Sandworm
A New Era of Cyberwar
And the Hunt for The
Kremlin's most Dangerous Hacker
by Andy Greenberg
6
HOLODOMOR TO CHERNOBYL
Though he didn’t know it yet, Yasinsky had found himself in the middle
of the sort of event that had defined Ukraine’s long and unkind
history: a foreign invasion.
To understand how Ukraine would come to serve as the
battleground for the world’s first full-blown cyberwar, it helps to look
back at a millennium of conflict and domination, with Ukraine as the
point where the bloodiest edges of two continents meet. Over the last
thousand years, incursions into Ukraine have taken the form of
Mongol hordes from the east and Lithuanian heathens and Polish
imperialists from the west. The nation’s name itself, “Ukraina,” comes
from a Slavic word for “borderland.” Ukraine’s existence has been
defined by its position, caught between powerful neighbors. But the
country’s most perpetual nemesis has been the one with whom it
shares not only the longest border but also the most history and
culture—its larger, more aggressive, estranged brother from the same
mother.[ Not buying this writers political view on Ukraine, the world knows what happened in 2014, and who did what and when dc]
Russia and Ukraine trace the origins of their two civilizations to a
common ancestor, the flourishing medieval state of Kievan Rus. That
kingdom, growing around Kiev from the tenth century AD, became an
eastern outpost of European culture after its king Volodymyr
somewhat arbitrarily decided to convert his people from paganism to
Orthodox Christianity. Ukrainians like to point out that his son
Yaroslav the Wise built Kiev’s iconic St. Sophia Cathedral in 1037,
when Moscow was little more than a forest by the Volga River.
But geography was never in Ukraine’s favor. Kievan Rus was
destroyed in the thirteenth century by brutal Mongols riding
southwest from the Urals across the indefensible landscape of the
steppe, led by Batu Khan, one of the grandsons of Genghis Khan. After
a long siege, the invaders massacred Kiev’s population, burned
hundreds of churches, and razed its city walls.
In the wake of that massive destruction, as Russians tell it, the
refugees of Kievan Rus’s early Slavic society migrated to Moscow,
where they became Russians. In the Ukrainian version, their culture
quietly continued to grow where it was first planted, in the rich black
soil of the broad region north of the Black Sea, surviving for centuries
despite the successive layers of foreigners who tried to lay claim to it,
from Mongols to Poles to Turks to Tatars and finally Russians.
Prior to the last thirty years, however, Ukraine’s attempts at actual
independence have been painful, hard-fought failures. Over the last
millennium, the country’s hopes for self-rule rose and fell three times:
in the seventeenth-century rebellion of the Ukrainian Cossacks,
stubbornly autonomous warrior settlers of the steppes; in the bloody
Ukrainian civil war following Russia’s Bolshevik Revolution in 1917;
and again after a brief, tragically misguided alliance with Nazi
occupiers during World War II. As Anna Reid wrote in her history of
Ukraine, Borderland, Ukraine’s rebellions have long been “nasty,
brutish, and above all short.” By the beginning of the twentieth
century, Ukraine—or “the Ukraine,” because it was considered little
more than a region, not a nation—was a possession of the Russian
empire and commonly referred to as “Southwest Russia” or “Little
Russia.”
As dark as Ukraine’s history has been, its greatest litany of horrors
arguably came in just the last century or so of Russian hegemony. In
World War I, 3.5 million Ukrainians were conscripted to fight for their
Russian rulers. Even after Bolshevism swept Russia and pulled the
country out of the war, fighting raged for years in Ukraine between the
country’s own independence fighters, the “Whites,” who remained
loyal to Russia’s czarist regime, and the communist army of Vladimir
Lenin.
Even more so than World War I, the civil war spilled into tragic and
indiscriminate chaos on Ukrainian soil. Soldiers and bandits on all
sides committed atrocities against civilians, including many of the
Jewish-targeted pogroms that have made “Cossack” synonymous with
“murderer” in much of the global Jewish diaspora. In total, about
1.5 million Ukrainians died in the violent years between 1914 and 1921.
It was the next decade between the wars, however, that for many
Ukrainians still resonates as a memory of deep, even unforgivable
oppression. The Soviet regime manufactured a famine in Ukraine that
would kill 3.9 million people, a tragedy of unimaginable scope that’s
known today as the Holodomor, a combination of the Ukrainian words
for “hunger” and “extermination.”
The starvation began through simple exploitation: Ukraine’s fertile
black soil offered a tempting breadbasket for Russia. During its own
civil war from 1917 to 1922, Russia seized as much grain as it could at
gunpoint to alleviate its own wartime food shortages. “For God’s sake,
use all energy and all revolutionary measures to send grain, grain and
more grain!” Lenin wrote in a telegram to Soviet forces in Ukraine in
1918. The secret police force known as the KGB, initially called the
Cheka and then the OGPU, was formed in part to find and take grain
from Ukrainian peasants by whatever means necessary. When
American Relief Administration workers were sent to Russia to help
relieve the food crisis, Soviet forces kept them out of Ukraine,
obscuring the fact that it was Ukrainians who were experiencing the
worst of the shortages.
By 1932, starvation had become a far more purposeful Soviet tool of
control. Moscow, now under the rule of Joseph Stalin, had imposed
agricultural collectivization, moving peasants off the land they had
owned for generations and onto communally held farms. At the same
time, the most prosperous peasants, known as kulaks, were branded
as class traitors and subjected to exile, imprisonment, and massacre.
When the result, inevitably, was massive shortfalls in food production,
the Soviets only redoubled their efforts to seize every ounce of grain
possible from Ukraine’s peasants. They searched systematically, using
hooked and spiked poles to dig behind walls, under floorboards, and
even in the earth outside homes in search of hidden food. When they
found it, they piled the confiscated grain in locked warehouses. OGPU
guards patrolled fields, shooting scavengers on sight.
Peasants responded with scattered resistance, butchering their
livestock rather than give it to collective farms and taking up arms in
guerrilla bands. Those acts of rebellion only stoked Stalin’s paranoid
fears of a Ukrainian nationalist rebellion, refreshing Bolshevik
memories of war with Ukrainian freedom fighters just a few years
earlier. So famine soon became not only the cause of Ukrainian
subversion but its solution too: The Soviet regime simply starved the
country into submission.
The Soviet government restricted travel, preventing hungry
peasants from fleeing to other regions or countries. Bodies piled up in
railway stations and along roads. The historian Anne Applebaum’s
book on the Holodomor, Red Famine, documents stories of desperate
peasants resorting to eating leather and rodents, grass, and, in states
of starvation-induced mania, even their own children. All of this
occurred in one of the most fertile grain-production regions in the
world.
