Ukraine power grid was black: the murderer who is? -Grid hackers-IT information

On March 27, the afternoon of December 23, 2015, two days before Christmas, Ukraine's capital Kiev, some regions and Ukraine the 1.4 million residents of the West suddenly discovered the blackout. This power not because of power shortages, but has been hacked.

Hackers use deception to make the power company employee downloads a malicious software "BlackEnergy" (dark). The malicious software dating back to 2007, Russia underground hacker organizations in the development and widespread use, including for "fishing expeditions" global power company.

The same day, hackers attacked about 60 substations. Hackers first operation malicious software will power the company's master computer and substation disconnected and later implanted in the system virus, were all paralysed by computer. Meanwhile, the hacker also jamming the telephone communications of the power companies, led to residents affected by the power outages and power companies to contact.

Ukraine Government said this is the first large-scale power failures caused by the hacking, and pointed the finger at Russia, saying Russia hacker should be responsible for the incident. But the United States air force "cyber-warfare" (cyberwarfare) officials before Robert Lee (Robert Lee) to doubt, that at this time recognized Ukraine Government is too early to judge. As before, only had two devastating attacks by hackers of critical infrastructure incidents. Therefore, he needs evidence.

At that time, luobote·lizheng in preparation for Christmas, Alabama wedding. As the investigations staff, Lee and United States security other colleagues with Ukraine contact network security personnel, to help them to restore power as soon as possible.

In an assessment of the existing information, and analyzes the network control system, Lee first discovered malicious software "BlackEnergy." It soon became clear: it was a hacker attack, although Lee did not point the finger at Russia. Lee said: "this type of malware so I was shocked, it was then to coordination. Before we see malware that looks like an intelligence, and this one is like a military attack. It also sounded the alarm for us. ”

The event makes Lee realize, not long ago to make that decision is the right career choice. Ukraine power grid suffered a hacker attack prior to the summer of 2015, Lee from the United States Air Force resigned, become full-time CEO Dragos Security. Dragos Security is Lee August 2013 to create a network security company, CyberLens its software products to remind operators not to neglect their networks in industrial control systems appear on someone or something.

An intruder everywhere: last December, a report showed October 2014 to September 2015, the United States took 295 cases of invasion hacker attack critical infrastructure, such as airports, tunnels and refineries, up from 245 in the same period a year earlier. Also, expect there were many attacks is not exposed.

Traditional Internet security software, industrial safety is still a blind spot in the field. Industrial control systems and IT is very different, for security software is concerned, must be able to understand the old and esoteric language of communication written by a large number of commands. And CyberLens will be able to do that, it deployed in the customer network at the gateway, to record what's happening online behavior, and detect abnormal behavior,

As Ukraine network hacking such events help to promote the development of industrial network security market. It is expected that the market will reach $ 8 billion this year, and 2019 would reach 11 billion dollars.

Dragos Security's main competitors in the field include Israel company Indegy from Israel's defence research agency Talpiot created three alumni of the elite military Academy, areas of investment include the well-known investors, shiluomo·keleimo (Shlomo Kramer). Indegy in 2014, raised $ 6 million, currently has 10~20 industrial customers, distribution in the oil, gas, chemical manufacturing and electric power facilities and other areas.

Lee has repeatedly refused to risk the company's investment intention, between 6 million to 11 million dollars investment, 28 years old, he hopes the company can remain independent operations, maintenance free. This year, Lee has also appeared in the Forbes list of innovators under 30 years old.

Dragos Security currently has 18 clients, including large, important public sector network security company, as well as oil and gas companies. Lee did not disclose the company's revenue, but said: "we have adequate cash flow, we have no loans, nor does it accept investment and marketing costs to zero, we very satisfied with the status quo. ”

Network monitoring is only one step in the protection of critical infrastructure in the process operators also must be able to identify malicious software and codes of behavior, and block. Currently, Russia's Kaspersky (Kaspersky Lab), Intel's McAfee and General Electric have provided the solution.

Eventually, the security software will be able to predict how the attack will occur, but the technology is still in its early release. United States Department of energy's Oak Ridge National Laboratory (Oak Ridge National Lab) has developed a named "Hyperion" tool before the malware runs, will be able to detect malicious software what to do. Last year, Hyperion has been licensed to a private consulting firm, is expected shortly after the listing.

