Network Security

Exposing Russian Spies Who Tried to Hack a Kansas Nuclear Plant | KCUR 89.3

Exposing Russian Spies Who Tried to Hack a Kansas Nuclear Plant |  KCUR 89.3
Written by ga_dahmani
Exposing Russian Spies Who Tried to Hack a Kansas Nuclear Plant |  KCUR 89.3

Three young Russian spies, Pavel, Mikhail and Marat, who worked from computers in a 27-story skyscraper at 12 Prospekt Vernadskogo in Moscow, for five years attacked the Wolf Creek nuclear power plant in Burlington, Kansas.

They were on a sophisticated cyber reconnaissance mission to learn about the inner workings of the plant to prepare for a possible precision electronic attack by the Russians.

That’s the story that broke on March 24, when the US Department of Justice suddenly and somewhat mysteriously unsealed an indictment against the unfortunate trio. The indictment was filed under seal on August 26, 2021, in the US District Court in Kansas City, Kansas, and had been gathering dust for seven months.

Context matters, and in this case it explains why the Sunflower State and its only nuclear plant have been woven into a saga mixed with hints of John le Carré spy novels.

The bloody context is the devastating war that Russia launched weeks ago against Ukraine. It also includes the remarkably successful psychological warfare operations that the Biden administration and its Western European allies have launched against Russian President Vladimir Putin and his war machine.

James Lewis, a nuclear cybersecurity expert, said the Justice Department indictment was likely unsealed in Kansas now because the Biden administration has new intelligence on the Russians and wants those who oversee America’s critical infrastructure to be on high alert.

“Perhaps the Russians are considering a cyber attack more than in the past. It’s driven by what the Russians are doing,” said Lewis, director of the Strategic Technology Program at the Center for Strategic and International Studies in Washington.

Wolf Creek, completed in 1985, is located about 100 miles southwest of Kansas City. Evergy, formerly Kansas City Power & Light, owns 94% of Wolf Creek with the remainder owned by the Kansas Electric Power Cooperative.

A nuclear power plant by a cooling pond

US Nuclear Regulatory Commission

/

The Wolf Creek Nuclear Power Plant near Burlington, Kansas.

Evergy declined to discuss the Russian cybersecurity attack at Wolf Creek. However, his statement is illuminating because it makes immediate reference to the war in Ukraine.

Chuck Caisley, Senior Vice President of Public Affairs for Evergy, in response to an interview request, sent an email that stated: “Given the current geopolitical situation and the current cybersecurity threat posture related to the National Electric Grid, In general, we are not publicly discussing cybersecurity at Evergy or at Wolf Creek. In addition to not discussing our outlook, practices, and protocols in general, we are also not discussing this incident.”

Security experts say that until the presidencies of Barack Obama, Donald Trump and Joe Biden, US intelligence agencies never publicly identified the identities of foreign government hackers. Doing it now in a big way is an escalation in the ongoing battle against these threats and is intended to draw the attention of governments and their agents who were hoping to commit their cowardly deeds in the dark.

Named in the Kansas indictment are Pavel Aleksandrovich Akulov, Mikhailovich Gavrilov, and Marat Valeryevich Tyukov.

For them, being publicly labeled as hackers “is life changing,” said Tim Conway, industrial control systems curriculum leader at the SANS Institute, which provides cybersecurity training. These guys won’t be able to travel much beyond Russia’s borders for fear of being caught by international law enforcement agencies.

“To begin with, there are rewards from the US Department of State Rewards for Justice Program for up to $10 million for information leading to the identification or location of individuals, which will limit travel capabilities, work capabilities, and likely limit role in their current organizations,” he said.

Included in the indictment were photographs of the three Wolf Creek hackers. While unlikely, if you see them at the Country Club Plaza or a Kansas City Royals game, we recommend that you call the FBI.

Experts say his public exposure by US authorities is unique.

“Yeah, yeah, to my knowledge, we’re the only ones that name and shame people,” Conway said.

After receiving a copy of the unsealed indictment, Conway told Flatland the Wolf Creek attack was similar to a fishing expedition to learn more about how the plant operates.

“They were building a list to inform future actions,” he said.

Simply put, the security systems at Wolf Creek would not allow cyber intruders to trigger a meltdown that could poison the region and Kansas City, Conway said. Additional layers of security are provided because the operating systems in the plant are largely isolated from the Internet, where cyber intruders roam.