Roughly 13 percent of Ukraine’s population at the time died, but no
Ukrainian survived the period untouched by the trauma. Raphael
Lemkin, the Polish-Jewish lawyer who lost forty-nine relatives in the
next decade’s Holocaust and went on to coin the term “genocide,” later
cited the Holodomor in a 1953 speech in New York as a quintessential
example of his neologism. “This is not simply a case of mass murder,”
Lemkin said. “It is a case of genocide, of destruction, not of individuals
only, but of a culture and a nation.”
💠💠💠
Ukraine’s greatest misfortune, aside from finding itself in Russia’s
inescapable shadow, was that it was destined to serve as the battlefield
between East and West. World War II was no exception. Like a bloody
rerun of the country’s civil war from two decades earlier, Hitler’s war
with Russia’s Red Army split Ukraine into three warring sides: those
supporting the Nazis in an ill-fated hope of a life better than the one
under Stalin, those conscripted into the Soviet forces, and a small
faction fighting in vain for an independent Ukraine.
In fact, the Soviet atrocities had begun even before the Nazis
arrived, during the brief period of German-Russian non aggression.
When Hitler seized Poland in 1939, the region of western Ukraine
known as Galicia that had until then been under Polish control
suddenly fell to Moscow. Stalin and his Ukrainian Communist Party
subordinate Nikita Khrushchev wasted no time in purging the region
of anyone who might possibly fight the Soviet Union’s annexation:
farmers who resisted collectivization, Poles, Jews, lawyers, priests, and
government officials.
Between 800,000 and 1.6 million people were arrested and
deported from western Ukraine to labor camps in Kazakhstan and
Siberia, as much as a fifth of the region’s population. When Hitler did
invade two years later, in a surprise attack that shattered the two
countries’ pact, the Soviets hurriedly massacred the Ukrainian
prisoners they hadn’t yet deported before fleeing to the east.
In the years that followed, the Nazis took their turn brutalizing
Ukraine. As Hitler’s army marched east, SS troops followed,
murdering as many Jewish civilians as they could find, killing them
mostly with firing squads and dumping bodies in mass graves rather
than bothering with trains to concentration camps. Ukrainians who
had welcomed the Germans and even aided in the Holocaust’s
slaughter were rewarded with a policy that treated all Slavs, Russians,
and Ukrainians alike, as Untermenschen. The Nazis rounded up
2.8 million Soviet citizens, more than 2 million of whom where
Ukrainian, and shipped them to Germany to work in factories for slave
wages.
Even after the Red Army turned the tide of the war with an
immensely costly victory in 1943 at Stalingrad—where more than
1 million Soviet soldiers died—the Nazis continued to kill en masse,
starving 2 million captured Soviet prisoners as they death-marched
them westward. In all, 1 in 6 Ukrainians died in the war, and about 1 in
8 Russians, with a staggering total of 26.6 million deaths across the
U.S.S.R., a number unparalleled in the history of war.
In the postwar decades that followed, Moscow’s treatment of
Ukraine settled into a slower-burning repression of a subjugated state.
In the 1950s, through the last years of Stalin’s terror and the rise of
Khrushchev to take his place, more Ukrainians were sent to the
U.S.S.R.’s gulags than any other nationality. Through the 1960s and
1970s, groups like the Sixties and the Helsinki Group fought for
Ukrainian autonomy and human rights, only to be quickly swept away
to a life of destitution and hopelessness in Siberian labor camps.
The 1980s and the rise of Gorbachev would lay the groundwork,
after eight hundred years, for Ukrainian independence. But not before
giving Ukraine one more lasting keepsake of its Soviet rule.
⚡ ⛑ ⛬
On the night of April 25, 1986, engineers were conducting a test at the
Chernobyl nuclear plant near the northern Ukrainian town of Pripyat,
population fifty thousand. The experiment was designed to check how
long the reactor would continue to function in the case of a total
electric failure. Just after midnight, operators turned off the system
that would cool the reactor core with water in the case of an
emergency and initiated a power shutdown.
Exactly what happened next remains a subject of controversy
among scientists, even today. But at 1:23 a.m., a massive eruption—
perhaps caused by a sudden buildup of steam or perhaps a nuclear
explosion that subsequently triggered that steam blow up—tore
through the plant, rupturing the reactor core and killing two
engineers. A jet of radioactive material immediately shot more than
three thousand feet in the air.
Firemen rushed to the scene to extinguish the plant’s burning roofs,
many unwittingly receiving fatal doses of radioactivity. But no public
warning went out to the citizens of nearby Pripyat, where people went
about their Saturday routines unaware of the nuclear fallout spewing
from the meltdown just a few miles down the river. Only thirty-six
hours later did Communist Party officials enact a limited evacuation,
starting with just a small area of a few miles around the plant. In fact,
a radioactive plume was already spreading through the atmosphere
that would reach as far as Sweden, with an invisible toll on the health
of its victims that still eludes measurement.
For weeks after, Moscow-based state news agencies made no
mention of the ongoing disaster. Nor did Communist Party General
Secretary Mikhail Gorbachev. Six days after the explosion, as nuclear
fragments continued to rain down from Chernobyll’s toxic cloud, party
officials evacuated their own children to safety on the Crimean
peninsula, even as they instructed Ukraine’s citizens to carry on with
their annual May Day parade. Just sixty miles south of Chernobyll’s
ground zero, thousands of people—including countless children—
marched down Kiev’s main drag of Khreshchatyk Street. They carried
flowers, flags, and portraits of Soviet leaders, unaware that those same
leaders had knowingly exposed them to the fallout of one of the worst
industrial disasters in history.
7
MAIDAN TO DONBAS
On my first night in Kiev in the spring of 2017, I stepped out of the
towering Hotel Ukraine—formerly the Hotel Moscow, a Soviet-era
luxury hotel now devolved into a cheap and run-down relic of U.S.S.R.
tastes—and into the Maidan below, the central square of Ukraine’s
capital. Before my jet-lagged brain had even oriented itself, I found
myself in a crowd around the steps of the Monument to the Founders
of Kiev, where a man dressed in black holding a guitar was belting out
the Ukrainian national anthem, his fist across his chest, flanked by
soldiers in camouflage fatigues, one wearing sunglasses in the dark.