Dragos Security scale may be low, but Lee's experience is very rich. He is a graduate of United States Air Force Academy, followed by the army. Later was sent to Germany, responsible for the air force UAV study on network security. At that time, the United States Central Intelligence Agency (CIA) a surveillance drone in Iran were missing. Lee didn't know exactly what had happened, nor provide detailed information, but it sparked his interest in UAVs.

In this regard, the United States and Iran has not issued an official statement, but media reported that Iran fooled the drone using GPS jamming technology and its landing. Maybe there are other drones also suffered the same fate. Lee said: "many times, we lost a drone, and you don't know exactly what happened. ”

Later, Lee was transferred to in Germany another Intelligence Agency, helped the Pentagon understand a State-sponsored hackers will attack United States. Then Lee reached a correct judgment: "our enemies to attack our critical infrastructure. ”

King's College, University of London (King's College London), Professor Thomas Reed (Thomas Rid) said: "working with Lee, as if it were with a small intelligence units in the partnership. ”

Lee could have served in the military, but in Germany met intelligence programmer Justin Pooh (Justin Cavinee) and qiaoen·lawende (Jon Lavender), invited the two men to develop CyberLens. With a hint of concern for national security, Lee wants to make every effort to protect United States core industrial facilities from hacker attacks.

In addition, as the new United States Security Center (Center for a New American Security) think-tank, Lee also expressed the hope that innovative ways, that the tax credits to encourage energy companies to increase network prevention efforts.

In addition, some States also sells software vulnerability exists, "gray market". Some vulnerabilities at $ 4000 sold it to the Government (an iPhone that could sell for us $ 1 million), for government departments to buy these loopholes for defensive purposes, in order to develop a patch.

But some critics, including Lee pointed out that Government departments are also often purchase these vulnerabilities for attack purposes. Even more dangerous is that if something like Ukraine network attack such a major event, and the lack of consistency in the global response. Lee said: "the things you let it be a be allowed to happen, it would be too dangerous. ”

乌克兰电网被黑事件：真凶到底是谁？ - 电网,黑客 - IT资讯

3月27日，2015年12月23日下午，也就是圣诞节的前两天，乌克兰首都基辅部分地区和乌克兰西部的140万名居民突然发现家中停电。这次停电不是因为电力短缺，而是遭到了黑客攻击。

黑客利用欺骗手段让电力公司员工下载了一款恶意软件“BlackEnergy”(黑暗力量)。该恶意软件最早可追溯到2007年，由俄罗斯地下黑客组织开发并广泛使用，包括用来“刺探”全球各国的电力公司。

当天，黑客攻击了约60座变电站。黑客首先操作恶意软件将电力公司的主控电脑与变电站断连，随后又在系统中植入病毒，让电脑全体瘫痪。与此同时，黑客还对电力公司的电话通讯进行了干扰，导致受到停电影响的居民无法和电力公司进行联系。

乌克兰政府当时称，这是首次由黑客攻击行为导致的大规模停电事件，并将矛头指向了俄罗斯，称俄罗斯黑客应对此次事件负责。但美国空军“网络战”(cyberwarfare)前官员战罗伯特·李(Robert Lee)对此持怀疑态度，认为此时就认可乌克兰政府的判断还为时尚早。因为在此之前，仅发生过两起关键基础设施遭到黑客破坏性攻击事件。因此，他需要证据。

当时，罗伯特·李正在亚拉巴马州筹备圣诞节婚礼。作为该事件的调查协助人员，罗伯特·李和美国网络安全界其他几位同事与乌克兰网络安全人员进行了联系，以帮助他们尽快恢复供电。

在评估了已有信息，并分析了电网控制系统之后，罗伯特·李率先发现了恶意软件“BlackEnergy”。很快真相大白：这确实是黑客攻击所致，尽管罗伯特·李并未将矛头指向俄罗斯。罗伯特·李说：“这款恶意软件让我大吃一惊，它是那么地协调。之前我们看到的恶意软件看起来像是情报，而这一次像是军事攻击。这也为我们敲响了警钟。”

该事件让罗伯特·李意识到，不久前自己做出的那个决定是正确的职业选择。就在乌克兰电网遭遇黑客攻击之前的2015年夏天，罗伯特·李从美国空军辞职，成为Dragos Security公司全职CEO。Dragos Security是罗伯特·李2013年8月创建的网络安全公司，其软件产品CyberLens旨在提醒工业控制系统运营商不要忽视其网络上出现的人或物。

