Hawaii 5-0 Hacker
Marthe Bernskoetter
Those are among the recent targets of state-backed Chinese hackers, according to a report published by the Washington Post on Monday. The report cites new information from U.S. officials and industry security officials.
The hackers, the report says, are targeting critical U.S. infrastructure intending to lay the groundwork for the disruption of critical communications should a conflict between the U.S. and China arise.
U.S. officials told the Post that hackers are focused on Hawaii because it is home to the U.S. Fleet. In the event of a conflict over Taiwan, China would like to complicate U.S. efforts to send troops and equipment to the region.
ERCOT prepares year-round for any type of threat to the electric system. Whether the threat is cyber or physical, ERCOT continually invests in trained staff and resources to help keep the electric grid safe. From system redundancies to controlled access, ERCOT has multiple layers of protective measures to safeguard its critical infrastructure. This layered cyber and physical security approach is known as a defense -in-depth strategy.
Was a recently-thwarted cyberattack on a Hawaii undersea cable the work of financially-motivated cybercriminals, government-linked hackers, or someone else? Hawaii officials are working with federal agents to determine exactly that, according to Frank Pace, the administrator of the Hawaii Office of Homeland Security.
Frank Pace: So, an undersea cable really isn't that large, and it stretches over thousands of miles. The cables have several strands and the best way that I could describe it is as if you were to look at one of the larger power cables that you see over your home. Usually within those, you might notice there's actually several other cables inside of it. It's wrapped around in a very strong steel coding. It looks like that.
[Was it] just a known cybercriminal group that wanted to compromise individuals or executives within the organization, or did they want to install various forms of ransomware to hold their systems hostage, that's what we're trying to figure out. There's a variety of things that could have occurred, we just don't know yet.
FP: What went through my mind were what are the impacts? What do we know? What is it that we need to have further awareness of so that we could further prepare not only leaders within the state of Hawaii, but also other businesses or entities that need to better prepare themselves if we knew how that compromise occurred.
FP: Here in the state, no. We have not seen something to the extent where it has been focused on an entity that is involved with the cables. We have seen more recently entities or organizations within city and county governments that have been impacted by different forms of malware or ransomware. Those incidents were not the intended or focused targets, but as a result of vulnerabilities within their systems, they were compromised. I think we're likely to see more of that in the near future.
FP: I would guess that they're still looking into that. However, from the perspective of our office, we all need to be aware of the geopolitical issues that are occurring throughout the world, but specifically related to Ukraine. CISA director Jen Easterly spoke to this not long ago that clearly what is occurring in Ukraine matters because there is the strong likelihood that any retaliation based on support for Ukrainians could be in the form of a cyberattack, or at least a disruption.
is a Senior Supervising Producer for the Click Here podcast. He came to the Recorded Future News from the Scripps Washington Bureau, where he was the lead producer of "Verified," an investigative podcast. Previously, he was in charge of podcasting at Georgia Public Broadcasting in Atlanta, where he helped launch and produced about a dozen shows.
Ukraine has twice been the target of malicious cyber attacks on the country's power grid. These attacks, widely considered to be the first examples of malicious hackers shutting off important state energy systems supplying heat and electricity to millions of homes, triggered a response from the U.S. Department of Defense to ensure America's power grid security.
"Today, our power system is not designed to withstand the kind of attacks that happened in Ukraine," said Yair Amir, professor and chair of the Department of Computer Science at Johns Hopkins University. "If even part of a power grid's control system is compromised, the game is over. We need to make our grid more secure, resilient, and intrusion-tolerant."
The U.S. power grid is a logical target for major cyberattacks, he said. Disabling or tampering with the grid on a large scale could seriously harm the country by disrupting lives and causing immense economic loss.
To mitigate that risk, Amir and a team of researchers developed a new, open-source control system for power grids called Spire. The intrusion-tolerant system is designed to keep power flowing even if part of the system is compromised.