Behind the singer were pictures of friendly faces wearing balaclavas
and helmets. Only later would I make the connection that these were
photographs of ordinary Ukrainians who had been killed near that
very spot three years earlier. Many had been shot by snipers
positioned in the top floors of the Hotel Ukraine I’d just checked into.
The hotel’s lobby, too, had been conscripted into the revolution, one
side turned into a field clinic for wounded protesters, the other into a
morgue.
As the Maidan crowd around the singer bellowed out the national
anthem along with him, their hands on their hearts and some draped
in Ukrainian flags, their voices were charged with an eerie intensity
that raised the hair on my skin. “Ukraine’s freedom has not yet
perished, nor has her glory,” they sang. “We will not allow others to
rule in our motherland.” In my first hour in Ukraine, I felt I had
stepped into the buzzing epicenter of a postrevolutionary nation at
war.
⛨⛨⛨
After centuries of bloody fighting for its independence, Ukraine’s
liberation had originally arrived in 1991, almost by accident. With the
U.S.S.R.’s collapse, a stunned Ukrainian parliament voted to become a
sovereign nation, with only the far eastern region of Donetsk, the most
ethnically Russian slice of the country, opposing the decision.
But for the decades that followed, Moscow maintained a powerful
influence over Ukraine, and the two countries transitioned in tandem
from communism to kleptocracy. Ukraine’s prime minister and then
president for its first fourteen years of independence, Leonid Kuchma,
became known for siphoning a stream of boondoggle deals and cheap
loans to cronies. In the year 2000, a bodyguard released tapes of
Kuchma discussing the torture and killing of an investigative journalist
who had been found dead in the woods south of Kiev, as well as vote
rigging, bribe taking, and selling weapons systems to Saddam Hussein.
For a population inured to corruption and fed lies by state-run news
for as long as they could remember, even so-called Kuchmagate failed
to oust the president. Instead, he lasted until his chosen successor,
Viktor Yanukovich, an oligarch with close ties to the Russian
president, Vladimir Putin, ran for president in 2004. His opponent
was Viktor Yushchenko, a Ukrainian nationalist, financier, and
reformer who promised to finally bring the country out from under
Russia’s thumb.
Sensing a shift, the Kremlin determined to tighten Ukraine’s leash.
Russian political operatives began working secretly for Yanukovich,
and soon Yushchenko was finding his speaking venues closed and his
plane diverted from campaign stops. Then, a month before elections,
Yushchenko was mysteriously poisoned with dioxin, falling deathly ill.
He barely survived, his skin left scarred and disfigured by the attack.
Later, two Russians were arrested in a failed attempt to blow up
Yushchenko’s campaign headquarters in Kiev.
When Yanukovich was declared the winner of the elections that
November, the vote rigging was barely hidden. Yushchenko had, by
this time, recovered enough from his poisoning to return to
campaigning and was winning by double digits in polls. But the
cheating was evident: Putin had gone so far as to send Yanukovich his
congratulations before the results were even tallied.
This time, Ukrainians had had enough. Hundreds of thousands of
people flooded the streets of Kiev, filling the Maidan and waving
orange scarves, the chosen color of Yushchenko’s campaign. Facing a
mass uprising, Yanukovich stepped down a month later. The Orange
Revolution, finally, was Ukraine’s first step toward real independence.
Yushchenko won a legitimate election the next month and declared a
new era of the country’s history.
But politics in Ukraine are never so simple. Yushchenko turned out
to be an inspiring but disorganized leader, warring with his prime
minister, Yulia Tymoshenko. The government deadlocked and the
economy foundered. Amazingly, Yanukovich managed to wheedle his
way back into the spotlight, thanks in part to his Russian backing and
a makeover overseen by the U.S. lobbyist Paul Manafort, the future
campaign manager of Donald Trump. From 2006 to 2007, Yanukovich
even served as prime minister under his former archrival Yushchenko.
In 2010, he defeated Tymoshenko in the presidential election,
definitively ending the Orange Revolution five years after it had begun.
Ukraine took four years to simmer to the boiling point again. As
president, Yanukovich proved himself to be even more ambitious in
his mass theft than Kuchma, openly pillaging state coffers. His group
of blatantly corrupt associates, known as the Family, tucked away as
much as $100 billion of government funds into their private accounts.
Yanukovich’s estate north of Kiev, called Mezhyhirya, became a
mobster’s Xanadu, complete with a menagerie of exotic birds, a
bowling alley, a rifle range, a boxing ring, and $46.5 million worth of
chandeliers.
The final straw, however, wasn’t Yanukovich’s corruption but his
Russian alliances. Under Yushchenko, Ukraine had started on a long
road to membership in NATO, a prospect that no doubt infuriated and
terrified Putin. Ukrainians’ European hopes had still lingered under
Yanukovich in the form of an association agreement with the
European Union, trade negotiations that represented the first baby
step toward the West. But a week before signing the agreement, under
pressure from Putin, Yanukovich killed the deal.
The uprising and crackdown that followed had little of the bloodless
idealism of the Orange Revolution. When hundreds of thousands of
people again flooded the Maidan in November 2013, police clumsily
sought to disperse them with water cannons, rubber bullets, and tear
gas. Protesters responded with barricades and Molotov cocktails.
In the midst of that increasing violence, the Maidan movement also
began to see the first signs of digital attacks. Calls and SMS messages
from mysterious origins flooded the phone lines of pro-Western and
pro-revolution government officials. At the telecom provider Kyivstar,
engineers like Oleksii Yasinsky found themselves struggling to keep
the mobile network intact as the crisis mounted. On one street near
the Maidan, devices known as IMSI catchers impersonated cell phone
towers to spam out text messages to protesters, telling them to go
home. But as the square’s physical conflict ramped up, few people
registered those first signs of digital meddling.
By the end of that winter, the bullets were no longer rubber. As
protesters made a final notorious charge up the slope of the Maidan
toward the Hotel Ukraine, snipers fired on them from above, led by a
unit of brutal pro-Russian militarized police known as the Berkut—
Ukrainian for “eagle.” Many Ukrainians believe the Berkut were joined
by actual Russian soldiers brought in by Yanukovich. The death toll
was 103 protesters, a group now immortalized as the “Heavenly
Hundred”—the same martyrs whose lives were being memorialized on
the Maidan on my first night in Kiev.
After the revolution’s final, tragic bloodletting, Yanukovich could
see that the violence had only steeled the movement against him. He
fled to Russia.
Putin, not one to let geopolitics turn against him, took a different
approach: He promptly invaded.
