Russian Hacking Code Found in Vermont Power Utility Computer

by

Justin Sink

December 31, 2016, 12:04 AM GMT-4:30 December 31, 2016, 11:21 AM GMT-4:30

• Utility said the laptop wasn’t connected to the power grid
• Homeland Security alerted power providers to search for code

Computer code connected to Russian cyberattacks by U.S. intelligence agencies has been found in a laptop computer at a Vermont electric utility, a development that emerged a day after the Obama administration hit Russia with sanctions for hacking during this year’s U.S. election.
The laptop wasn’t connected to the power grid at the time, the Burlington Electric Department said in a statement on Friday. It said it scanned its computer network and found the malware after the U.S. Department of Homeland Security sent out an alert about the code to owners and operators of critical infrastructure.
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” utility spokesman Mike Kanarick said in the statement. “Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.”
Such a breach has long been a concern for the U.S. because knocking out a power grid could cause widespread disruptions and hamper police, fire and medical responders. For that reason, computers at utilities are routinely checked for intrusions.
Vermont elected officials denounced the Russian hacking.

‘Manipulate the Grid’

“This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Senator Patrick Leahy said in a statement on Friday. “That is a direct threat to Vermont and we do not take it lightly.”
Governor Peter Shumlin and Representative Peter Welch also issued statements.
There was no indication of compromise to customer information or to the security of its system, Burlington Electric General Manager Neale Lunderville said in a note on the municipally-owned utility’s website. Burlington electric serves about 16,000 residential customers and more than 3,600 commercial customers in Vermont’s largest city.
U.S. intelligence agencies have identified the code that the utility found as one used in what they call operation “Grizzly Steppe,” a far-reaching Russian operation to interfere with November’s presidential election. President Barack Obama’s administration on Dec. 29 Thursday slapped sanctions on Russia for the intrusion and ordered the expulsion of 35 Russian operatives.

Read more about how the U.S. says the Russian hacking began.

While U.S. lawmakers of both parties have backed Obama’s actions, President-elect Donald Trump has expressed skepticism at the conclusion of intelligence agencies that Russia was behind the hacking and release of e-mails in an effort to damage his campaign opponent, Democrat Hillary Clinton.
Trump has pledged to improve relations with Russian President Vladimir Putin, whose government has denied it was behind the hacking. He praised Putin on Twitter Friday for not retaliating against the U.S. sanctions, saying “I always knew he was very smart!”
Homeland Security confirmed it shared technical information with owners of critical U.S. infrastructure to aid them in identifying code involved in Grizzly Steppe. The discovery of the code by a Vermont utility was reported earlier by the Washington Post.
It’s not the first time Russian has been linked to to a cyber attack on a utility. Hackers broke into computers at utility control center in western Ukraine in December 2014 and shut down substations throughout the region, leaving tens of thousands of people without power. U.S. Senate Armed Services Committee Chairman John McCain, a Republican from Arizona, has said Russia was behind the breach.