Russian Code Found In US Utility Computer

Click For Summary

Discussion Overview

The discussion revolves around the detection of Russian malware in a Vermont utility's system, linked to a broader hacking operation known as Grizzly Steppe. Participants explore the implications of this discovery for national security, the accuracy of media reporting, and the nature of the malware itself. The conversation touches on themes of cybersecurity, media responsibility, and the potential for misinformation.

Discussion Character

  • Debate/contested
  • Meta-discussion
  • Technical explanation

Main Points Raised

  • Some participants express concern over the vulnerabilities of the U.S. electrical grid following the discovery of Russian malware, highlighting the potential for future attacks.
  • Others question the characterization of the malware as "Russian," suggesting that coding languages do not inherently belong to a nationality.
  • Several participants challenge the accuracy of media reports, particularly the Washington Post's portrayal of the incident, arguing that the utility's statement clarifies the malware was found on a laptop not connected to the grid.
  • There is a discussion about the timeline of events, with some participants asserting that the utility's statement was issued after the initial media reports, raising questions about the reliability of the sources.
  • Some participants argue that the media's sensationalism could lead to unnecessary tensions between countries, citing examples of misinformation affecting international relations.

Areas of Agreement / Disagreement

Participants do not reach a consensus on the implications of the malware discovery or the accuracy of the media reporting. There are competing views regarding the nature of the threat posed by the malware and the responsibilities of news organizations in reporting such incidents.

Contextual Notes

Participants note the lack of clear timestamps regarding the sequence of the utility's statement and the media reports, which complicates the discussion about the accuracy of the claims made by different parties.

Computer science news on Phys.org
  • #33
zoobyshoe said:
Thanks for posting this.

Do you know anything about "Neutrino?"

Really old school delivery system Java code for other malware systems.
Neutrino - связка эксплоитов
Друзья, предлагаем Вашему вниманию наш новый продукт, связка эксплоитов Neutrino.
Хотел бы перейти сразу к описанию и остановиться более детально на некоторых особенностях.

Translated by google as :
******************************************

Neutrino - a bunch of exploits
Friends, we offer you our new product, a bunch of exploits Neutrino.
I would like to go directly to the description and to stay in more detail some of the features.
...
Contacts
Jabber: xxxxxxxx_@_dont_click_xxxxxx.cz
ICQ: xxxxxxxxxx
 
Last edited:
  • #34
When I worked in the power industry, I was considered as a radical reactionary. That was because I considered government (at all levels) as a singularly bad partner in IT and security issues. Today's story linked by @nsaspook seems to confirm my bias.
  1. Information that government shares with industry is low quality. The Grizzly Bear signature sent out by DHS was insufficiently selective to prevent a false positive (neutrino identified as grizzly)
  2. Information that industry shares with government will be mishandled and leaked. In this case it resulted in the Washpost "fake news" that scared the public and reinforces the anxiety that the grid is highly vulnerable. I expect that many fewer people will read and be influenced by the retraction, so the damage can never be entirely undone.
But even more basic, there is an unresolvable conflict inherent in any entity with both offensive (i.e. US Cybercommand) and defensive roles. USA critical infrastructure uses the same basic components as everyone else in the world. Unix variants, routers, hard disk drivers, PLCs, and so on. It is Cybercommand's duty to have the ability to penetrate and bring down the computers of any/all bad guys in the world. In practice, they can only achieve that if they have the capability to bring down anything anywhere, owned by bad guys or good guys. Therefore, I am forced to assume that any standards, software, or other information received from government has been mandated by Cybercommand to be compromised. Government can not tolerate secure computing because bad guys will get their hands on it. I see no possible way to resolve that conflict.
 
  • Like
Likes   Reactions: nsaspook

Similar threads

Replies
2
Views
3K
Replies
10
Views
5K
  • · Replies 29 ·
Replies
29
Views
10K
  • · Replies 14 ·
Replies
14
Views
3K
  • · Replies 2 ·
Replies
2
Views
9K
  • · Replies 1 ·
Replies
1
Views
10K