Hackers Behind Life-Threatening Attack On Chemical Maker Are Sanctioned

An anonymous reader quotes a report from Ars Technica: Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department. The attack drew considerable concern because it's the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers -- who have been linked to a Moscow-based research lab owned by the Russian government -- have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America's Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for "knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation." Under the sanctions, all property of TsNIIKhM that is or has come within the possession of a US person is blocked, and US persons are generally prohibited from engaging in transactions with anyone in the group. What's more, any legal entity that's 50-percent or more owned by one of the center members is also blocked. Some non-US persons who engage in transactions with TsNIIKhM may be subject to sanctions.

Eventually we're going to have to take this seriou

[raymorris]

Until now, we've pretty much treated information security attacks as if they were graffiti. Each organization tries to stop them.

In one attack, several hospitals were more or less shut down for a few days. The response was to talk about how health care organizations should have better security. How would we have responded if the attackers used a physical bomb to shut down the hospitals?

At some point, we're going to have start treating these attacks on the United States as if they were - attacks on the United States.

Re:

[bill_mcgonigle]

> At some point, we're going to have start treating these attacks on the United States as if they were - attacks on the United States.

There's terrorism and then there's racketeering. It's important to keep distinct ideas separate.

People will intentionally conflate ideas and say things like "financial terrorism" for emotional response. But then when you have somebody like George Soros try to corner silver or crash the bond market for profit, you have to pretend like he should be treated the same as Moha

Re:

[Entrope]

Attacks that shut down equipment could be racketeering. Attacks that are intended to cause major physical damage or death (unless it's in the context of a racketeering organization) are much more likely to be terrorism.

Who says things like "financial terrorism"? What do they actually say, if not that? Or are you just making a straw-man argument there? People talk about financing terrorism, but that's cases where someone provides money to people with the expectation that those people will commit terroris

Re:

[rally2xs]

I suppose its a case of whether you want to destroy the world over it.   Declare war on Russia, the normal response to an attack from Russia, would turn the planet to a cinder.

Sanctioning is probably the best response.   Beefing up cybersecurity is probably the best practical response we can afford.  We can't afford nukes with ground zeros of NYC, LA, DC, Detroit, etc, which is what we'd get otherwise.

Sanctioned individuals is a (weak) start

[raymorris]

> Sanctioning is probably the best response

It's a start. At least it's *something*, some response at the federal level. An empty response, but a response.
Russia attacks the US, attempting to kill Americans. The US response is that they're sanctioning (not buying from) a few specific individuals. If I'm the Russians, that doesn't give me any reason to stop attacking.

Obviously we don't want nuclear war. It may be that encouraging Russia to step up their attacks on the US makes war more likely.

Even a sm

Re:

[dunkelfalke]

So you wouldn't mind if Iran takes revenge in kind for stuxnet?

"death to America"

[raymorris]

Two things:

Stuxnet was big news that you so clearly remember ten years later because it was a big deal, very unusual. The US did a cyberstrike. That's so unusual you remember it ten years later. A strike against Iran's nuclear weapons development.

You want to say that's the same thing as Russia attacking civilians every day, including attacking hospitals.

You really, really suck at false equivalence. Like really bad. You're probably very good at many things, but you really should stop trying to argue that

Re:

[dunkelfalke]

The only unusual about that was that someone leaked information about it.

Unlike you I am not an American, hence I don't root for one team over another but rather go with the Shakespearean "a plague on both your houses".

Re:

[1s44c]

I like how you know that the Russian government attacks US civilians daily. No room for doubt, you just know. Even after all the lies about WMDs used to push the war against Saddam you still know with absolute certainty that there is no room for doubt in your information.

Well it's my day job, so ...

[raymorris]

I've spent the last 20 years full-time fighting against these guys, so yeah I kinda know they're real. I've been blocking China and Russia from networks they had no business in since around 1995. By this point, some of them probably know me by name. So yeah no question in my mind. Kinda like you're probably pretty sure the people you work with every day are real.

Re:

[1s44c]

How do you block China and Russia from networks given that any connection from China or Russia could be proxied though anywhere in the world?

