One morning, in 2017's world map, Mike vitello's phone) began to break. The customer wants to know the details of the email they just received. What is he going to cancel his signature? Where is the attachment? How can I write it in the consulate?
Mr vitello didn't know what was going on. All ways excavation USA, the Oregon construction company (USA), works in the company and conducts inspection. The email was fake and they told Mr vitello's customers. Just ignore him.
Next, a few months later, the Department of Homeland Security sent a team to test the company's computers. There's an attack on you, acting Mr vitello, said don Cox. Maybe the Russian side. The intruders tried to break the grid. "They've intercepted all my emails... Mr. vitello said, fucking? I don't know. "It's not your business, it's the people you know."
B15 people from sustam, Oregon, Oregon, Oregon attacked the company in cooperation with public utilities and government agencies, This is the first major hacker attack by a foreign government on the U.S. power grid. The attack was shocking, with U.S. officials taking a big step in early 2018 to publicly blame the Russian government.
Hackers' transformation has exposed the vulnerability of infiltrating the heart of the American power system. Instead of directly attacking international services, hackers have carried out armed attacks on vulnerable locations in the sector - hundreds of contractors and contractors. For example, ol ways has no reason to be on full alert for fear of foreign agents. Hackers enter the supply system from these tiny launch sites. Some experts estimate that more than 20 utilities have been attacked.
The success of the program is driven by a simple technical horseshoe - although hackers and the use of a series of subtle strategies - how much you, Hackers put NASA's malware in the hands of the public, Public service engineers often read. They sent a fake resume and infected the app, pretending to be job seekers. Once they have access to web-based data, they infiltrate closed portals used by public service technicians, in some cases, into computer systems, Track and control current flow.
The Wall Street Journal recreated the article in which the attack took place, restoring documents, computer records, and mica chips that worked at the intruded company, Research in the field of security.
Aim at
The U.S. government has not put utilities and other companies, which is a small problem. The Wall Street Journal identified small companies in freefield, Washington, such as commercial contractors Inc And Carlson testing Inc.) For example, Bonneville Power Administration (federally owned) and PacifiCorp (PacifiCorp) are owned by Berkshire Hathaway (Berkshire Hathaway). Two companies under attack are building systems to provide emergency power to military bases.
Thanks to organized Russian propaganda, the FBI and the internal security service tried to follow the thieves and expose potential victims. Some companies didn't know about ovzlom until government investigators told them that other companies didn't know they were victims of theft until our version was removed.
"Russia prepared for a fight, but did not put the hook." Silvers Robert P. silvers, Paul Hastings LLP, former deputy secretary of the internal security service and business partner of the legal company.
The information service of the Russian Embassy in Washington did not request many comments from us on the information provided. Russia has denied attacks on vital infrastructure.
The first victims
In the summer of 2016, U.S. intelligence agents found signs of subversion of U.S. public services, Janet manvlar said. Internal security requires network security and communication. The instruments used and the attacks on them indicate that the invaders were Russia. The intelligence agency informed the internal security department, Ms Manfred said.
In December 2016, in the underground building of the providence grove office in Illinois, less than an hour was driven with the stepfather, and the agent appeared. Here is a small private company, CFE Media LLC, which publishes industry magazines such as "automation management technology" and "engineering consulting".
instruments of labor
In the U.S. public service network attack, Russian hackers stole the identity information of employees to gain access to the cooperation system, Confirmed by US officials.
Address chip
Hackers send e-mails containing infected links or applications to help steal the identity of recipients
"Water"
Hackers posted a harmful NASA code, which is a trusted, for example, in press publications, hoping they would visit potential victims. This code records confidential information of visitors.
remote access
After receiving the important items, the hackers used the private virtual network and the remote program on the desktop of the personal computer, Keep undiscovered and keep internal network access.
Source: Ministry of internal security.
As can be seen from the email of "SFE media", the agent told the staff, "Very knowledgeable people" downloaded NASA's harmful document "automatic control technology". The agent warned that the document could be used by third parties to conduct hostilities.
Steve Rourke, an isomer of "SFE media," said his company has taken a series of actions to build a contaminated website. Soon after, hackers infected the company's other professional publications with harmful content, "Edfens") Later, the details of the attack were analyzed.
Hackers, like lions, hunt down the victims of Utopia and follow the patron saint of these other professional websites, I hope to hook up with engineers and other experts and ask the company they work for advice. Russia could destroy "any sector" around the world, a company researcher said, "risk.".
