US Intel Agencies Have 'Incredible' Amount of Data on Global Networks – Prof

The US Department of Homeland Security said that Russian hackers had infiltrated the networks of US electric utilities. The Wall Street Journal reported that hackers from a group known as Dragonfly or Energetic Bear penetrated the networks of US power generating companies and attacks began in 2016 and are likely to still be ongoing.
Sputnik

Sputnik discussed the alleged Russian hackers’ attacks on the US electric grid with Kevin Curran, professor of Cyber Security School of Computing, Engineering and Intelligent Systems, Department of Computing, Engineering and the Built Environment at Ulster University.

Sputnik: In the case of hacking attacks is it possible to ever establish the location of hackers with 100% accuracy?

Kevin Curran: 100% accuracy is difficult. Really what we have is a digital crime and there is no physical footprint left. Tools are rendered empty but are developing; they are getting better, and again, the US would be one of the best in the business of being able to, the resources that they have in terms of cyber-forensics. It is difficult and now most security experts agree that you can attribute blame in cases where there’s been a large investigation, where resources have been thrown at it, but 100% is always very difficult, because again, what we have is a cyber crime, what we have is reliance on computers' IP addresses, which are unique identifiers, but things can be spoofed. You can do things to make it look like it was someone else, so you again, you can never be completely certain that you can attribute the source of an attack to a particular nation, or a particular hacking group, or a particular individual.

READ MORE: US Media Claims Russian Hackers Access American Energy Networks, Plan Blackouts

Sputnik: Can hackers hide their location while pretending to be from a different country? It seems like a basic question, I would’ve thought that is possible, but what’s a professional like yourself's point of you on that?

Kevin Curran: It is for most cases. What I would say is when it comes to nation-state attacks, all you have is the intelligence services actually would be monitoring and would have already got in link in to who they believe are carrying out attacks and in this case, of course, attribution is to the Dragonfly, this is the well-resourced Eastern European hacking group.

Germany Spy Chief Says Russia 'Highly Likely' Behind Hacking, Slams Facebook
Again, they would have been watching these different entities. A related aspect: just last week the US released a report on 12 Russian intelligence officers who were indicted. This 29-page report gives a very technical breakdown of what was happening, but for a security expert who's read the report, when you come away from it, you realize that the incredible detail in which they rewinded what happened and the way they were able to show what the guys did, how they registered websites to be able to publish the documents and everything else, what it left you was the feeling that the US intelligence services have really, what we call, deep network inspection tools, so you would suspect that they were already in the network and that they know more than they’ve ever told us, really. It was actually quite incredible to see what they actually know when it comes to global networks, really, and you can just imagine that they've put a lot of money, and time, and effort into being able to exploit and see what has happened on a global level.

Sputnik: I suppose it’s not surprising really. According to the Wall Street Journal these attacks began back in 2015, why then in your view are these attacks being reported three years later, it’s obviously a large period of time that’s passed since then, isn't it?

Kevin Curran: It is indeed, they have released other ones in the past; they've let us know about attacks happening. The most famous one is the power grid attack, what we're talking about here is the energy companies and the power grids really. In Ukraine, in December 2015, there was an attack on their infrastructure and for six hours, during one of their coldest times ever, up to a quarter of a million houses were left without electricity. They grabbed the grid operators' control systems and took out 30 substations.

When in Doubt, Blame Moscow: US Officials Claim Russia Hacked Winter Olympics
Many believed that it was a training exercise to be able to prove to themselves that actually, they could do it, that they can infiltrate a nation states' power grid and deactivate and activate, and whatever they really wanted, actually. So actually that shows you what it may be like in the future. They are building up a stockpile of attacks against any nation, really. Maybe they're not looking at Ukraine but because a lot of systems worldwide use the same software, a lot are from Siemens and other companies. So if they can take it out in one country then you’re kind of more confident that you’re able to repeat the same attack in the country that possibly the one that you’re targeting or the one that you're threatening in the future.

Sputnik: Some experts have pointed out the allegations come after the recent meeting between President Trump and President Putin in an attempt to stir up a further wave of Russophobia, have you go to point of view on that?

Kevin Curran: It’s possible, actually Trump himself, as I said earlier where most experts would agree that can attribute attribution, Trump himself said: 'Once they hack, if you don’t catch them in the act, then you’re not going to catch them again'. So there were a lot of people horrified that he said that. Trump himself has literally himself said that he doesn’t believe that you can attribute blame, but it’s hard to keep up with what Trump is saying against Russia and North Korea, and other countries really, really it's hard to keep up with Trump's statements.

The views expressed in this article are solely those of the speaker and do not necessarily reflect Sputnik’s official position.

Discuss