Who Was Behind the Ukraine Power Grid Hack? | Cyberwar

Who Was Behind the Ukraine Power Grid Hack? | Cyberwar

a country torn [Music] apart a Cyber attack knocks out the power so while The Operators are trying to recover they’re also dealing with the fact that all their systems are going down Ukraine blames the Russian government and the conflict moves online Rian war against a criminal Russian government [Music] that’s popping up when I reported from the front lines in eastern Ukraine for vice I saw firsthand the Raging war between russian-backed separatists and ukra military since 2013 Ukraine has been in a state of turmoil that’s when protests broke out against the pro-russian government which led Ukraine’s president to skip the country then Russia invaded and annexed the Ukrainian territory of Crimea while Russian back separatists started Waging War in eastern Ukraine but on December 23rd 2015 a new front in the conflict may have opened up online that day hackers attacked three power companies known as oand N Go in Western Ukraine it’s the first known Cyber attack that caused outages in a nation’s power grid and it left at least a quarter of a million people in the dark the city of Ivan frankis was one of the ones hit the operators of the control center agreed to walk me through what happened that [Music] day this is this bat room control room right thank you bdon suuk is a deputy director of the control room which remotely controls dozens of substations around the region when did you realized that you were under Cyber attack that it was not just some equipment level mishap that it was in fact some sort of attacker penetrating your network Vladimir fedck is the deputy director of it at the power company uh as Vladimir and his team tried to figure out what was happening substations controlled by the utility started shutting down one by one it happened in the middle of the day and as the power went out residents had no way of knowing this wasn’t a regular outage and they were actually in the middle of a very sophisticated Cyber attack with the grid unplugged to prevent more outages workers at the power company realized the only way to restore power was to physically drive out to the individual substations and switch the power on manually Ur toine was on duty that day so we’re going to one of the substations that was actually attacked and taken out yeah and did you have to physically go turn it back on yes so there’s 35,000 volts over there yeah and if I get how close 60 cm 60 cm bye-bye yeah bye-bye so this is what you had to do in De yeah we should to open this [Applause] and I’m going to stay close to you so that’s the they switch of this equipment as they Swit show that equipment so this substation and two Transformer was without electricity wow and this area or area was without El electricity yeah open this box and press this button to turn it back on yeah it’s more than 25,000 people wow and that’s just from this one substation dozens of substations across the region went dark the outages lasted less than a day but it took months for the power companies to get back to normal I also learned that at least one facility was attacked but managed to keep the lights on and there are likely even more targets who haven’t come forward to avoid embarrassment it’s clear this was a massive coordinated effort so who did it and why in 2015 2 days before Christmas at least three power companies in Western Ukraine were hit by a Cyber attack which knocked the power out for more than a quarter of a million people the hack came in the midst of an active military conflict between the government of Ukraine and russian-backed separatists in the East within 5 days of the Cyber attack the sbu Ukraine’s equivalent of the FBI blamed Russia after some lengthy negotiations I met with a member of the sbu in the back of a van in Kiev on the condition we not reveal his name or show his face he told me that officials had Advanced knowledge of the attacks but we’re able to prevent them but the sbu hasn’t offered any proof to back up its claims why isn’t there any direct proof that it was Russia why don’t you have that right so this is a war this is this is a full-on war with Russia both online offline Ukraine was quick to blame Russia for the attacks but the reality might be more nuanced after the hack the US government sent a team to Ukraine to investigate and several cyber security firms analyzed the publicly available evidence there’s there’s so many things that Russia gets blam for as a big bag Boogeyman that you go well maybe not all of it’s true but some of it still is Robert M Lee served in the Air Force as a cyber warfare operations officer he also worked for an unnamed us intelligence agency which he won’t confirm or deny was the NSA Rob now runs his own company focused on securing critical infrastructure working with electricity industry Watchdogs he co-wrote the definitive report on the Ukraine attacks now why don’t you take me through the actual you know in layman’s terms sure how’ this attack go down cuz it’s it’s multifaceted this few different stages right yep so it all started about 6 months previous to December about 6 months previous uh there was fishing emails sent out so operators at the power grid were getting emails about a variety of different events going on in Ukraine when they opened up the email the piece of malard called black energy 3 was dropped to the system that enabled the attackers to seal off credentials usernames passwords things like that from the network and then were able to come back in over that 6mon period they spent that time time researching and understanding the environment so it wasn’t this story that we hear sometimes thrown around about light speed net speed cyber attacks you know no it was human adversaries doing research in the environment so the attack starts when they did that they also had a piece of malare called kill dis positioned on the systems so that when the systems reboot it would kick off deleting all the files and deleting all the systems wow so while The Operators are trying to recover they’re also dealing with the fact that all their systems are going down and then in the of all that they basically blew the bridges to those substations now let’s talk about the actual people that did this attack in Ukraine Ukrainian government said it was Russia so who was it when you took a look at it yeah and you actually went into it who did it if we’re talking about should the US government come out and say it was Russia I don’t think they have enough proof one American cyber security firm firey blamed the Ukraine attack on a group they call sandworm team which they say as ties to Russia Rob agrees I think the sandw team is more than likely a private For Hire team that goes around and kicks down the doors for places and then it’s possible that a military team or someone else comes in after but I do not think that the sandworm team is