It really sounds like you are assuming the source IP is the location of the attacker.

Re:

[raymorris]

There are ways. But as a rough first cut, 90% of attacks come from Russia and Chinese IPs, so blocking the from coming directly significantly decreases your risk and the amount of potentially suspicious traffic you need analyze more thoroughly.

Also, with the great firewall and all, it just doesn't make any sense for your average Nigerian spammer or Russian ransomware gang to break into China, only to break right back out. They can just use their Russian ISP, because why not? It's not like their ISP in Russ

Re:

[1s44c]

From what I've seen attacks almost always come from cracked Windows machines. These can be anywhere.

Re:

[DNS-and-BIND]

That wouldn't have anything to do with the fact that the US overthrew Iran's democratically elected government in the 1950s, would it? And replaced it with a dictator, whose secret police, the Savak, tortured and murdered anyone who got in their way? When you get to the root of most international problems it is almost always America at the bottom of it. And if not, another white capitalist nation.

Re:

[raymorris]

Let's assume for a moment that's absolutely true. And that world history fits on a number sticker.

Your reasoning is "and therefore we should let them nuke us"?

* bumper sticker

[raymorris]

Friggin autocorrect.

Anyway yeah let's just assume that 70 years ago a UK/American action was bad. No need to understand what happened and why, let's just say that putting the shah back in power was bad.

Because seventy years afo the UK, with US help, did something bad, we should let them nuke us today. Is that your thought?

Re:

[DNS-and-BIND]

It's saying that the chain of events started with American meddling. I'm thinking more meddling isn't the cure.

Ever wonder why you haven't attacked and destroyed North Korea the way you did to Iraq? Because they can fight back. Remember Iraq, when you claimed they had a nuclear program, too? That worked out well and was totally not exposed as a lie designed to start a war.

You maybe want to look around and see the blood-drenched neocons around you? Cheney, Rumsfeld, Bush, and the rest of the war criminals

Re:

[WierdUncle]

Secondly, I don't know if you're aware, but the official policy of Iran since 1980 has been "death to America"

Yes I understand that is true. But what do we do about it? And why does Iran have that policy? Cranking up sanctions against Iran could reinforce an "us against them" attitude in Iran, and actually make things worse.

To answer some of my own questions, the hostility towards the America in Iran may be traced to American support for the last Shah of Iran, who I understand ran quite an oppressive and corrupt regime. Also, my understanding of the Koran is that there is a good deal of "us against them" built into

Re:

[kaoshin]

So you wouldn't mind if Iran takes revenge in kind for stuxnet?

Revenge? Iran facilitated travel of the 9/11 attackers to the United States, and their intelligence defectors said that Iranian officials had foreknowledge of the 9/11 attacks. They deserved worse, and to hell with anyone who would defend or support them.

Re:

[1s44c]

You are repeating the propaganda that was used to try and justify the extension of the invasion of Iraq and Afganistain into an even bigger oil-stealing mission. We now know the "Saddam has super-weapons" story was entirely fabricated, yet you don't question this Iran nonsense.

Re:

[kaoshin]

Although Saddam was a horrible dictator who deserved his fate, the United States clearly used a false basis for the invasion of Iraq, and the evidence and case was not made for that invasion. That was completely indefensible, has been a lasting stain on our reputation, but in this case is also a complete distraction.

I question everything, and Iran's involvement was questionable to me until ample and convincing evidence was presented, including the admission of actual Iranians. Iran's terroristic acts (dir

Re:

[quonset]

Iran facilitated travel of the 9/11 attackers to the United States

Correct. Saudi Arabia facilitated travel of the 9/11 attackers to the United States. 15 of the 18 hijackers were from Saudi Arabia. Saudi officials in Miami had contact with at least one of the hijackers [npr.org] including providing money for them to stay in this country.

their intelligence defectors said that Iranian officials had foreknowledge of the 9/11 attacks.