In an experiment last April, a hacker team assembled by Sandia National Laboratories, a federally funded research and development center that works to address emerging national security challenges, was able to remotely obliterate a simulated commercial grid control system within a couple of hours. But the team could not penetrate the Spire system for three days. On the third day, the Sandia attack team was given remote access to part of Spire, but still its test hackers could not disrupt the system's overall operations.
More recently, the Spire developers from Johns Hopkins were invited to get their feet wet in Hawaii. At the end of January, Amir and his team went to an offline Hawaiian Electric Company plant in Honolulu and spent two weeks testing the Spire system on the power plant's equipment with the help of HECO engineers Keith Webster and John Tica. After a few days of setup and integration, Spire ran continuously without interruption for almost a full week.
The system works with the help of replicas. The researchers built it to contain six copies of the main control server that work together to agree on updates in the system. That's the smallest number of replicas needed to get good protection, Amir said.
"Each replica votes on every data and decision," he added. "If one of the replicas is compromised and another is going through maintenance, then the other good replicas will enable the system to continue working properly and in a timely manner."
Why was the test conducted in Hawaii? First, the research project was funded by the Department of Defense, which is one of HECO's largest customers. In addition, Amir said, the unique access to a "mothballed" power plant with fully functional control systems but without active power generation was perfect for grid-level control system tests.
Making Spire open-source was kind of a no-brainer, Amir said. He has spent more than a decade of his research career working on intrusion-tolerant systems and networks. He said that releasing the source code openly increases awareness and the chance for real-life impact.
"We decided that we won't just publish our results," he added, "but we will release open-source solutions that will show people how to make control systems for the power grid secure, resilient, and intrusion-tolerant," Amir said. "We want to create a community of people who are really interested in that. We need to protect our critical infrastructure."
Former U.S. Marines Corp pilot Daniel Duggan, who is facing extradition to the United States for allegedly breaking U.S. arms control law after he trained Chinese pilots, poses for a picture in this undated handout picture.
SYDNEY >> A former U.S. Marine pilot fighting extradition from Australia on U.S. charges of training Chinese military pilots to land on aircraft carriers unknowingly worked with a Chinese hacker, his lawyer said.
Daniel Duggan, 55, a naturalized Australian citizen, feared requests by Western intelligence agencies for sensitive information were putting his family at risk, the lawyer said in a legal filing seen by Reuters.
Su Bin, arrested in Canada in 2014, pleaded guilty in 2016 to the theft of U.S. military aircraft designs by hacking major U.S. defense contractors. He is listed among seven co-conspirators with Duggan in the extradition request.
ASIO and the U.S. Navy Criminal Investigation Service did not respond to Reuters requests for comment on the meetings. ASIO has previously said it would not comment as the matter was before the court.
Both China and the U.S. have blamed each other for years on cyberattacks; the latest series of alleged attacks from the Chinese have been referred to as the Volt Typhoon campaign. Key victims of the campaign include a port on the West Coast, water utilities systems in Hawaii, a critical oil and gas pipeline, and a Texas power grid operator.
So far, such intrusions have not caused any disruptions. However, the attack on systems in Hawaii has been suggested to aim at potential disruptions to the operations of the Pacific fleet. The hackers running the Volt Typhoon campaign have stolen employee credentials with back door entries and have used arbitrary home and workplace routers to hide their tracks.
The U.S. government has been working on mitigation strategies with tech companies and the private sector. This includes actions such as more stringent monitoring, improvements to authentication methods, and large-scale password resets, among others.
This is far from the first cyberattack that has come from nation-state actors. Active PLA hacking groups have attacked entities in Canada and Guam, among others. The issue highlights the rapidly growing use of cyber attacks in warfare and geopolitics by countries worldwide and the need for governments to set up appropriate international mechanisms to deal with an increasingly precarious situation.
The group has been cited by several online technology and cybersecurity media outlets as a new gang of hackers targeting Windows, Linux and VMware ESXi servers. Outlets have also claimed the threat actors have demanded ransoms as high as $10 million in the past, but UH confirmed the payout was below $250,000.
c80f0f1006