by Karl Denninger, Market Ticker:
Well now, it appears there is actually a story in here regarding malware tied to Russia:
BURLINGTON, Vt. – Malware code linked to Russian hackers and found on a Vermont electric utility’s computer is further evidence of “predatory” steps taken by that country against the U.S., a Vermont Democratic congressman said Saturday.
“This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” Rep. Peter Welch said in a statement. “They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”
Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted. Russia, which has denied hacking U.S. systems, has been accused of interference in the U.S. presidential election by hacking American political sites and email accounts.
In other news the person who used that laptop was known to prefer pornographic video of sex with goats (sarc).
First off, said laptop was apparently owned by said utility but, the utility claims at least, it was not in any way connected to any part of their network, especially the parts that actually control its operations. This leads one to wonder exactly what purpose said laptop had — perhaps it was part of a meter-reading system in a company vehicle, for example.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” the governor said in a statement.
Meh. There’s zero evidence to support that allegation. First, we don’t know how the malware got in there. The most-common means by which it “gets in there” is the installation of a program that someone thought would do something else — like, for example, play videos of people having sex with goats.
This is the dirty little secret when it comes to “rootkits” and other forms of persistent malware — it has to get into the machine somehow, and the “somehow” on modern computers requires that you give it permission to install.
Installation on most modern machines is inherently an act that requires elevated privileges to some degree. These privileges are (sadly) not usually very granular, so when you get the permission to do the installation if the installer has evil code in it that installer can put the evil code into the computer and protect it from being seen through normal means (and removed through normal means!) This frequently includes corrupting one or more of the system’s internal files so that absent a complete reload of the device in question it is virtually impossible to cleanly remove the evildoer’s work.
Yes, there occasionally are vulnerabilities discovered that allow “unsanctioned” installations of this sort. They’re called “privilege escalation” attacks and the really ugly part of them is not only how many of them are discovered but that the places they’re discovered are in pieces of code that execute with system privileges and thus can modify other, unrelated parts of the system and its software. Most, but not all, of these pieces of software should not be written to require that sort of privilege but software vendors do it because they’re lazy while government, commercial and individual users repeatedly give the vendors a pass instead of bending them over the table and destroying them.
Incidentally, this sort of malware is literally everywhere. It’s used by the people who “cryptolock” files and demand ransom, it is used by those who corrupt machines for the purpose of using them for “denial of service” attacks and as a means of relaying further data without being detected as the source and, sometimes, it is also used to directly target someone for data theft or corruption.
We don’t know which was the case here, but it’s a fairly good bet that this wasn’t exactly a “targeted” attack as if it was it was rather poorly-executed.
Please follow SGT Report on Twitter & help share the message.