🈘🈘🈘
Before the dust had even settled on the Maidan, in late February 2014,
a group of militiamen in unmarked uniforms, including Berkut
soldiers, entered the parliament of the southern Ukrainian peninsular
state of Crimea and installed a pro-Russian government. In a blink,
thirty-five thousand Russian troops moved in, swiftly occupying the
region with barely a shot fired. Two months later, more unmarked
Russian soldiers—they soon came to be known as “little green men”—
began to trickle across the border into the Russian-speaking eastern
Ukrainian region of Donbas, helping to arm a separatist movement
that quickly took control of the cities of Donetsk and Luhansk with
Russian tanks and artillery.
Since then, Russia has successfully made Crimea its full-fledged
possession as Ukraine’s eastern front has settled into a grinding,
undeclared war. Two million Ukrainians have become internal
refugees, and 10,000 Ukrainians have been killed. In July 2014, the
callousness of the Kremlin-backed forces shocked the world when a
Russian anti-aircraft unit, under the guise of pro-Russian Ukrainian
forces, fired a Buk missile that downed a Malaysian passenger jet over
Ukrainian territory, killing all 298 people on board.
But from the early months of the invasion, another kind of front
began to form in Ukraine’s war. Four days before Ukraine’s post revolution elections in May 2014, a pro-Russian hacker group calling
itself CyberBerkut—an allusion to the same police force that had killed
protesters during the Maidan revolution—announced on the website
cyber-berkut.org its intention to disrupt the coming presidential
election to replace the seat vacated by Yanukovich. “The anti-people
junta is trying to legalize itself by organizing this show, directed by the
West,” the message read in Russian. “We will not allow it!”
That night, the group began a devious series of cyberattacks on the
country’s Central Election Commission: They broke into the
commission’s network and wiped dozens of computers. “The idea was
to destroy the system, to prevent it showing the results, and then to
blame Ukraine’s so-called junta,” says Victor Zhora, a security
contractor for the commission at the time. “The goal was to discredit
the election process.” The commission’s IT administrators managed to rebuild the network in time for the election. But they found on Election Day that
hackers had planted an image of fake results on the commission’s web
server, which seemed to show the ultra right presidential candidate,
Dmytro Yarosh, as the winner. Administrators discovered the image
file before voting ended and prevented it from ever being publicly
displayed.
But Russian state television, seemingly coordinating with
the hackers, went ahead with a false announcement that Yarosh had
won, an apparent attempt to cast doubt on the election of the real
winner, the politically moderate chocolate magnate Petro Poroshenko.
The next morning, the election commission was hit with a third and
final attack, this time a punishing wave of junk traffic designed to keep
its servers off-line and prevent them from confirming the legitimate
results. (The CyberBerkut hackers would be revealed years later to be
linked with the Russian hacker group Fancy Bear that meddled in U.S.
elections, too.)
That election trickery was the prelude to a far wider digital barrage,
destroying thousands of computers and paralyzing victim
organizations. By the time I visited Kiev in early 2017, practically every
strata of Ukrainian society was being hit in successive waves of
coordinated hacker sabotage: media, energy, transportation, finance,
government, and military. “You can’t really find a space in Ukraine
where there hasn’t been an attack,” Kenneth Geers, a NATO
ambassador who focuses on cybersecurity, told me at the time. “Turn
over every rock, and you’ll find a computer network operation.”
When I spoke to former president Yushchenko on the phone later
that year, he argued that Russia’s tactics, online and off, have one
single aim: “to destabilize the situation in Ukraine, to make its
government look incompetent and vulnerable.” He lumped the
cyberattacks together with the Russian disinformation flooding
Ukraine’s media, the terroristic fighting in the east of the country, and
his own poisoning years earlier—all underhanded moves aimed at
pulling Ukraine to the east or painting it as a broken nation. “Russia
will never accept Ukraine being a sovereign and independent country,”
he told me. “Twenty-five years since the Soviet collapse, Russia is still
sick with this imperialistic syndrome.”
Putin’s fixation on Ukraine no doubt includes economic jealousy of
its position as a lucrative pipeline route to Europe and its access to
warm-water ports. But foreign policy analysts argued that Putin wasn’t
necessarily seeking to somehow reintegrate his Little Russia into the
Kremlin’s empire. Instead, he hoped to create a “frozen conflict”: By
taking enough Ukrainian territory to lock it into a permanent war,
Russia sought to prevent the country from being welcomed into the
European Union or NATO, instead pinning it in place as a strategic
buffer between Moscow and the West.
But in my conversation with Yushchenko, he also insisted on
another, less explained and more foreboding point: that Russia’s
attacks on Ukraine, whether they’re carried out with destructive
malware or Buk missiles, shouldn’t be seen as Ukraine’s problem
alone. Russia’s aggression against its neighbor reveals a dark
playbook, he insisted, one that would sooner or later spread to the rest
of the globe. [nope, I disagree, every move by Russia is a defensive one, just because America has an open door policy when it comes to borders, does not mean Russia has to handle the situation in kind, when it comes to it's border. [This is the part of Russia's reality the west will not acknowledge dc ]
“The question is not for whom the bell tolls,” Yushchenko warned.
“The bell tolls for us all. This is a threat to every country in the world.”
🔗🔎🔗
In late November 2015, as the pace of the digital blitzkrieg against
Ukraine was accelerating, John Hultquist was invited to give a briefing
at the Pentagon, a rare chance to win contracts and bend the ear of the
world’s most powerful military. He sat down among intelligence
officials at a conference table in the most senior officer’s medal adorned office, deep in the gargantuan building.
When it came to his turn to speak, Hultquist wasted no time
introducing his favorite subject. He gave the elevator-pitch version of
Sandworm’s history: Russian fingerprints, dangerous sophistication,
targets stretching from Poland to the United States but clustering in
Ukraine, with a disturbing focus on critical infrastructure. He noted
that Russia’s actual, ongoing war with Ukraine was heating up and
that it had increasingly metastasized from physical invasion to
disruptive digital attacks on everything from media firms to
government agencies. Pro-Ukrainian activists had retaliated against
Russia with a lower-tech form of sabotage, tearing down pylons that
supplied electricity to the Crimean peninsula, throwing the territory
Russia had seized into a mass blackout. Putin, of course, blamed the
Ukrainian government for the sabotage.
With all those elements aligning, Hultquist went on to predict that
Russia’s hackers were about to carry out a form of attack that had
never before occurred in the history of cybersecurity. “I think there’s a
good chance,” he told the Pentagon officials, “that they’re going to try
to turn out the lights.”
