about how much evidence you’d expect from a crappy conspiracy theory, not from a reputable news source. The fact that these stories ran at all, and the fact that their claims were initially more exaggerated (The Washington Post originally claimed that the power grid had actually been compromised) speaks volumes about the current state of mainstream journalism.

If this event warranted a story at all, the headline should have been at the very most “Attempted attack on power grid; Russian hackers possibly to blame”. And even that is going a little to far.

3 thoughts on “Objection! Russia Has Not Been Implicated in Power Grid Hack

  1. Good site – this amused me:

    GRIZZLY STEPPE. These cyber operations included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations.

    So everyone except the girlscouts then? lol
    When it hits everyone, it’s clearly not targeted

    Like

    • Indeed; It’s very evident at this point that if there is any evidence the attacks originated from people in Russia that the attacks probably aren’t state sponsored.

      Like

  2. contact HOMICIDEHACK AT G MAIL DOT COM for your mail hack, facebook hack, icloud and phone hack, bank hack, whatsapp hack, university grades change, website hack or jam, erase criminal records, calls and text message hack.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s