Maduro raid had telltale signs of a cyber-enabled blackout

Disrupting Venezuela's power grid is well within the reach of U.S. military hackers — not only because they're among the world's most capable cyber operators, but because the country's electrical infrastructure is exceptionally fragile.Why it matters: Trump said that ahead of the raid to capture Nicolás Maduro, "the lights of Caracas were largely turned off due to a certain expertise we have." Former officials and cybersecurity experts tell Axios the blackouts had several telltale signs of a military-led cyber operation.Rarely does the public hear about U.S. offensive cyber military operations, particularly those that may have disrupted civilian infrastructure.Washington considers the tools and tactics it uses in cyberspace one of its most safeguarded secrets.Driving the news: After Trump's comments about turning off the lights, Joint Chiefs Chairman Gen. Dan Caine said U.S. Cyber Command and Space Command helped pave the way for the operation by "layering different effects."A Cyber Command spokesperson said in a statement to Axios on Wednesday that the command was "proud to support" the operation and is "fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War at any time and in any place."Venezuela's state power company, Corpoelec, said power substations around Caracas were knocked out as part of a "planned maneuver that resulted in the kidnapping of the president," according to a translated statement.The intrigue: While the specifics remain top secret, it's clear this was not simply one of Venezuela's many run-of-the-mill blackouts.For one thing, the blackouts happened only in select areas where the operation occurred, said one critical infrastructure security expert, who requested anonymity to share specific details.Videos of the weekend's blackouts indicate that the lights went off immediately, without the flickering that is seen in rolling blackouts, Gary Barlet, public sector CTO at Illumio and a former cyber operations officer in the U.S. Air Force, told Axios.While there were 150 aircraft in the sky, including to take our air defense systems, power was restored at several affected substations within two hours. "If they bombed it, it wouldn't come back on right away," Barlet said.Zoom in: Venezuela's electric grid is run by state-owned Corpoelec, and researchers have long warned that the government wasn't investing enough in infrastructure.Power lines hang low through neighborhoods and some even run through home windows, according to the critical infrastructure expert. International sanctions have made it harder to upgrade equipment."You'll find legacy stuff there from 50 years ago still operating right next to — if they've got their hands on it in Venezuela — a brand new controller that enables them to handle say, the west side of the city," the expert saidBreaking it down: Cyber operations against the electric grid can take many forms, and Venezuela's aging infrastructure means even just a light touch could work, experts said. Consider the following:Military operatives could use a flaw or backdoor in a legacy piece of equipment to remotely gain access to the system and exploit its native functionalities — turning off the lights from the inside without much detection.An insider could be paid off to plug a malware-laced USB into physical systems.Hackers could have also simply help to jam internet-connected tools that keep parts of the grid running.The intrigue: Past cyberattacks against the electric grid show nation-state hackers have these capabilities, said Kurt Gaudette, senior vice president of intelligence and services at critical infrastructure security company Dragos.Over the last decade, Russian hackers have been using the Sandworm malware to shut down parts of Ukraine's power grid, for example.Reality check: The comments from Trump and Caine don't necessarily mean that hackers knocked out the lights, J. Michael Daniel, a former White House cyber official, told Axios.It's rare to see hackers going after the operational technology that critical infrastructure runs on, and often systems that are heavy with legacy tech can be harder to break into remotely, he added.There are low-tech possibilities, such as spies or Venezuelan accomplices flipping switches manually.The bottom line: We may never get an answer, in part because determining whether cyber sabotage knocked out the lights requires a lot of data that Corpoelec might not have, Gaudette said.Cyber Command also has no incentive to offer specifics about its role in the blackouts or beyond."They could have used cyber for a lot of other effects outside of turning the lights off," Gaudette said. "I'm going after eyes, ears, lines of communication — those types of targets — because I want to get in and out in the least obtrusive, threat-based type of way." Flashback: Maduro blamed 2019 blackouts on U.S. cyber operations, but opposition leaders argued he was just shifting the blame over the government's failures. That time, it took days for the lights to come back on.Go deeper: What the U.S. used to capture Maduro