Which is why Mossad agents were filming the towers prior to the attack [todayscatholicworld.com], were caught w

Re:

[1s44c]

Iran facilitated travel of the 9/11 attackers to the United States

Correct. Saudi Arabia facilitated travel of the 9/11 attackers to the United States. 15 of the 18 hijackers were from Saudi Arabia. Saudi officials in Miami had contact with at least one of the hijackers [npr.org] including providing money for them to stay in this country.

Are you saying Iran facilitated travel of the 9/11 hijackers, Saudi Arabia did, or you believe these two are the same country?

It's really not clear what you are saying.

Re:

[quonset]

Yes, it is clear if you understand the facts and not some troll lying about reality.

Re:

[1s44c]

I'm asking you what you are saying. Someone said "Iran", you agreed then said "Saudi Arabia" in the next sentence.

Was it one of these, both of these, or neither?

Re:

[quonset]

The US response is that they're sanctioning (not buying from) a few specific individuals. If I'm the Russians, that doesn't give me any reason to stop attacking.

One only needs to see who is in the White House to understand why this is the case. Any sanctions against Russia are unfair according to the con artist. It's why he has refused to follow the law [newsweek.com] when Congress gave a list of companies and peoples to be sanctioned and went out of his way to remove sanctions [politico.com].

Re:

[raymorris]

Let me see if I follow your reasoning. I get the "Trump is a jackass" part, that's obvious. I'm not sure I'm following the other part.

The reason that the Trump administration implemented the sanctions that are the subject of this story, with the Obama and Clinton administrations completely ignored cyberattacks from Russia, is because TRUMP is weak in the Russians?

I guess the reason that Bill Clinton didn't do anything about Russian attacks and Hillary Clinton paid the Russians (through Steele) for dirt on

Re: Sanctioned individuals is a (weak) start

[ArmoredDragon]

The Bush doctrine requires that when foreign countries provide safe harbor to terrorists, then they must cooperate with any effort to apprehend or kill them. They can't be neutral, they're either with us or against us. Why not treat Russia the same way? This is a pretty blatant case of terrorism, so we should sanction Russia as well.

Re:

[raymorris]

Apart from that, in this case it's directly government sponsored. So the only issue is whether we put up with Russia attacking us or not.

Re:

[account_deleted]

Comment removed based on user account deletion

Nukes==Peace

[ghoul]

Because Russia has nukes Us will put its effort into better Cybersecurity - a positive outcome. Without Nukes US would have invaded and killed millions. Which is why I believe the NPT is immoral. All nations should have the right to acquire nukes so that international policy is based on diplomacy not the threat of conventional force (which naturally benefits more militaristic nations)

Re:

[rtb61]

Probably the most insanely stupidest responce I have seen. By far the majority of investigatory agencies and agents like 99.99% of them would say nothing and attemtp to draw the perpetrators out so they can be prosecuted. This public annoucement with no court case, is a LIE, straight up manufactured propaganda.

BY LAW INNOCENT UNTIL PROVEN GUILTY, the US government version WESAYSO, the corporation of dinosaurs, they are guilty because the WESAYSO corporation says so. The Russian government has repeatedly re

Re:

[WierdUncle]

Sanctioning is probably the best response.

I am not sure that sanctions are effective, in preventing undesirable state actions. I get the impression that Russia is quite happy being a "naughty boy" on the international stage. Various alleged poisonings outside of Russia indicate disdain for international opinion. As for N. Korea, what sanctions seem to be doing is starving the ordinary people, while the totalitarian government continues to spend money on developing nuclear weapons.

One problem with punitive sanctions is that it can reinforce the popu

Re:

[olsmeister]

IT infrastructure is much easier to restore than physical infrastructure.

Re:

[Type44Q]

The response was to talk about how health care organizations should have better security

If you insist on walking around without your pants and you keep getting involuntarily assfucked, what do you do?? Obviously this is a logical problem but there are those with an agenda and a vested interest in pushing reactionary, fear-based approaches that will lead to demands that we ban private use of encryption (you know, for our own safety),

I'm sure you know exactly what I'm talking about.

Eventually I'd fight back against the rapist

[raymorris]

I don't know about you, but if I were getting raped all the time while I was in possession of a gun, a can of pepper spray, and a baseball bat and I'd eventually get tired of it and put some hurt on the rapist.