入侵者无处不在：去年12月份的一份报告显示，2014年10月至2015年9月，美国发生了295起入侵关键基础设施的黑客攻击案件，如机场、隧道和炼油厂等，高于前一年同期的245起。而且，预计还有许多攻击事件并未曝光。

对于传统互联网安全软件而言，工业领域安全还是一个盲点。因为工业控制系统与一般IT系统存在很大的不同，对于安全软件而言，必须要能理解以陈旧和深奥通信语言所编写的大量命令。而CyberLens就能做到这一点，它部署在客户网络的网关处，能记录正在发生的网络行为，并检测到异常行为、

像乌克兰电网被黑客入侵这样的事件有助于推动工业网络安全市场的发展。据预计，今年该市场规模将达到80亿美元，而2019年将达到110亿美元。

Dragos Security在该领域的主要竞争对手包括以色列公司Indegy，由以色列国防部科研局Talpiot精英军校的三位校友创建，投资方包括该领域知名投资人什洛莫·克雷默(Shlomo Kramer)。Indegy在2014年融资600万美元，目前拥有10~20家工业客户，分布在石油、天然气、化学制造和电力设施等领域。

罗伯特·李多次拒绝了风险公司的投资意向，投资规模在600万至1100万美元之间，因为28岁的他希望能公司能保持独立运营，维护自由。今年，罗伯特·李还入选《福布斯》30岁以下创新者名单。

Dragos Security目前拥有18家客户，包括大型网络安全公司、重要公共事业部门，以及石油和天然气公司等。罗伯特·李并未透露公司的具体营收，只是称：“我们拥有充足的现金流，我们没有贷款，也未接受投资，营销费用为零，我们对现状十分满意。”

网络监控只是保护关键基础设中过程中的一个步骤，运营商还要能识别出恶意软件和代码的行为，并拦截。当前，俄罗斯的卡巴斯基(Kaspersky Lab)、英特尔的McAfee和通用电气等都在提供这样的解决方案。

最终，安全软件将能够预测攻击将怎样发生，但目前该技术尚处于初期发布阶段。美国能源部下属的橡树岭国家实验室(oak ridge national lab)开发出了一款名为“Hyperion”的工具，在恶意软件运行之前，就能检测到恶意软件要做什么。去年，Hyperion已被授权给一家私人咨询服务公司，预计不久后将上市。

Dragos Security的规模可能不大，但罗伯特·李的经验却十分丰富。他毕业于美国空军学院，随后入伍。后来被派往德国，负责空军无人机网络的安全研究工作。当时，美国中央情报局(CIA)的一家监测无人机在伊朗失踪。罗伯特·李虽然不知道究竟发生了什么，也不能提供详细的信息，但这却激发了他对无人机的兴趣。

对此，美国和伊朗并未发表官方声明，但有媒体报道称，伊朗利用GPS干扰技术骗过了无人机，并使其降落。也许还有其他一些无人机也遭遇同样的命运。罗伯特·李对此表示：“许多次，我们丢失了无人机，你也不知道究竟发生了什么。”

后来，罗伯特·李又被调往位于德国的另一个情报部门，帮助五角大楼了解一个由国家资助的黑客组织将何攻击美国。随后，罗伯特·李得出了一个正确的判断：“我们的敌人要攻击我们的关键基础设施。”

伦敦大学国王学院(King's College London)教授托马斯·里德(Thomas Rid)称：“与罗伯特·李共事，就好像是在与一个小型情报部门在合作。”

罗伯特·李本来可以留在军方任职，但在德国遇见情报机构程序师贾斯汀·卡维尼(Justin Cavinee)和乔恩·拉文德(Jon Lavender)后，便邀请二人开发CyberLens。带着对国家安全的一丝担忧，罗伯特·李希望尽全力来保护美国核心工业设施免遭黑客攻击。

此外，作为新美国安全中心(Center for a New American Security)的智囊团成员，罗伯特·李还希望通过创新的方式，即税收抵免来鼓励能源公司加大网络防范力度。

另外，一些国家还存在出售软件漏洞的“灰市”。一些漏洞最低4000美元就卖给政府(一个iPhone漏洞可能卖到100万美元)，政府部门购买这些漏洞一般出于防御目的，以便能开发出补丁程序。

但包括罗伯特·李在内的一些批评者指出，政府部门也经常是出于攻击目的而购买这些漏洞。更危险的是，如果发生了像乌克兰电网被攻击这样的重大事件，而又缺乏一致性全球应对。罗伯特·李说：“你让它成为了一件被允许发生的事情，那就太危险了。”