The military audience seemed to acknowledge his warning,
Hultquist remembers. But there were myriad other trouble spots
across an internet crawling with potential threats, and so the meeting
moved on. “To be honest,” Hultquist says, “I don’t think it really sunk
in at all.”
8
BLACKOUT
At first, Robert Lee blamed the squirrels.
It was Christmas Eve 2015—and also, as it happened, the day before
Lee was set to be married in his hometown of Cullman, Alabama. A
barrel-chested, bearded, and redheaded twenty-seven-year-old, Lee
had recently left a high-level job at the NSA, where he’d led a team of
analysts focused on a unique mission: tracking hackers who
threatened critical infrastructure. Now he was settling down to launch
his own security start-up and marry the Dutch girlfriend he’d met
while stationed abroad.
As Lee busied himself with wedding preparations, he saw news
reports that immediately distracted him from his matrimonial duties.
Hackers had just taken down a power grid in western Ukraine, the
headlines on his phone’s screen read. A significant swath of the
country had apparently gone dark for six hours. After the initial wave
of adrenaline passed, Lee’s natural skepticism kicked in. He
remembered this was probably just more media hype; he had other
things on his mind, and he’d heard spurious claims of hacked grids
plenty of times before. The cause was usually a rodent or a bird; the
notion that squirrels represented a greater threat to the power grid
than hackers had become a running joke in the industry.
The next day, however, just before the wedding itself, Lee received a
text message that dragged the incident back into his awareness. It
came from Mike Assante, the director of industrial control systems
security at the SANS Institute, an elite cybersecurity training center
where Lee also taught courses. A message from Assante, for Lee, held
far more weight than any news outlet: When it comes to digital threats
affecting power grids, Assante was one of the most respected experts
in the world. And he was telling Lee that the Ukraine blackout hack
looked like the real thing.
Lee cleared the messages from his phone and tried to focus on his
wedding. But moments after he had said his vows and kissed his bride,
a contact in Ukraine pinged him: The blackout hack was real, the man
said, and he needed Lee’s help.
Lee had spent his career preparing for this moment. At the NSA,
he’d devoted years to tracking the rare, sophisticated hacker teams
that targeted power grids, pipelines, and water systems, priding
himself on protecting the most fundamental underpinnings of
civilization. He’d briefed the government’s most senior officials on
those threats. He’d gone so far as to build mock-ups of industrial
control systems for testing in his own basement. Now, with absurdly
bad timing, the historic milestone he’d anticipated for years seemed to
have finally arrived: the first-known case of an actual hacker-induced
blackout.
There was hardly a choice to be made. He skipped out on not only
Christmas with his family but also his own wedding reception, found a
quiet corner of the room, and began to text with Assante about the
details of the Ukrainian power grid attack.
Still in his wedding suit, Lee eventually retreated to his mother’s
desktop computer in his parents’ nearby home. Working in tandem
with Assante, who had pulled out his laptop and hidden in the corner
of a friend’s Christmas party in rural Idaho, they examined maps of
Ukraine and a chart of its power grid. The three power companies’
substations that had been hit were in different regions of the country,
hundreds of miles from one another, and unconnected. “This was not a
squirrel,” Lee concluded with a dark thrill.
By that night, Lee was busy dissecting the KillDisk malware his
Ukrainian contact had sent him from the hacked power companies,
much as Yasinsky had done after the StarLightMedia hack months
before. “I have a very patient wife,” Lee says of his decision to spend
his wedding night in front of a computer.
Over the next few days, he received from his Ukrainian contact
another sample of code and forensic data from the attacks. Pulling it
apart, Lee saw how the intrusion had started. It began with a phishing
email impersonating a message from the Ukrainian parliament. A
malicious Word attachment had silently run a script known as a
macro, a little program hidden inside the document, on the victims’
machines.
The effect was the same as the zero-day technique iSight had first
found Sandworm using in its infected Microsoft PowerPoint
documents in 2014, but with a new trade-off: Without the zero day,
the victims had to be tricked into clicking a button to allow the script
to run. Until they clicked, the document would appear to be missing
content or broken, so most users unthinkingly clicked to load it. But by
using a simpler replacement for their zero-day technique, the hackers
had been able to operate much less conspicuously, and their attack
didn’t depend on keeping a rare vulnerability secret from Microsoft.
The Word script had planted an infection of BlackEnergy, the piece
of malware that had by now become practically the official national
disease of Ukrainian IT networks. From that foothold, it appeared, the
hackers had spread through the power companies’ systems and
eventually compromised a virtual private network, a tool the
companies had used for remote access to their systems—including the
highly specialized industrial control software that gives operators
command over equipment like circuit breakers.
Looking at the attackers’ methods and their use of BlackEnergy, Lee
began to make connections to iSight’s earlier findings and others from
his time at NSA. This was the work of Sandworm, he was sure of it.
After years of lurking, spying, building their capabilities, and
performing reconnaissance work, Sandworm had taken the step that
no other hackers had ever dared to: They’d caused an actual blackout,
indiscriminately disrupting the physical infrastructure of hundreds of
thousands of civilians.
For Lee, the pieces came together: Yes, the Sandworm connection
meant the blackout was very likely a Russian attack, targeting Russia’s
preferred victim, Ukraine. But as he followed the known history of
Sandworm to its conclusion, he was reminded that ICS-CERT had
blamed the group for BlackEnergy infections on U.S. critical
infrastructure networks, too. In other words, the same group that had
just snuffed out the lights for nearly a quarter of a million Ukrainians
had only a year before infected the computers of American electric
utilities with the very same malware.
In Lee’s mind, alarms went off. The Ukraine attack represented
something more than a faraway foreign case study. “An adversary that
had already targeted American energy utilities had crossed the line
and taken down a power grid,” Lee says. “It was an imminent threat to
the United States.”
᧗᧗᧗
Lee had long preached a simple rule. “No one should be messing with
civilian industrial control systems,” he says. “Never.”
Cyberattacks on nonmilitary, physical infrastructure, Lee believed,
were a class of weapon that ought to be considered, along with cluster
bombs and biological weapons, simply too dangerous and
uncontrollable for any ethical nation to wield. After all, not every
hacker attack on a power grid could necessarily be remedied in a mere
six hours, nor would the attackers know, in some cases, the extent of
the damage they were inflicting.
Lee had spent years thinking through
the potential knock-on effects of cyberattacks on critical
infrastructure, and his nightmare scenario was hacker-induced
blackouts that lasted weeks or even a month, long enough that their
consequences were unpredictable and might include crippling
hospitals, manufacturing, or food distribution. “You risk collateral
damage that’s not even humane,” Lee argues. “This is exactly the sort
of damage that we’ve tried through international conventions and
norms to do away with in other fields of conflict.”
