Russian malware found on laptop at Vermont electric utility

Dec. 31, 2016 11:45 AM PT

Reporting from Washington —

Malicious software tied to Russian intelligence agencies has been found on a computer of a small electric utility in northern Vermont, raising concerns of Russian attempts to interfere with critical infrastructure as well as the 2016 presidential race.

The laptop computer was not connected to the electric system, and the malware did not disrupt electric grid operations or compromise customer data, according to the Burlington Electric Department and a U.S. law enforcement official speaking on condition of anonymity.

The disclosure comes amid rising tensions with Russia over U.S. charges that Russia’s two largest intelligence agencies, known as the GRU and the FSB, conducted an aggressive campaign of cyberattacks that U.S. officials code-named “Grizzly Steppe.”

On Thursday, President Obama ordered the expulsion of 35 Russian diplomats from Washington and San Francisco, closed two Russian luxury compounds in Maryland and New York, and imposed sanctions on the GRU and the FSB.

Burlington Electric, a municipally owned utility that serves about 20,000 customers, said late Friday that it found the malware after the Department of Homeland Security issued an alert as part of the Obama administration’s actions.

The DHS alert detailed technical aspects of the Grizzly Steppe attacks, which it said were aimed at “the U.S. election, as well as a range of U.S. government, political, and private sector entities.”

Federal authorities shared the malware code with executives from 16 major sectors of the U.S. economy, including the financial, utility and transportation industries, officials said.

Mike Kanarick, a Burlington Electric spokesman, said the utility scanned all the computers in its system for the malware signature.

“We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems,” Kanarick said in a statement. “We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems.”

It wasn’t clear whether the small utility was specifically targeted or why, or when the laptop was compromised. Authorities believe the hackers may be seeking to identify and penetrate vulnerabilities in the U.S. electric grid, perhaps by using small rural utilities.

Vermont’s elected officials reacted with alarm to the cyberattack.

Gov. Peter Shumlin, a Democrat, urged federal authorities to launch an aggressive investigation. He also rebuked Russian President Vladimir Putin.

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality of life, economy, health and safety,” Shumlin said in a statement.

Sen. Patrick J. Leahy (D-Vt.) said Vermont State Police briefed him Friday evening on the attempts to penetrate the electric grid.

“This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”

President-elect Donald Trump, who has vowed to improve relations with Russia, on Friday applauded Putin’s decision not to directly retaliate against new U.S. sanctions by expelling American diplomats.

“I always knew he was very smart!” Trump tweeted.

Follow @delwilber on Twitter

del.wilber@latimes.com

ALSO:

Tracking down guns used in crimes and terror attacks is still surprisingly low-tech

Aspiring agents learn from mistakes of FBI’s ‘shameful’ investigation of Martin Luther King Jr.

How these Brooklyn prosecutors work to get innocent convicts out of prison