A look inside Russian cyberhacking

Cyber-expert Anup Ghosh, CEO of cybersecurity firm Invincea, talks with ABC News' Pierre Thomas about how Russian hackers can infiltrate other countries' networks.
13:06 | 03/27/17

Coming up in the next {{countdown}} {{countdownlbl}}

Coming up next:

{{nextVideo.title}}

{{nextVideo.description}}

Skip to this video now

Now Playing:

{{currentVideo.title}}

More information on this video
Enhanced full screen
Explore related content
Comments
Related Extras
Related Videos
Video Transcript
Transcript for A look inside Russian cyberhacking
I am Pierre Thomas of ABC news and here rely with a new ghost. Who is the founder. Emergency. Was is now sell those company that's right we're gonna talk a little bit about Russian hacking and the way that hackers can control industry and companies. So take away. Yes two. We worked. Hal you would actually happen power and of course Bratton should this specific methods but. This again example the kinds of hacking. That you see cyber criminals doing to get in the company's need and can actually be applied to. Critical systems like power plants that. If the folks watching. You're going to see how something as simple as your email and Greg gateway for the bad guys to get. Yes it when he tea livid about this is a power plant call human machine interface. And so if you were getting too near you your local utility. Unit had his plant operators. And there's various parameters of the system that they can change from their computer which is that typically in windows desktop computer thing. And typically. In their lot into this age and my. And doing their job as engineers. And tell people give a sense of what they can control and a power plant using their computer yes so I will go. Give me examples oh that's the particular control. Affect click on it. You concede there's all kinds of parameters and I can even keep things line. A little arm Tyler make in pivotal arms. You know and so on. And that can be really dangerous of the power plant if the alarms don't go off the heat goes up to a higher point right. That's that's a great way to sabotage yes so. As a hacker. I think if I can gain control of the engineers computer. That I as a hacker. Can affect all of these parameters including. Raising. Make the process unstable and and then turning up alarms says engineers are now and the wife. Austin so let's give a sense of how a hacker would give it. So what I've done is on my hacking machine I've created Palin. That if I can get the user. You open this attachment to an email will give me full control of the user's machine and so. That tailored into an email and senses. To. The employee. In eight and kids how to spear fish right. But the good spear fish is an email that typically. And its interest if not passion writing. And by the way about 95%. Of all acts start as an email spear fish. So me in this case is the employee that works at this company right right and the Haq is initiated by someone posing as someone that. The person who works the company would no absolutely and and technically and by the way is very easy this. Being someone else right so email doesn't really check. The affront to verified as legitimate from sender. So often times. You know this this might get when you hear spray and it might be coming from Jack for someone else. And you'll see it's as well take a look. And it has been here's and pulley bonuses. Of course I want it now everyone's that whatever else made up their bonuses. Is that we take a look at what a dominant alpha server can believe what I went yeah. Now the pack when Dolan research by is Bob working at the company. And Mallory would be someone to simply would expect that he would no right or at easily he would now and by the way checking on the company's real easy yet. Right by type and accompanying them again as mentioned delicately Europe. On wing Dan and art so that little thing there attached. Is key right at. The Lewis this is mine hate and it let me get the user. Agent in prison opening. What will happen. Is it'll open. When the news media center and where in this case X wouldn't really old vulnerability that Microsoft. If want them hatched. But the point here is in typically in the utility industry and some are typically running. All versions of Microsoft but it happened hat because they're afraid that they catch everything. What might break. For instance getting control that are OK so now opens attachment that was hacker now able to now and hit with both trigger warning which we left. And partially this is the real behavior we see with users is. In a box it's just something get away. And yet again another security warning. But in this case I really wanna see how much Bob me that. You know a good session in round this. And what that now does is it silently. Runs. My malware. Which then reaches back to my attacker. Machine. As an outbound connection which pretty much means that. Our wall is now useless because it connection came from the victim's machine so the hacker just went like a ghost. Yes. Tippett around inside able to manipulate. The power right in on my hat from machine. I now have full control. Of this machine right here I'm running with the same privileges. As this right here same rights and bruises and therefore you have access to that I have full access that our plan I wouldn't shave my screen. I which a U I would get. The complete view of. This machine as you see here. And you know for purposes of the display and now we'll just show you read here agency. Again it's all kinds of things I can be here. When if you wanted to overheated I would you do that so first thing that's great question because. I might just be a hacker but I'm working for a nation state. I've got a whole team behind me and what they would keep for example when you a couple of years in December 2015. Rush who is alleged to have hacked. Ukrainian power plant rate in action rock downed power throw large swap