US officials: Russia increasing spy campaign, top suspect in hack of 12 power plants

UPDATE 2 — 7/14, 10:19 a.m. EDT: Russian Foreign Ministry spokeswoman Maria Zakharova reiterated Friday the Kremlin may eject American diplomats claimed to be operating in Moscow as spies.

The warning comes amid the White House’s reluctance to return two Russian diplomatic compounds in the U.S. that were shutdown in the waning days of the Obama administration and to issue visas so the Kremlin can replace 35 ejected diplomats.

 

UPDATE — 7/11, 1:43 p.m. EDT: Speaking to Russian reporters Tuesday in Austria, Foreign Minister Sergey Lavrov indicated the Kremlin is considering measures to retaliate against the U.S. for shutting down two diplomatic compounds and ejecting 35 Russian diplomats in December 2016.

“I believe that for such a great country like the United States of America, this advocate of international law, it’s just shameful to leave the situation in mid-air,” he said, apparently referring to the failure of President Trump’s meeting with Vladimir Putin to rectify the situation.

According to an anonymous Russian diplomat, the Kremlin is considering shutting down two American diplomatic compounds in Moscow and St. Petersburg and forcing 30 U.S. diplomats out of the country.

 

 

Multiple media outlets cited government sources in separate reports Thursday suggesting that Russian actors have increased their intelligence-gathering and cyberattack campaigns against America since the November 2016 presidential election.

According to both current and former U.S. intelligence officials, the Kremlin is believed to have almost 150 covert spies in the country in a determined effort to gain access to classified information. CNN’s sources said the methods Russian agents are using to learn state secrets include applying to jobs which handle such sensitive data.

Despite the known risks, the State Department has continued to issue short-term temporary visas to Russian officials who are in the country with the explicit intent of conducting Kremlin business.  In December 2016, two of Russia’s U.S. diplomatic compounds were shutdown and 35 Russian diplomats were sent home after the FBI learned of espionage attempts.

“Sometimes they [Russia] bring people over on legitimate business only, that’s true. But sometimes the spies they send over here come wrapped inside the veneer of legitimate business. They blur those lines pretty well. And that’s one way they try to get around the visa issue,” said Rear Admiral John Kirby, a former State Department spokesman.

The increase in suspected Kremlin spying comes as the computer systems of at least 12 U.S. power plants have been hacked since May by agents of a foreign government, with Russia being the top suspect according to three Bloomberg sources.

A report by the FBI and Department of Homeland Security confirmed that one of the targeted sites is the Wolf Creek nuclear facility in Kansas, but officials there said no “operations systems” have been infiltrated as the hack has been limited to computers handling business and administrative tasks.

However, government analysis of the recent breaches show that hackers attempted to gain access to U.S. energy company computer networks in order to carry-out attacks in the future which could possibly disrupt America’s electrical grid. Two sources with knowledge of the government’s investigation told the New York Times evidence shows infamous Russian cyberattack group “Energetic Bear” was behind the hacks, using servers in multiple European and Asian countries to hide their location.

Despite the failure of foreign hackers to gain meaningful access to a U.S. power source’s computer system to-date, the beginning stages of such an attack are cause for concern to energy sector personnel, as Russian hackers successfully disrupted sections of Ukraine’s power grid on two occasions in 2015 and 2016.

“We’re moving to a point where a major attack like this is very, very possible,” said Galina Antova, co-founder of a New York-based infrastructure security firm. “Once you’re into the control systems — and you can get into the control systems by hacking into the plant’s regular computer network — then the basic security mechanisms you’d expect are simply not there.”

 

[CNN] [Bloomberg] [New York Times] [Reuters] [Photo courtesy Espionage History Archive]