Re:

[raymorris]

Just FYI, Russians aren't black. Just figured I'd let you know, since you seemed a little confused.

My family is back, Russians are pale. Just FYI.

Re:

[raymorris]

Wow. When a black family doesn't want to be attacker by the Russian government, your head tells you that's racist against black people.

I guess that's where the term "Trump derangement syndrome" comes from - you've utterly and completely lost all ability to to with any logic or reason.

Re:

[_Sharp'r_]

But darn that Trump Administration, always putting more sanctions on Russians!

I guess they didn't get the memo that the Democrats think they should be helping them instead. Probably still smarting from being told the Russians were no threat by Obama in his debate w/Romney.

Re:

[Mr. Dollar Ton]

What about the criminals at the NSA who developed Stuxnet - a virus that caused mayhem all over the world, are they getting indicted?

Where "all over the world" means Iran's nuclear fa

[raymorris]

I guess if you redefine "all over the world" to mean "in Iran's nuclear weapons facility".

Funny thing about that. You remember Stuxnet ten years later because it was big news that the US did a cyberstrike - against Iran's nuclear weapons program. You don't remember the Russian attack against US hospitals last week, or against the US power grid the week before that, or ... because that's a daily occurrence.

Russia attacks civilian targets, including hospitals, constantly. The US struck against nuclear weapon

Re:

[Mr. Dollar Ton]

You guess wrong, shill.
"All over the world" means precisely "all over the world". As in, virtually everywhere:

Country Share of infected computers
Iran 58.85%
Indonesia 18.22%
India 8.31%
Azerbaijan 2.57%
United States 1.56%
Pakistan 1.28%
Other countries 9.2%

You don't remember the Russian attack against US hospitals last week, or against the US power grid the week before that, or ... because that's a daily occurrence.

I remember very few occasions where we've seen credible evidence of "Russian" involvement, but we've most definitely seen credible evidence of tools developed by US intelligence that pretend to be "Russian", "Chinese", "North Ko

Re:

[DNS-and-BIND]

Wikileaks exposed the fact that the NSA can put Russian (or anyone else's) fingerprints on an attack. We know this with certainty. We also know with equal certainty that the NSA lied when it said it was not conducting warrantless searches against American citizens, in violation of the laws our Republic passed regulating what they're allowed to do. And you trust them when they tell you Teh Rooshins done it? Blame the dirty foreigner? How can people fall for lies from a known liar? Remember the Maine!

Re:

[DNS-and-BIND]

A war with Russia - which means nuclear war - is all but inevitable now. As long as the Putin tool Trump is defeated. The Harris administration will utterly crush Russia, Iran, Syria, Venezuela, and probably North Korea too. The USA has overwhelming military power, all that's been missing is the will to use it. After that, it's smooth sailing and we can start setting up a global governance. TPP will look like a cakewalk. Imagine a borderless world where people can go wherever they want for jobs or to escap

Re:

[1s44c]

The US doesn't have overwhelming military power in a nuclear war, and even if it did the fallout would wipe out the US too.

There is no winning a nuclear war, the best possible outcome is a mutual loss.

All that was old is new again

[Ronin441]

The Americans claim to have fired the first shot in this war in the 1980s, blowing up a Soviet gas pipeline: https://www.wired.com/2004/03/... [wired.com]

Re: All that was old is new again

[ArmoredDragon]

Russia's exploding gas lines were self inflicted. They were in a rush to make Europe dependent upon their supply, so they cut corners by stealing technology from the US. Then it literally blew up in their face. Why do you think Russia never made a big deal about it? The only way they could would mean confessing.

Re:

[ghoul]

Victim blaming much. i guess you ask rape victims if they dressed provocatively or were being teases?

I'm confused

[ArchieBunker]

The headline suggests the hackers are being sanctioned (by whom?) but the article says the group is being sanctioned. I can't imagine random Russian chemical companies having a large US customer base.

Re:

[PPH]

Sanctioned by the US Treasury Department. Russian companies may not have a large US customer base. But try doing business anywhere in the world without having access to The Almighty Dollar.

