Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Russian hackers penetrated U.S. electricity grid through a utility in Vermont

By Juliet Eilperin and Adam Entous Washington Post

A code associated with the Russian hacking operation dubbed Grizzly Steppe by President Barack Obama’s administration has been detected within the system of a Vermont utility, according to U.S. officials.

While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the function of medical and emergency services.

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The penetration may have been designed to disrupt the utility’s operations or as a test by the Russians to see whether they could penetrate a portion of the grid.

This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the malware code used in Grizzly Steppe with executives from 16 different sectors nationwide, including the financial, utility and transportation industries, a senior administration official said. Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official added.

DHS and the FBI also posted information on the malware publicly Thursday as part of its joint analysis report, saying the Russian military and civilian services’ activity “is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.”

It is unclear which utility reported the incident. Officials from two major Vermont utilities, Green Mountain Power and Burlington Electric, could not be immediately reached for comment Friday. Vermont also has a wholesale distributor called VELCO, or Vermont Electric Power Company. In addition, there are smaller co-operative companies, such as Vermont Electric Co-op and Washington Electric Co-op, that are used primarily in rural areas and are connected to the statewide power grid.

According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords. Russian hackers obtained a raft of internal emails from the Democratic National Committee, which were later released by WikiLeaks during this year’s presidential campaign.

President-elect Donald Trump has repeatedly questioned the veracity of U.S. intelligence pointing to Russia’s responsibility for a series of cyber-intrusions in the run-up to the Nov. 8 U.S. election. He has also has spoken highly of Russian President Vladimir Putin, despite President Obama’s suggestion that the approval for the cyber operations came from the highest levels of the Kremlin.

Obama has been criticized by lawmakers from both parties for not retaliating against Russia before the election. But officials said the president was concerned U.S. countermeasures could prompt a wider effort by Moscow to disrupt vote counting on Election Day, potentially leading to a wider conflict.

Officials said Obama was also concerned taking retaliatory action before the election would be perceived as an effort to help the campaign of Democratic presidential nominee Hillary Clinton.

On Thursday, when President Obama announced a series of new economic sanctions against Russia and the expulsion of 35 Russian officials from the U.S. in retaliation for what he said was a deliberate attempt to interfere with America’s election, Trump told reporters, “It’s time for our country to move on to bigger and better things.”

Trump has agreed to meet with U.S. intelligence officials next week to discuss allegations surrounding Russia’s cyber activity.

The Russians have been accused in the past of launching a cyberattack on Ukraine’s electrical grid, something they have denied. Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power grid, causing a blackout in part of the Ukrainian capital. On Thursday, Ukranian President Petro Poroshenko accused Russian of waging a cyber war on his country that has entailed 6,500 attacks against Ukranian state institutions over the past two months.

Representatives for DOE and DHS declined to comment on the matter Friday.