Could Russian hackers mess with Huntsville?

Jim Steele

Could Russian hackers make the lights go out in Huntsville?

That’s just one cybersecurity question that’s top of mind in this national defense-oriented city, the home of Redstone Arsenal, following the Russian invasion of Ukraine and the imposition of United States sanctions.

Huntsville is used to being one of Moscow’s top nuclear warfare targets since the Cold War. In the current conflict it’s possible Huntsville could be a direct Russian target, says a local expert who has been tracking Russia’s cyberattacks against Ukraine, but not probable.

“Russia attacking U.S. critical infrastructure in a way that affects our society seems unlikely to me because we would know where the attack came from and we might respond in kind,” says Dr. Tommy Morris, interim chair of the Department of Electrical and Computer Engineering and director of the Center for Cybersecurity Research and Education at The University of Alabama in Huntsville (UAH), a part of the University of Alabama System.

“Cyberattacks are not governed by mutually assured destruction like nuclear bombs. Nations use cybersecurity attacks because they are inexpensive and generally nobody dies,” he says. “If a nation attacks critical infrastructure and causes loss of life, directly or indirectly, that would hopefully not be tolerated.”

Yet Russia has the power to cyberattack, or more commonly those working independently with Russian encouragement do.

“Hackers can make the lights go off,” says Dr. Morris.

“Redstone Arsenal is a Federal Center of Excellence with a great deal of research and development, logistics and supply, intelligence and law enforcement activity,” he says. “This makes Redstone Arsenal, businesses in the area and even our home networks high-value targets. Our home networks are targets because our family members work at Redstone or at local companies involved in the high-value target areas.”

Suspected Russian hackers have been tied to some of the largest attacks in the U.S. since 2020. The SolarWinds attack in 2020, for example, hit federal government agencies. Ransomware attacks shut down a major fuel pipeline and caused disruptions at JBS, one of the country’s largest meat plant operators.

Usually the hackers can’t be openly linked to the Russian government because it could compromise intelligence sources, but they operate with its consent and perhaps even its encouragement, and they seem to have an affinity for large U.S. systems.

The electrical grid isn’t the only way Russian linked hackers might be able to play havoc, Dr. Morris says.

“One attack that has grown in recent years is attacks on money transfers. Banks send money electronically with systems developed a relatively long time ago,” he says.

“These systems are vulnerable and criminals have been able to steal large amounts of money. Since many of the recent sanctions are financial in nature, Russia and their proxies could attempt to steal money by attacking these financial transfer systems.”

Ransomware is the type of attack most likely to affect small business and individuals.

“Criminals run ransomware operations to encrypt any computer’s data they can find,” Dr. Morris says. “They charge ransom to give you your data back. Sometimes they have no intention of giving your data back.”

Such attacks are disruptive at a minimum, he says, and could be a way for a country to attack another nation’s individuals.

“Another threat that is growing is attacks on cryptocurrency like Bitcoin, Ethereum, Dogecoin, etc. wallets,” he says. Wallets are the electronic storage areas for cryptocurrency owners.

“If you are dabbling in cryptocurrency, be careful,” Dr. Morris says. “This theft is extremely hard to trace and there are no protections such as you might get from a credit card company or from the Federal Deposit Insurance Corporation for a bank account.”

Protecting yourself from cyberattack is mostly about using good cyber hygiene and not being an easy target, he says. Start off by using complex passwords and changing your passwords regularly. Don’t use the same password for all accounts, and install a virus scanner on your computer and make sure it runs. Don’t click on links in emails.

A tremendous amount of work and money has been directed at defending critical U.S. infrastructure from attack, Dr. Morris says. Those efforts include development of cybersecurity standards, deployment of solutions in many places and development a robust cybersecurity industry, as well as a robust incident response capability.

“However, we have far more computers than cybersecurity professionals to bring cybersecurity best practices to all corners of our networks,” he says. “Because of a shortage of cybersecurity professionals many systems remain vulnerable to attack even though we know how to defend them.”

Hackers penetrate systems in attacks like SolarWinds, or they use email attacks or social media attacks. Lower-level Supervisory Control and Data Acquisition (SCADA) systems can make easy targets, though much has been done to strengthen the security in the last five years.

“SCADA systems are computers and networks that control electric power, water treatment and distribution, gas pipelines, factory automation and other critical infrastructure,” Dr. Morris says. “SolarWinds, email attacks and other penetrations allow attackers to look around and pivot to access high value targets they find inside networks. Once they are in, they can install back doors and come back with later attacks.”

One example is an attack attributed to Russia against Ukraine at Christmas in 2015.

“Attackers sent an email with a MS Word document attached. The Word document included malware that installed a back door,” says Dr. Morris. “A spear phishing attack was used to send this bad email to employees of a Ukrainian electric utility. When that email attachment was opened, it installed the back door. Attackers used the back door to turn off power to hundreds of thousands of customers over Christmas.”

In the U.S., what other countries want to do inside SCADA systems is implant back doors and logic bombs.

“They don’t necessarily want to take out our critical infrastructure now,” Dr. Morris says. “But, if we go to war or if they want to send us a message, they want to be able to attack later.”

U.S. technical advancement also makes the country vulnerable to cyberattacks.

“Russia has in the last 10 years launched many cyberattacks of many types against Ukraine,” Dr. Morris says. “Ukraine has developed good cybersecurity response capabilities, in cooperation with cyber defenders worldwide.”

Generally, Ukraine has bounced back from the worst attacks in a few days.

“This is at least partially because their society is not as dependent on the internet as we are,” Dr. Morris says. “The United States may not be so lucky.”

(Courtesy of UAH)