Originally appeared at RT
On Thursday, the FBI and DHS released a joint report on a hacking operation they called ‘Grizzly Steppe’. They claimed the operation was linked to the Russian government, alleging that it had targeted “US persons and institutions, including from US political organizations.”
Along with the report, the US security agencies released a sample of the malware code allegedly used in the Grizzly Steppe operation to compromise US computer networks. The code was also shared with executives from 16 industries around the nation, including the financial, utility, and transportation sectors, according to a Washington Post report.
On Friday, Burlington Electric, a Vermont-based power company, released a statement saying that the malware code had been detected during a scan of a single company laptop that was not connected to the grid.
“We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully,” the statement said.
The US media reported the incident as if Russian hackers had penetrated America’s electric grids, prompting some officials to call on the federal government to protect Americans from Russian President Vladimir Putin.
1. No they did not penetrate the grid. 2. The IOCs contained commodity malware – can’t attribute based off that alone. https://t.co/AMNMVzFpFW
— Robert M. Lee (@RobertMLee) December 31, 2016
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Vermont Governor Peter Shumlin said in a statement.
“This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling,” he said.
Meanwhile, a number of IT specialists that have analyzed the code and other evidence published by the US government are questioning whether it really proves a Russian connection, let alone a connection to the Russian government. Wordfence, a cybersecurity firm that specializes in protecting websites running WordPress, a PHP-based platform, published a report on the issue on Friday.
Wordfence said they had traced the malware code to a tool available online, which is apparently funded by donations, called P.A.S. that claims to be “made in Ukraine.” The version tested by the FBI/DHS report is 3.1.7, while the most current version available on the tool’s website is 4.1.1b.
“One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources,” the report says.
The second part of the analysis deals with the list of IP addresses provided by the US agencies. The report says they “don’t appear to provide any association with Russia” and “are probably used by a wide range of other malicious actors.”
This week, the Obama administration accused the Russian government of hacking US computer networks in order to influence the presidential to justify imposing some of the toughest sanctions on Russia yet, including the expulsion of 35 Russian diplomats and blocking access to two leisure compounds used by Russian Foreign Ministry personnel and their visitors.
Russia chose to ignore the punitive measures, calling their imposition a clear provocation, while saying that Moscow will build its relations with the US based on the policies of the next administration under President-elect Donald Trump, not President Barack Obama’s parting shots.
In October, Putin ridiculed the idea that Russia could influence the US presidential election, saying that America was not “a banana republic.”
The laptop belonged to the FBI not the Kremlin.
Another main stream beat up! “there is zero evidence that Russian hackers were responsible even for the implanting of this malware on this single laptop. The fact that malware is “Russian-made” does not mean that only Russians can use it; indeed, like a lot of malware, it can purchased (as Jeffrey Carr has pointed out in the DNC hacking context, assuming that Russian-made malware must have been used by Russians is as irrational as finding a Russian-made Kalishnikov AKM rifle at a crime scene and assuming the killer must be Russian).” http://www.blacklistednews.com/More_Bullsh%2At_Fake_News_from_Washington_Post/56102/0/38/38/Y/M.html
The issue is that there are masses of fools out there that believe this propaganda.
Contrast these pathetic made up stories with the recent boast by the Pentagon that they had hacked the Russian power grid. It seems like a good percentage of the US population are unable to think for themselves.
The WSJ report is pushing the idea of Russian hacking? They state the malware was used in Ukraine in 2015. I assume that US power grid is protected with “firewalls”, and this article is bull. Happy new year
One of the many questions that was not answered, was this laptop actually used for any operational control of the power grid or was it a dual personal use / workplace office tools computer?
It’s possible that the employee just acquired a virus while using the computer for personal use and just brought it into work for emails. The Malware might have been designed to steal credit card info for all we know. I’m just asking the question because I know that this is a common way for viruses to spread. They pretty much well us at work that a PC used both at home and in the office can be confiscated at any time for security reasons and all of the data examined and/or deleted.
Wow, so the ONLY connection to Russia is the Malware program itself?
I thought that they had traced how that malware program got installed, I was being truly naive. Do malware programs contain IP addresses of where to connect to, I would think that they need some mechanism of where to go after they are installed on the target computer. If they do then that would be one way to start tracking a culprit.
So is this malware Russian or Ukrainian, how did the U.S. govt identify ‘Grizzly Steppe’?
Fake – all of it…. laughable if not bizarre when you read what the facts actually are. RT said the Washington Post retracted the story – it was so much BS they could not even wait to put the retraction in tiny print on the last page of their rag 2 weeks from now which is how they usually handle the situation when they get caught making sh*t up.
If Russia wanted to disrupt the American power grid by hacking in, they would, and could do so. I have no doubt that Russia, like the U.S. has any number of operational capabilities regarding disruption of U.S. infrastructure, including the power grid, amongst others. If Russia wanted to, they could turn large sections of the U.S. dark and cold. This story is just so much BS.