His imagined ban on infrastructure-targeted hacking was a
surprisingly dovish take for someone who had practically been born
into the military. One of Lee’s grandfathers had been a World War II
radio operator. The other had been a Green Beret. Both his parents,
when he was growing up in Alabama, were U.S. Air Force enlisted
personnel; his father had fought in Vietnam, and shortly after Lee was
born, his mother and father had both served in Operation Desert
Storm, with his mother deployed stateside to take care of Lee and his
sisters. When he was a young teenager, she’d deployed again in the
wars in Iraq and Afghanistan, coordinating C-17 transport planes from
a base in Illinois.
Lee’s father, who was ten years older than his mother, had received
a Bronze Star in Vietnam, though he’d never told Lee what exactly he’d
done to earn it. In Iraq, he worked as an air force loadmaster,
responsible for, among other things, arranging all the ordnance that
military aircraft would drop onto targets. Lee remembers his father
showing him photographs of bombs on which he’d scrawled out a
message: “To Saddam, from the Lees.”
But Lee himself took a different path. After enrolling in the U.S. Air
Force Academy—his father tricked him into it, he says, by telling him
he’d never be accepted—he found himself less interested in the endless
engineering and physics courses than he was in African studies. He
spent one summer on a humanitarian mission to Cameroon, working
with an NGO there focused on renewable energy and water supplies.
They’d travel across the countryside, sleeping in the locals’ villages,
eating meals of fish and a starchy cake called fufu, and setting up
simple water filtration systems and solar energy collectors.
Lee had never been much of a technology nerd. He’d played video
games and built computers like other kids but never learned to
program. In Cameroon, however, he became fascinated by control
systems. A basic programmable logic controller, he found, made the
machines he was installing vastly more efficient. The book-sized gray
boxes with a few blinking lights, sold by companies like Siemens and
Rockwell Automation, would allow him to program the solar-powered
water filtration systems he’d place in streams so that they could swap
their own filters with no manual intervention. Or the same controllers
could be programmed to charge a series of car batteries attached to
solar panels or wind turbines. That meant more clean water or more
energy to power the LED lamps they’d give the villagers, and thus
more hours of light each day, real improvements in human lives.
Lee began to see those programmable logic controllers, digital
brains capable of altering the physical world around them, as
fundamental building blocks of infrastructure and economic
development. “I thought, I can teach you how to create energy and
power your village. That’s civilization changing,” he says. “I saw
control systems as the route to change.”
♻♻♻
When Lee graduated from the U.S. Air Force Academy in 2010, he was
sent to Keesler Air Force Base in Biloxi, Mississippi, to train as a
communications officer. The air force, at the time, was just beginning
to take cybersecurity seriously and lumped the new discipline in with
that broader category of education. It was there that Lee learned the
hacker basics: network analysis, forensics, exercises in “blue team”
defense and “red team” attack.
But when it came to courses on control systems and their security,
Lee found that his instructors often knew less about that little understood computing niche than he had learned from his own handson time programming controller devices himself.
Then, during Lee’s time at Keesler, he suddenly found that his niche
interest was at the center of a buzzing new field of conflict: A
mysterious piece of malware called Stuxnet had begun to appear in
thousands of computers across the Middle East and South Asia. No
one knew what exactly it was designed to do. But the worm seemed to
have the ability to meddle with programmable logic controllers,
something no one had ever seen before. (Like most of the rest of the
world, Lee didn’t yet know that Stuxnet was, in fact, an American
creation. It had been built by Lee’s future employers at the NSA along
with Israeli intelligence and aimed directly at destroying equipment in
Iranian nuclear enrichment facilities, an act that would mark a new
era of cyberwar. But we’ll get to that.)
Lee was, at the time, offended by the mere notion of malware
capable of attacking physical infrastructure. “Here some asshole had
targeted control systems,” he remembers thinking. “The path to
making the world a better place was control systems. Someone was
jeopardizing that, and it pissed me off.”
As more information about Stuxnet trickled out to the public, Lee’s
interest in industrial control system security was elevated to an
obsession. He’d spend his time between classes reading every
document he could find on the subject. Soon he managed to track
down a friendly nuclear scientist at Oak Ridge National Laboratory
whom he’d call repeatedly, grilling him over a classified line about the
minutiae of programmable logic controllers and the latest findings
about the first-ever specimen of malware designed to corrupt them.
Eventually, Lee says, his views of that malware would shift as it
became clearer that the code had been designed for a pinpoint strike
on a single Iranian complex in Natanz, one that might serve as a key
component of Iran’s efforts to obtain a nuclear weapon. But in the
meantime, he had somehow become the closest thing to an expert on
industrial control system security at Keesler Air Force Base. He found
himself teaching other students and occasionally even briefing visiting
generals.
At the end of his training, Lee took a position with an intelligence
unit at Ramstein Air Base in Germany. Exactly what he did in that first
real air force job remains obscured by the increasingly secret nature of
his classified work. But he hints that the unit was engaged in
intelligence missions for the war on terror, carried out by remotely
piloted vehicles like the Global Hawk and Predator drones. Lee
focused his work on the security of those vehicles’ control systems.
Within months, however, he was noticed by a different agency that
would fundamentally redirect his career: the NSA.
Lee had barely settled in at Ramstein when he was ordered to move
to a facility elsewhere in Germany.*
The small NSA department in
which Lee found himself had a strange and exhilarating mission. Fort
Meade, the massive NSA headquarters in Maryland, already had well resourced teams assigned to practically every known threat to
American national security. His field unit of around a hundred people
was given the remit to function independently, thinking outside that
massive organization’s existing patterns of thought—to look where the
rest of the NSA wasn’t looking. “It was our job to find ‘unknown
unknowns,’ ” Lee says.
* Though Lee declined to say more about this base, all signs point to the Dagger Complex in Darmstadt. That NSA outpost resides on a small U.S. Army base in the west of the country whose role as an intelligence operation was at the time secret and would only later be revealed in the classified documents leaked by the NSA whistle-blower Edward Snowden.
Naturally, Lee began asking around about who in the NSA was
responsible for tracking hackers that threatened the security of
industrial control systems. He was shocked to discover there was no
devoted group with that mission. The NSA had teams tasked with
finding and fixing vulnerabilities in industrial control system
equipment. It had, as Stuxnet would expose, its own offensive teams
that invented infrastructure exploitation techniques. It didn’t,
however, have a team assigned exclusively to hunting the enemy’s
infrastructure-focused hackers.