Bitcoin

[ghoul]

Business is moving to Bitcoin precisely to avoid being collateral amage in dick measuring contests between NSA and their foreign counterparts on whose a better hacker. USA especially tries to use lawyers to win the game when NSA hackers are not good enough

The Russian government is doing an war act

[Joe_Dragon]

The Russian government is doing an war act with this. Now do we need laws saying it ok to strike back with no legal or civil responsibility?
Aka an get out jail / court for free pass?
They can't sue someone for an missed strike back and they can't have execution warrant be issued.
Also if they send an bounty hunter that guy will have no legal rites to do any thing in the usa / they can be shot if they try to take some in with that shoot getting the best legal team for free to cover any local issues that come u

Re:

[SuperDre]

Funny for the US saying something like that and pointing finger, as they themselves have spread malware in other countries (like Iran) to cripple serious installations.. So before you go pointing fingers and saying 'government is doing an war act', start thinking about what the US government does themselves... Or do you think if the US does it it isn't an act of war, but if another country does it, it is?

Re:

[ghoul]

Israel spread the malware in Iran though with US cooperation. Generally USA has tried to keep its hands clean so as to avoid giving reasons for retaliation. Of course under Trump that policy has gone out the window. Assasinating by drone the Iranian equivalent of the Commandant of the Marine Corps is definitely an act of war and USA did that this January. Right now Iran could assasinate the Commandant of the Maine Corps and most countries would consider it a proportional response. Though Iran has declared U

Under sanctions

[nospam007]

No F150 for you!

wow.

[WindBourne]

I wonder if Putin is OK with Trump having the treasury dept 'sanction' the russian group?

Re:

[_Sharp'r_]

Apparently, based on the evidence of multiple previous sanctions and other actions like convincing NATO to up their anti-Russia defense spending, Putin doesn't have a say in the matter.

Re:

[WindBourne]

Trump has been 100% opposed to any real actions against putin.
In addition, he pulled troops out of Germany, while the military INSISTED on putting some up front closer to Russia, which he allowed a fraction of what was pulled.
And he turned over Syria to Russia/Assad ( now, si turning afghanistan over to ISIS, QA, and Taliban ).

I will be amazed if he does not end up moving to Russia quickly after Jan 22.

Re:

[_Sharp'r_]

He stopped basing some troops in Germany because the German leadership failed to follow their promises with regards to... defending against Russia. That's wasn't a pro-Russia move. BTW, the same troops are still based in Europe, just moved to other countries.

For someone you claim to have been 100% opposed to actions against Putin, he's sure taken a lot of actions against Russia [brookings.edu].

Comment removed

[account_deleted]

Comment removed based on user account deletion

Way to ACT TOUGH!!

[gavron]

They attack our infrastructure so we have a powerless agency SANCTION the INDIVIDUALS?

I guess these "really bad hombres" won't be vacationing in Florida.

Man, our Treasury Department SURE SHOWED THEM!!!

Way to act tough, Treasury Deparment pussies.

E

internet-connected infrastructure

[lkcl]

somebody remind me again why life-critical infrastructure is directly connected to a world-wide public internet?

Re:

[ebvwfbw]

somebody remind me again why life-critical infrastructure is directly connected to a world-wide public internet?

Because stupid people are allowed to run those facilities. I'm in the security discipline and we've always recommended air-gapping them and not by a little bit. Completely different room, with noise generators. Very tight controls on anything to do with those machines. Chemicals, Nuclear, Water works such as dams, sewage, etc. Anything where someone could get in and cause people to die should be very high security. The more people that can die the higher and strict the controls. Here on /. we've had stories

They really blew that headline.

[sabbede]

"Hackers Behind Life-Threatening Attack On Chemical Maker Are Sanctioned", means they are doing so with the explicit approval of some government. That is, the Russian government sanctions their activity. It is an official act.

But is that what the article is about? Is that what the headline is clearly intended to mean? NO! The article is about the US Treasury Dept. cutting the hackers off from trade and finance. They are under sanctions. Sanctions have been applied.

I realize the term is annoyingl