the Russian government sandworm team may not be the Russian government but the fact that Russia has been implicated in the attack could have international repercussions and it seems highly unlikely that people inside the country would do something so high-profile and so obviously in Russia’s interest with at least least informing the government I I can’t imagine a scenario and just doesn’t mean it can’t exist but I don’t feel that there’s a scenario where a team operating out of Russia thought that it was a good idea to take down a portion of the power grid and at least didn’t notify somebody that they were going to do it there there’s that’s a very risky situation to be in the hack of Ukrainian power companies is the first time we know of that a Cyber attack caused outages in a nation’s power grid if the attack was pulled off by Russia this wouldn’t be the first time access to electricity has been used as a weapon in this conflict more than a year before the incident Russia annexed Crimea from Ukraine then some crimeans got very pissed off and struck back they formed a blockade and cut off access from Crimea to Ukraine and in November 2015 they blew up pylons providing Crimea with electricity leaving 2 million crimeans in the dark that happened just a month before the cyber attacks on Ukraine’s power grid l islamov is a businessman and a former deputy prime minister of Crimea he’s a Tatar a Muslim ethnic minority in Ukraine he was a leader of the blockade and the Russian government has charged him with terrorism in absentia many believe the Cyber attack on Western Ukraine’s power grid was Russia’s retaliation for the Crimean blackouts which happened just a month earlier the Russian government has actually named you personally mhm for sabotaging the Crimean power grid mhm how do you respond to that allegation do you think tfsp is following you so do you personally think that the attack on the obero in December in Ukraine was retaliation for the attack on the power grid in Crimea absolutely do you think you’ll ever go back to Crimea absolutely [Music] so you’re going back to Crimea Dead or Alive is what you’re saying I think so okay the Russians may have been the first to take the conflict in Ukraine online but the battles being fought there are continuing from both sides Raman burko and vitalic soran not the real names are part of a group called [Music] informed many of their members live in Crimea or in separatist controlled regions in eastern Ukraine officially the Russian military is not deployed in the East but using a mixture of social media and on the ground Intel Gathering informed upon as proving Russian special forces are actively operating in the region they’ve also published information about Russian soldiers serving in Syria they agreed to meet me in my hotel and wore masks because they worry about what could happen to their family members and loved ones if their identities were ever revealed to Russian agents so what is inform Neal and what do you guys do [Music] [Music] F Flame [Music] so this is more than just an infowar between Ukraine and Russia this is essentially a cyber War as well you’re behind a keyboard and you’re causing Havoc for the Russian government but are you willing to die for that [Applause] cause Russia never formally responded to Ukraine’s allegation that the country is to blame for the Cyber attack on Ukraine’s power grid and some government officials within Russia really don’t take the threats from Ukrainian hackers very seriously Vadim denan is a member of the Russian Parliament and the committee on informational policy information technology and Communications the Russian government maintains it never invaded Ukraine and that Russian soldiers in eastern Ukraine are merely patriotic volunteers helping ukrainians who want to separate from the country and join Russia denan might think ragtag Ukrainian hackers are harmless but the hackers I’m about to talk to are the exact guys who in collaboration with informed Aon hacked to the Kremlin and leak the emails of Putin’s right-hand man vladislav COV making international headlines so right now I’m waiting to meet up with a hacking group that uh informed upon hooked us up with called Ru haate and I don’t know what these people look like but I do know they’re under investigation apparently allegedly by Russian intelligence because they’ve been hacking Russia but we should be meeting with them really soon we finally managed to figure out a safe location for the two black hat hackers I was about to meet they call themselves dmer and Ross they’re part of the hacking group Ru haate and say Russian intelligence agencies like the FSB would be very interested in knowing who they are so if you could say anything to those Russian FS be investigators what would you tell them you can go and yourself like Captain [Laughter] karoo you’re you’re an outlaw so you have evidence then that they’re actually after you yep and you don’t give a f why should I I’m on my ground I’m on my soil I’m in my country protecting my country but if they invade at some point we should fight back it’s the war This Is War this is all war to you yep it is a war not using the direct shut fires and guns but we’re using the codes the exploits keyboards and other stuff but it’s still a war we are not waging a war against the civilian Russian civilian we’re waging a war against the criminal Russian government do you want to explain some of the biggest hacks that Ru hat has ever done yes it’s just for FL [Music] for the conflict in Ukraine is almost 3 years old and Counting as I know from my own experience getting shot at or being shelled is a daily occurrence in certain parts of the country but if Russia really was behind the power grid attacks in Western Ukraine or even if Russia just allowed a private company to do it major line has been crossed our critical infrastructure in the US and Canada is just as vulnerable to cyber threats as trains so if someone really wanted to turn the lights off in North America they probably could and given that there have been no serious repercussions for what happened in Ukraine what’s really stopping someone from doing it again

A cyber attack on Ukraine’s power grid leaves thousands of people in the dark. As a military conflict involving Russia rages in the east, has the ground war led to cyberwar?

This episode of Cyberwar first aired on VICE TV in 2016.

Help keep VICE News’ fearless reporting free for millions by making a one-time or ongoing contribution here. – https://vice.com/contribute

Subscribe to VICE News here: http://bit.ly/Subscribe-to-VICE-News

Check out VICE News for more: http://vicenews.com

Follow VICE News here:
TikTok: https://www.tiktok.com/@vicenews?lang=en
Facebook: https://www.facebook.com/vicenews
Twitter: https://twitter.com/vicenews
Instagram: http://instagram.com/vicenews
More videos from the VICE network: https://www.fb.com/vicevideo

#VICENews #News #hacker