The hackers put several lines of code outside the NASA line, unconsciously obtaining the user name and password for any unfamiliar visitors, According to the government meeting minutes of security experts who analyze harmful code. The strategy gives Russia access to more sensitive systems, internal security staff said at last year's production meeting.
Mr. whitlow is a "Wall Street exclusive" company that will not know how to get Kego mail. He can't remember reading NASA materials or opening attachments. However, the invasion was part of a Russian campaign by companies specializing in security raids that studied the hacking.
Hacker attack plan
2017 3 Hacking.
In an email to the recipient, it was informed that the file would be downloaded immediately, but that was not the case. Recipients are required to query that they can "download files directly.". Here's a trap, and dresat met NASA imageliners.com.
This website, registered by Matt Hudson, was originally designed as a resource to find a piece work in Columbia, South Carolina, Comment. However, during this time, the site has been closed. Mr. Hudson said he did not know that the Russians had taken over his website.
On the day of e-mail, on the day of Mr. woffith's phone call to vitello, NASA's activities began, Looking for commentators: users come here with more than 300 IP addresses, but last month's site visit may be considered one hand. Many tourists are potential victims of hackers. About 90 IP addresses - codes that help computers find each other's propellers - have been registered with vorepone, our editorial analysis shows.
When Mr vitello realized that his email had been hacked, he tried to warn his recipients not to send him a letter. The hacker blocked the news.
Imageliners.com email list March 2, 2017
The U.S. Army Engineer is a subsidiary of the U.S. Army. Dozens of federal hydropower plants.
About two weeks later, the hackers used MR vitello's account again to send a large number of emails.
One of them was taken to Dan Kauffman exciting Inc., Finco, Oregon: "please, Electronic signature to sign the agreement - financing project. "
Colina Sawyer's office manager) thought it was a strange phrase and wrote an email to Mr. vitello: "I just received your letter and I understand that your box has been broken."
In response, she received a report from the perpetrator of Mr. vitello's account: "I really sent him." Mrs. Sawyer, it's not good for anyone to say these words. Call Mr. vitello, and ITO tells her, like the previous letter, it's fake.
Attack acceleration
One of the companies that received the fake email was a small company in Oregon, Oregon, which provided specialized services to the company. In July, FBI agents came here to tell company staff that the company's system was damaged by the entrance to the "mass movement.". The attack on the power company is ordered by the owner.
The first fake email was received on March 2, and vitello received a report on the investigation of the Ministry of internal security, An employee of the company called it a Hudson website. She was asked to enter a user name and password. It was reported that by that night, cybercriminals had been interviewed by the company's xety, but our publication reported the accident.
Then they hack into the portal of a mutually protected corporate system, separate the vulnerable internal network, and create a new account for the administrator, which they hide.
"We didn't know there was no record of the company."
Hacker attack plan
In June 2017, hackers used the ixcorvallis system to "hunt.". In the next month, they've reached dozens of times the IP address registered by the entire Oregon company, Turkey, inideran, France, In another way, put all the power companies.
In some cases, hackers only study the websites of their new targets, so they may carry out new attack reconnaissance. In other cases, as reported, they may be excluded from their victim systems. Two target companies help the U.S. military organize independent power supplies at domestic bases.
Atlantic power submitted a written statement to the Supreme Court, noting that it was often tortured by malicious acts, but did not comment on them. "As far as we know, nilazo's system has not been compromised."
Around midnight on June 28 this year, hackers used a network of ixcorvallis company for electronic communication, which was destroyed by a large wood processing company called "devanger". Construction. Her name is said to be an email written by Rick Harris, a fictional hacker.
Hacker attack plan
Our publication identified three utility companies in different ways that received this email: Franklin PUD in Washington, D.C., and dariland power cooperative. (2004).Dairyland Power Cooperative)University of Inya-Yorka“”State Electric&Gas Corp.。 All three companies claim to know about the ohaka movement, and none believes they are victims of it.
Devange, an employee, said federal agents were here. Jim Bell, the company's owner, declined to discuss the incident.
On June 30 of the same year, hackers tried to give the Communist Party of India remote access, and the Committee installed the equipment just like lightning. Allow national equipment to operate in the event of a domestic grid outage. The company, Energy Systems Group Inc., a branch of vecterren, declined to tell Otto if there was any hacking, The PLA says it attaches great importance to cyber security.
One of its customers, the company's website says, is Fort Detroit, a military base in Eritrea, where it has state-of-the-art laboratories to protect American white weapons. Fort Detrick conveyed our questions to military officials, who said they took the kibe security issue seriously, but declined to comment further.