So Lee offered to build one. He was amazed at how little
bureaucracy he confronted; creating the agency’s first industrial
control system threat intelligence team required filling out one form,
he remembers. “So I became the lead of all of industrial control system
threat discovery for NSA overnight,” Lee says.
He was twenty-two years old. “Pretty fucked-up, isn’t it?”
.
9
THE DELEGATION
Rob Lee describes starting his job at the NSA as something like
connecting his brain to a vast, ultra-intelligent hive mind.
Suddenly he had access to not only expert colleagues but the
agency’s corpus of classified knowledge, as well as its vast intelligence
collection abilities. Lee, of course, says little about the details of where
that intelligence came from. But thanks in part to Edward Snowden,
we know that it included a broad array of secret data-gathering tools,
labeled broadly as “signals intelligence,” or “sigint,” that ranged from
the ability to siphon vast quantities of raw internet data from undersea
cables to hacking enemy systems administrators and looking over
their shoulders at private networks. “When you’re given access to
essentially the entirety of the U.S. sigint system and then surrounded
with the smartest people doing this on the planet, you get spun up
pretty quickly,” Lee says.
For the next four years, he and a small team of around six analysts
spent every working hour tracking the burgeoning, post-Stuxnet world
of industrial control system hackers. “Every day was hypothesis-driven
hunting. We’d ask ourselves, if I were the adversary, what would I do
to break into industrial control systems? Then we’d go search for that
out in the world,” Lee says. “We quickly went past any human
knowledge of how to do this stuff and had to come up with our own
models and methods and training.” Soon he was writing reports on
new critical infrastructure-hacking threats that found their way to the
desk of President Obama and briefing the director of the NSA, Keith
Alexander.
Lee refuses to talk about the details of his team’s findings. But he
hints that they’d uncover new, active industrial control system hacking
operations being carried out by foreign governments as often as once a
week. Only a small fraction of those hacking teams were ever
identified in the media. (He’s careful, however, to describe the
operations his team tracked during that period only as “targeting”
industrial control systems. Lee won’t say how many—if any—ever
followed in Stuxnet’s footsteps and crossed the line to disrupting or
destroying physical equipment.)
Even as his team built a global view of an internet roiling with
threats to critical infrastructure, Lee notes that he remembers
Sandworm stood out. He marked it early as a uniquely dangerous
actor. “I can confirm that we knew about them and tracked them,” he
says, choosing his words cautiously. “And I found them to be
particularly aggressive compared to the other threats we were seeing.”
Then, in 2014, Lee’s dream job abruptly ended. As a fast-rising and
sometimes brash upstart, he’d never been particularly compliant with
the military’s strict adherence to rank. The NSA’s relatively
freewheeling culture had unshackled him from that system. But he was
still frustrated by the treatment of air force recruits, who’d sometimes
cycle into his unit at the NSA, show real talent, and then suddenly be
pulled out again to perform more menial tasks befitting their low rank.
So Lee spoke out, writing a strongly worded article in the military
magazine Signal titled “The Failing of Air Force Cyber.” His
unvarnished opinion piece accused the air force of incompetence in
cybersecurity and railed against the bureaucratic dogma of rank that
had stifled improvement and wasted intellectual resources.
Lee hadn’t bargained for the blowback or fully considered that he
was still beholden to the same rank structure that he was attacking.
Not long after his Signal piece was published, Lee discovered he had
been reassigned, pulled out of his hacker-hunting team and back to an
air force intelligence unit.
Back in that starched-collar military hierarchy, Lee bristled at his
subordination to officers who he felt lacked the expertise he’d gained
at the NSA. Worse, he had now been assigned to a team that sat on the
other end of the game. He was part of a U.S. Air Force squadron based
in Texas, responsible not for cybersecurity but for cyberattack. In
other words, he now had orders to engage in exactly the sort of
infrastructure hacking that he considered unconscionable. Just four
years after first discovering that “some asshole” was targeting
industrial control systems, he was that asshole.
He stayed for one unhappy year of highly classified work, then
persuaded one of his commanders to let him resign, a nearly
unthinkable move in a family of air force lifers. Lee says he wept as he
walked out of the base on his last day as an air force officer.
It was 2015. That fall, Lee left Texas and moved to Maryland to
attempt to re-create his NSA dream team in the private sector. Not
long after, Christmas arrived. And with it, Sandworm reentered his
life.
Despite his years working in one of the world’s most secretive
agencies, discretion had never been Lee’s strong suit. Shortly after his
abbreviated Christmas wedding, he’d linked the Ukrainian blackouts
to an active hacker group, one that had already probed U.S.
infrastructure, no less. And for the first time in his career, he was no
longer bound by security clearances to keep that information hidden.
He was immediately determined to warn the world.
In just the days before the New Year, Lee, Mike Assante, and
another SANS researcher named Tim Conway had pieced together the
broad strokes of the Ukrainian attack. Lee wanted to release it all. “By
the twenty-ninth of December, we knew the public needed to know,”
he says.
Despite the hints that Sandworm was behind the blackout, Assante
thought it was too early to start publicly blaming the attack on any
particular hacker group—not to mention a government. The three men
agreed that Assante should write a blog post delicately addressing the
attack without revealing too many details, to get ahead of any media
reports that might hype up or misrepresent the story.
The next day, they published a circumspect post on the SANS
website, with Assante’s byline: “A small number of sources in Russia
and Ukraine indicate the electrical outage was caused by a cyber
attack, specifically a virus from an outside source,” it read. “I am
skeptical as the referenced outage has been hard to substantiate.”
Just two days later, on New Year’s Day, however, Lee went ahead
with his own blog post, discussing for the first time the BlackEnergy
malware sample he’d obtained. The post still took a cautious approach,
but it dropped hints at a conclusion. “The Ukrainian power outage is
more likely to have been caused by a cyber attack than previously
thought,” he wrote. “Early reporting was not conclusive but a sample
of malware taken from the network bolsters the claims.” Lee says his
intention was, in the least alarmist tone he could muster, to make clear
to U.S. power companies that they should check their networks
immediately for BlackEnergy infections that might be footholds for
Sandworm.
For the next week, Lee, Assante, and Conway continued to exchange
intelligence about the attack with the Ukrainian government, the
Department of Homeland Security, and the Department of Energy.