If there ever was a catastrophic release of radioactivity at Wolf Creek, Kansas City could well be in its path, according to Bryan Busby, chief meteorologist for KMBC.

“So usually before the rain and storms of any kind come, the winds will come from the southwest, which means any radioactive fallout will transpose onto us,” Busby said. “As a general rule of thumb, KC has about 105 days of precipitation, about a little less than a third of the year.”

“Should the people of Kansas City panic about the attacks involved in this campaign that happened years ago? Probably not,” Conway said. “But they should pay attention and say to themselves, ‘Hey, this is happening in my state. This is not something that happens in Ukraine or in the whole world.’”

The true goal of releasing information about a cyberattack “that has been available for a long time,” Conway said, may be related to Russia’s ongoing attack on Ukraine.

Publishing that information now, Conway said, “is absolutely informed by the geopolitical situation around the world” and is likely to cause a high level of anxiety in the Kremlin.

“It highlights that things are not going well for Putin,” Conway said.

It also underscores Putin’s predicament of possibly being blindsided by his own intelligence agencies, which have underestimated Ukraine’s fighting abilities in recent weeks.

US and allied intelligence agencies have clearly gotten deep into Russia’s cyberattack forces, as the details in the unsealed indictment show.

How did the US obtain the footage of the Russian hackers and how long has the investigation been going on? That’s a question hackers in Russia, as well as in Iran, China and North Korea, are now asking themselves.

Additionally, the indictment detailing how the Russians gained access to various energy and industrial networks provides good information for companies and their suppliers tasked with building defenses against future incursions.

The Department of Justice, in a press release issued on March 24 about two unsealed indictmentsit said “two separate conspiracies, targeting the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, hundreds of companies and organizations, in approximately 135 countries.”

One indictment was in Washington, D.C.

The second, filed in Kansas City, Kansas, detailed “a separate, two-phase campaign by three Russian Federal Security Service (FSB) officers and their co-conspirators to target and compromise the computers of hundreds of entities related to the Energy. industry worldwide. Access to such systems would have provided the Russian government with the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing,” the Justice Department press release stated.

Deputy Attorney General Lisa O. Monaco said in the statement: “While the criminal charges unsealed today reflect past activity, they make abundantly clear the urgent and continuing need for corporate America to strengthen their defenses and remain vigilant. Together with our partners here at home and abroad, the Department of Justice is committed to exposing and holding accountable state-sponsored hackers who threaten our critical infrastructure with cyberattacks.”

United States Attorney Duston Slinkard for the District of Kansas said, “The potential for cyberattacks to disrupt, if not cripple, the delivery of critical energy services to hospitals, homes, businesses, and other places essential to sustaining our communities is a reality in today’s world. .”

The DOJ press release continued: “Between 2014 and 2017… the co-conspirators transitioned to more specific engagements that focused on specific entities in the energy sector and individuals and engineers who worked with ICS/SCADA systems.

“As alleged in the indictment, the co-conspirators’ tactics included spear phishing attacks targeting more than 3,300 users at more than 500 US and international companies and entities, as well as US government agencies such as the Nuclear Regulatory Commission.

“In some cases, spearphishing attacks were successful, even in compromising the commercial network (namelyinvolving computers not directly connected to ICS/SCADA equipment) of Wolf Creek Nuclear Operating Corporation (Wolf Creek) in Burlington, Kansas, which operates a nuclear power plant.”

SCADA stands for “supervisory control and data acquisition” computer systems that monitor and control the guts of industrial equipment and the processes that govern things like power generation at a nuclear plant and maintaining its operational health.

“Furthermore, after establishing an illegal foothold on a particular network, the conspirators generally used that foothold to further penetrate the network by gaining access to other computers and networks in the victim entity,” the Justice Department said. .

The Justice Department thanked the Wolf Creek utility operators, saying they “provided invaluable assistance in the investigation.”

The nuclear industry is aware of the importance of safeguarding its assets from growing cyber threats, according to Rich Mogavero, senior project manager for the Nuclear Energy Institute, the nuclear industry policy organization.

“As one of the nation’s critical infrastructure sectors, the nuclear power industry routinely engages with federal agency intelligence agencies on situational and threat awareness and assesses its readiness for emerging cyberthreats. he told Flatland in a prepared statement.

This story was originally published on flat earthmember of the KC Media Collective.

About the author

ga_dahmani

Leave a Comment