Russian Hackers Could Have Shut Down U.S. Power Plants, Experts Say
ARI SHAPIRO, HOST:
Mary Louise, I don't need to tell you that Russia has been big news here in the U.S. this week but not because of the presidential elections.
MARY LOUISE KELLY, HOST:
So can I tell you it's the same thing here?
KELLY: In my hotel gym this morning - yeah, I was on the treadmill. They've got the whole wall of TVs up there all tuned to various Russian stations. And they weren't leading with the Russian election either. There was a lot of coverage of the poisoned spy, Sergei Skripal, and coverage of course of these new sanctions that the Trump administration has now imposed on 19 Russian individuals and five organizations.
SHAPIRO: Yeah, the announcement of those sanctions gives you a sense of how broad Russian cyberattacks were. Russian hackers have apparently targeted critical American systems, including power grids, for years on and off since at least 2011 according to the cybersecurity company Symantec. Bill Wright is Symantec's director of government affairs, and I asked him how deeply the hackers have penetrated these power grids.
BILL WRIGHT: Well, it's a little bit hard to tell. We of course are limited by our customer base. That's what our sort of vision is. We did see some areas where the threat had entered into the operational realm.
SHAPIRO: That means they could flip the switch and turn off the power.
WRIGHT: Of some energy sector. I think there's a little bit more complicated than that.
WRIGHT: But they certainly are able to stage and potentially create more difficult problems, like sabotage.
SHAPIRO: Tell us about some of the ways the hackers gained access to these systems.
WRIGHT: In some cases, they used some pretty mundane ways to get into the systems. One are very well-crafted spear phishing - so just your basic malicious email.
SHAPIRO: Click on this link. Open this attachment - that sort of thing.
WRIGHT: Exactly, exactly. Now, these are very well-crafted, and so they're highly customized to individuals.
SHAPIRO: Oh, like specific employees of a particular energy company.
WRIGHT: Some of that but also things that would interest someone working at an energy company. For instance, one of the first malicious emails that we identified in this second campaign was an invitation to a New Year's party...
WRIGHT: ...That was sort of focused on energy sector interests. We thought that was very good. It was actually very effective.
SHAPIRO: The federal government says these hackers were Russian and that this was backed by the Russian state. Is that consistent with what you've seen?
WRIGHT: So we have no reason to doubt attribution coming from the United States government in this case.
SHAPIRO: What are the signs that a hacking campaign like this is being organized by a high-level, well-funded, government-backed campaign as opposed to just some malicious hackers using their spare time?
WRIGHT: Yeah. We look at a couple things. First off, in this case - highly sophisticated group. They are highly resourced. They are highly persistent. So they're not moving around, looking for targets. They will hang on a target until they get in.
SHAPIRO: So you know that for six years or more, these same hackers have been trying to get into these same energy companies.
WRIGHT: That's right. So they've managed to go underground for a little while, retool, come up with some new and interesting ways and then came back again in 2016 or 2015. Also, we look at the targeting. You know, what is it that they are interested in? Are they interested in profit motive - doesn't appear so in this case. So a lot of times we can tell whether there is a state-sponsored element to the attacks.
SHAPIRO: Why would one country target another country's energy sector?
WRIGHT: Yeah, well, if you think about it, I think the energy sector in particular is probably the most critical of critical infrastructure. Let's just take the power grid. If the power grid goes down, there's cascading effects. It doesn't just affect the power here at NPR. This affects every sector from financial to water to nuclear, right across the board. Everything that depends on electricity would be affected so certainly is a node of interest for a state-sponsored group.
SHAPIRO: It's been reported that Russia has turned off the power in another country before. They did this in Ukraine. What would happen if Russia did this in the U.S.?
WRIGHT: Well, if what happened in Ukraine 2015, 2016 and we had mass power outages, there would certainly be a citizen safety aspect to this. It would also have cascading effects to every financial sector, to the way we do water, to the way we do our lives every day. It would be a very devastating blow.
SHAPIRO: Bill Wright is director of government affairs and senior policy counsel for Symantec. Thanks for coming to the studio.
WRIGHT: Thank you, Ari. Transcript provided by NPR, Copyright NPR.