But after eight days, when no U.S. officials had made any public
statement about the attack, they published another post under
Assante’s name that definitively confirmed the blackout had been a
cyberattack, naming BlackEnergy and KillDisk as tools used in the
attack, though not necessarily as the cause of the power outage. They
made plans to release a full report with the blow by blow of the attack
based on their analysis.
But at that point, to Lee’s immense frustration, a senior DHS
official told the SANS researchers to refrain from any further
revelations. The request to stand down was directed at Assante, who
still had deep government ties from years working at Idaho National
Laboratory and the North American Electric Reliability Corporation.
As the Obama administration’s cybersecurity coordinator
J. Michael Daniel would later describe it to me, the government
argued it wanted to give utilities a chance to address the problem
discreetly before it revealed anything about those utilities’
vulnerabilities in public, where it might tip off opportunistic hackers.
But Lee was furious: He instead saw the delay as bureaucratic foot dragging.
In the days that followed, the SANS researchers and the agency
officials came to a compromise over Lee’s objections. They’d assemble
a fact-finding trip that would travel to Ukraine, meet with the electric
utilities that had been victims of the attacks, and put together both
classified reports for the government and unclassified reports for the
public. Until then, everyone would keep quiet.
Assante and Conway were invited to join the delegation. Lee, whom
officials had by then deemed a problematic hothead, was not.
🎥🎇🎥
A few weeks later, the team of Americans arrived in Kiev on a bright,
freezing winter day. They assembled at the Hyatt, a block from the
golden dome of the thousand-year-old St. Sophia Cathedral and just
down the street from the Maidan. Among them were staff from the
FBI, the Department of Energy, the Department of Homeland
Security, and the North American Electric Reliability Corporation—the
body responsible for the stability of the U.S. grid—as well as SANS’s
Assante and Conway, all assigned to learn the full truth of the
Ukrainian blackout.
On that first day, the group gathered in a sterile hotel conference
room with the staff of Kyivoblenergo, Kiev’s regional power
distribution company and one of the three victims of the power grid
attacks. Over the next several hours, the Ukrainian company’s stoic
execs and engineers laid out the timeline of a ruthless, cunning raid on
their network.
As Lee and Assante had noticed, the malware that infected the
energy companies hadn’t contained any commands capable of actually
controlling the circuit breakers. Yet on the afternoon of December 23,
Kyivoblenergo employees had watched helplessly as circuit after
circuit was opened in dozens of substations across a Massachusetts sized region of central Ukraine, seemingly commanded by computers
on their network that they couldn’t see. In fact, Kyivoblenergo’s
engineers determined that the attackers had set up their own perfectly
configured copy of the control software on a PC in a faraway facility
and then had used that rogue clone to send the commands that cut the
power.
Once the circuit breakers were open and the power for tens of
thousands of Ukrainians had gone dead, the hackers launched another
phase of the attack. They’d overwritten the obscure code of the
substations’ serial-to-ethernet converters, tiny boxes in the stations’
server closets that translated modern internet communications into a
form that could be interpreted by older equipment. By hacking those
chunks of hardware, the intruders had permanently bricked the
devices, shutting out the legitimate operators from further digital
control of the breakers.
The serial-to-ethernet converter trick alone would have taken weeks
to devise, Assante thought to himself. Sitting at the conference room
table, he marveled at the thoroughness of the operation.
The hackers also left one of their usual calling cards, running
KillDisk to destroy a handful of the company’s PCs. Then came the
most vicious element of the attack: When the electricity was cut to the
region, the stations themselves also lost power. Control stations have
backup batteries for just such an occasion, but the hackers had turned
them off, throwing the utility operators into darkness in the midst of
their crisis and slowing their recovery efforts. With utmost precision,
the hackers had engineered a blackout within a blackout.
“The message was, ‘I’m going to make you feel this everywhere.’
Boom boom boom boom boom boom boom,” Assante says, imagining
the attack from the perspective of a bewildered grid operator. “These
attackers must have seemed like they were gods.”
That night, for the next leg of their trip, the team boarded a flight to
the western Ukrainian city of Ivano-Frankivsk, at the foot of the
Carpathian Mountains, arriving at its tiny Soviet-era airport in the
midst of a snowstorm. The next morning they visited the headquarters
of Prykarpattyaoblenergo, the power company that had taken the
brunt of the pre-Christmas attack.
The power company executives politely welcomed the Americans
into their modern building, which sat under the looming smokestacks
of the abandoned coal power plant in the same complex. Then they
invited them into their boardroom, seating them at a long wooden
table beneath an oil painting of the aftermath of a medieval battle.
The attack the Prykarpattyaoblenergo executives described was
almost identical to the one that hit Kyivoblenergo: BlackEnergy,
corrupted firmware, disrupted backup power systems, KillDisk. But in
this operation, the attackers had taken another step, bombarding the
company’s call centers with fake phone calls—either to obscure
customers’ warnings of the power outage or simply to add another
layer of chaos and humiliation. It was as if the hackers were
determined to impress an audience with the full array of their
capabilities or to test the range of their arsenal.
There was another difference from the other utility attacks, too.
When the Americans asked whether, as in the Kiev region, cloned
control software had sent the commands that shut off the power, the
Prykarpattyaoblenergo engineers said no, that their circuit breakers
had been opened by another method.
At this point in the meeting, the company’s technical director, a tall,
serious man with black hair and ice-blue eyes, cut in. Rather than try
to explain the hackers’ methods to the Americans through a translator,
he offered to show them. He clicked “play” on a video he’d recorded
himself on his battered iPhone 5s.
The fifty-six-second clip showed a cursor moving around the screen
of one of the computers in the company’s control room. The pointer
glides to the icon for one of the breakers and clicks a command to
open it. The video pans from the computer’s Samsung monitor to its
mouse, which hasn’t budged. Then it shows the cursor moving again,
seemingly of its own accord, hovering over a breaker and attempting
again to cut its flow of power as the engineers in the room ask one
another who’s controlling it.
The hackers hadn’t sent their blackout commands from automated
malware, or even a cloned machine, as they’d done at Kyivoblenergo.
Instead, they’d exploited the company’s IT help-desk tool to take
direct control of the mouse movements of the stations’ operators.
They’d locked the operators out of their own user interface. And before
their eyes, phantom hands had clicked through dozens of breakers—
each serving power to a different swath of the region—and one by one
by one, turned them cold.
next
part 2
Origins-75s
FAIR USE NOTICE
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. As a journalist, I am making such material available in my efforts to advance understanding of artistic, cultural, historic, religious and political issues. I believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law.
In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Copyrighted material can be removed on the request of the owner.
No comments:
Post a Comment