In the summer of 2017, hackers targeted companies that helped utilities manage computer control systems. On July 1, hackers took advantage of the company's exposure to the UK company's subsidiaries, northern control limited and ocean control systems Ltd. They also attacked simkiss control systems Ltd. and other vanglia, and visited "obkakutanah and system information" to submit government reports.
Simkiss's website says it provides the company with tools to access its industrial management systems from a distance. Its customers include large electrical equipment manufacturers and international companies, including the national power grid. In some parts of the United States, the head introduced Britain's power transmission system, where it owns utilities in New York City, people's Island and Massachusetts.
Orkmont, NORINCO and simkes declined to comment, but commented to the national grid. Its cybersecurity work, "according to Windley's model. By the fall of this year, hackers had again contacted the South Korean company Dan Kauffman excavator and hacked into the company's own network on September 18. They hide here. In addition, the company was contacted about 2300 times and emailed on the evening of 18 October. The message said: "Hello, Dan uses Dropbox to share your folder!"! Oh They also refer to "view folders.".
Personnel trained include: Pacific International, a non state utility company, and Bonneville power management, a 75% company based in podland, Oregon. US Army Engineer.
Federal officials say hackers want to find a way to connect to the company's public service network, to kineterneth, and their emergency network, Security filtering.
This "connection" sometimes takes the form of a "flea box", enabling technicians to operate in their own systems. Without a proper protection system, these compounds will allow intruders to pass through a safe trench and lock them up.
At last summer's public service conference, Jonathan Homer) According to the safety director of a sound management system that meets internal safety standards, Russia has infiltrated the public service management system through a secure flea box. Hackers have been given "legitimate access to administrators' letters," as stated at a meeting, and they are ready to take action, They may temporarily turn off the power system.
As stated in the Pacific International Convention on the security of ships and port facilities, the convention uses multiple layers of protection in its risk management system and does not believe in attacks or hacking by anyone.
Gary Dodd, director of information security at Bonneville, said he didn't believe his company had been broken, Although it received a suspicious email from Orient Co., Ltd., this is Dan cauffman excavator. "Something may have oozed out, but I don't think so," he said
The military also does not comment on the issue of cyber security.
Publicize
The U.S. authorities warned the public in the "ohaka wine publicity letter" published by Walker in July 2017. They tied her up in a dragon fly called "gadfly", which is "a bear full of vitality")
short circuit
Russian hackers attacked the computer control system.
Hacker network attack circuit
Computer hackers
Russian hackers use malicious e-mails to obtain information about employees of public service companies.
Staff computer
Hackers use stolen essentials to remotely access the stolen power station and enter harmful codes.
SCADA server
Hackers from contaminated workstations have access to the SCADA of the control system and data packages.
Electrical equipment
SCADA controls the assets of utility companies, including substations and electrical equipment.
Source: SCADA network of Ministry of security (Ministry of energy).
In April 2018, the FBI informed the two companies in writing that they may have received malicious emails from the exclusive company of OL ways.
One of the companies is the "commercial contractor" in isridjfield, Washington state, which helped conneville power administration set up an office. According to Eric Mani, the company's president, Eric money, the staff believed that they had not opened the contaminated letters. However, our publication found that the computer's IP address, connected to scompania, visited Mr. Hudson's website in an attack.
The second company, informing the FBI, "Carlson testing" iztigard, Oregon, works in utilities, including Portland General Electric) Portland General Electric PacifiCorp, northwest natural gas, and bonnville power administration.
Vikram thakur, technical director, security action team, simantek, California, is responsible for cybersecurity. His company knows that its customers are committed to network security from the public domain and other companies, which is a changed way, A total of 60 Russian utility companies have been targeted by hackers. These companies are located in American castles. More than 20 companies have been hacked, he said, into the management systems of eight or more companies deep enough. He refused to call them.
The government still does not know how many utilities and service providers have been attacked by Russia.
Vello Cohen vello koiv, President, Wacker engineering construction services, beverton, Oregon, as a military subcontractor, PacifiCorp, Bonneville Avista Corp., sponsored by an international company in Washington state, said it had been bitten by nanoparticles containing water pollution letters in front of its technical experts. The problem was solved, so there was no development. Avista declined to comment on cyber attacks.
Mr. coff said he continued to receive malicious letters in 2018. "Russian or not, I don't know. But someone tried to break our server.
Last fall, Wall Street's exclusive company launched another hacker attack.
Experts in the field say Russia's hacker government may still be in some systems until they are discovered and await further instructions.
Lisa Schwartz helped write the article.
Plan by Joel Eastwood (East) and Angela Calderon.
The materials of foreign media only contain the evaluation of foreign media and do not reflect the position of foreign media editors.