Cyber-security analysts are probing a Vermont utility’s laptop, following the discovery of malware on the device.
Burlington Electric said federal authorities issued an alert to utilities around the country about possibly suspicious internet activity. The alert led to the discovery of a concerning piece of code that didn’t belong on one of its employee’s laptops.
“We’re still looking into the laptop,” said cybersecurity analyst Jon Rajewski, who consulted for Burlington Electric on the situation. “There’s a team of people from federal agencies working on this as well.”
In their alert, the feds linked the type of code discovered in Vermont to Russian hackers.
Friday, The Washington Post incorrectly reported that Russian hackers penetrated the U.S. electric grid through that code, infecting a Vermont computer. The paper later amended its reporting to say the discovery indicated there are technological risks to the nation’s power system.
By Monday night, the newspaper issued an update citing experts and officials close to the investigation that some evidence showed the incident was not linked to any hacking effort by the Russian government.
The utility called the initial newspaper report deeply flawed and said the code may have had little or no direct impact at all on Burlington or on the power grid as a whole.
“There’s been no indication of compromise of either our electric grid systems or our customer information” said Neale Lunderville, the general manager of Burlington Electric.
Lunderville told necn the laptop wasn’t connected to the grid systems, and noted the code has been found elsewhere in the country.
“We’re constantly scanning for threats, 24-7-365,” Lunderville said. “All utilities, including Burlington Electric, take cyber-security very, very seriously.”
The scare and its initial link to Russia, which the Obama administration has fingered in the hacking of Democratic political institutions ahead of November's election, sparked several fiery political responses.
Vermont Gov. Peter Shumlin said, “Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety.”
“This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling,” Shumlin’s statement continued.
necn reached out to Shumlin's office Tuesday in light of Washington Post's further reporting.
Sen. Patrick Leahy, D-Vermont, also weighed in.
“This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy wrote. “That is a direct threat to Vermont and we do not take it lightly.”
Rep. Peter Welch, D-Vermont, said in a statement, “This attack shows how rampant Russian hacking is. It's systemic, relentless, predatory. They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”
While federal agencies have linked the code they told utilities to watch for to Russian hackers, Rajewski, the cybersecurity analyst, said a full forensic exam of the malware’s origins and the motive behind it will be complicated.
Often, viruses can get onto computers through bogus emails that trick users into opening a malicious file, he said.
“You have to spend a lot of time looking at the evidence and trying to determine what happened,” Rajewski said. “All that takes some time and effort.”
While the probe into the utility’s laptop continues, Rajewski said the case underscores the need for homeowners, businesses and other organizations to keep up-to-date on cybersecurity, to protect against possible breaches.
“Computers hold a lot of valuable information. It’s important to keep it safe and secure,” Rajewski said. “It’s really important to keep your phone and computer up-to-date so you can try to stop or slow down these attackers from breaching your security.”