Ukraine. Now. That these teams are typically teams that are competitors that hackers to society exploits that Palin's but they're back by engineers. Who understand how to run a power plant. For example. And Robert tweaking certain parameters in a closed loop. Process can be enough to make it and staple. Right. I'm out of power plant engineer. I don't know what caused near an unfettered power plants. But the power to change. The parameters and just the right way. Members steps that in Iran. It didn't. Breakdown whole plan it changed me centrifuges. She asked enough that a bit unstable and spun through fasting and their corset Iranian nuclear program back I think. Yours might remember when we first started one of the things we were doing is setting up so the long's work yet so. All this would be happening and the people working to plant probably wouldn't even know what was that. And that only that not only can I change that parameters I can also lock out. My power commissioner's ability. To get into parents' system. And of being sent. To key words. Nations. And talk of folks. So should be about why. That's a whole know why that's a whole new level if you will in terms of what damage can be done because again you're saying all different accessories sources and people they can put behind you and attacked right. Ed in today's nation states that sophisticated ones. I understand that cyber just another means of getting to deer and Eagles writes that for example. With Sony Pictures entertainment. North Korea. Essentially brought down in terror network because they were upset over a film her eight. And so that was an act of retribution. Saudi aramco. Was taken down. Byron and another destructive attack. That's geo political. Warfare right. The US elections right went out Russia half. The US elections. But he did more than just happened computers and they use social media very cleverly. To put out they news they had no a thousand. Content writers putting outs salacious headlines on FaceBook and other properties. That of course he's the bot army to light in between these so it shows up on your need. And let's hear mine experts attacking mines as well as hacking computers. And again we will never know necessarily. A direct impact but. Ideally from their perspective. Several 100000. Voters here and there could change analysts. Absolutely and we and you're right we don't know to what extent it actually change election but. I'm gonna guess they tasted. Ever. And helping people understand the notion of using. Hacks like this again to change the way people think when they're sitting at home. Or in their office or their Smartphones and they're getting tweets about you know that Hillary Clinton is accused. You know. Engaging in any some kind of nefarious activity in a pizza. You know power in Washington. That that actually influenced people we know right. We know that and an end we all knew with so many source is that news letters cable broadcast or on line. Audience itself what. The kind of news it is carpet and I know what's real as her know what's real what's an end if you're friends in your network from liking something. You're sort of validating. For someone else that this is a true story and say we. Tears your earlier question hacking is become much more. Then simply hacking into a machine and taking over power plant. It's also influencing. People's ideology and views potentially do things like. Undermine democracy and her beginnings right now western here. In terms they have a list of hacking by a nation states. It used to be. We know for example the Russian journalists who have packed the White House and take care but it was used to be views of the traditionalist via let's get the information. This uses for internal purposes but we're now hearings term weapon yes right thing weaponized information they got. From the Indians see how people explain what was that me. So. It used to be it is still list of course but China you know was pro with her up. Do a lot of hacking. Justice to information. Writes that weather was. Foreign policy government or a lot of times technologies design. Technology designed to help feed earn industries compete on a global scale than what we're seeing now quarters are. Same nations are recognized think he's cyber we're distracted me right so it could be. Bring down at large network it could be happening our plan or it could be he changed the outcome. Certain death rate. And yet naming chain is one of the things WikiLeaks is has become a proxy reform effort right if I can grab your email. By hacking your machine. I can slowly drip out over a period of time damaging an incriminating emails especially get you to me stepped aside. Yet if you were running for office. And we heard the FBI directors saying last week that they. Putin's specifically hated Hillary Clinton so much that's the reason why he want to harm her reputation and her persona. Down the stretch of analysts and if you think. About it I can do that with a pretty low cost method with basically very hard to proof in the court of law. I would not write and I think for us we need to be aware this is happening right and we need to be prepared report. And so I think you know for the US we were caught Tucker's. And we now honor the oath kind of respond and react to this. Hacking isn't just about getting machines off about influencing outcomes. While we want thank you need for your time it's been a pleasure. I'm Pierre Thomas and ABC news thanks for joining us. Aren't myself thank you.

This transcript has been automatically generated and may not be 100% accurate.

{"id":46403350,"title":"A look inside Russian cyberhacking","duration":"13:06","description":"Cyber-expert Anup Ghosh, CEO of cybersecurity firm Invincea, talks with ABC News' Pierre Thomas about how Russian hackers can infiltrate other countries' networks.","url":"/Technology/video/inside-russian-cyberhacking-46403350","section":"Technology","mediaType":"default"}