Foreign Hackers Infiltrate US Power Grid – Report

Foreign Hackers Infiltrate US Power Grid – Report

Potentially state-sponsored foreign hackers have launched a series of successful advanced attacks against the US power grid infrastructure over the past decade, giving them critical access which could enable remote control, according to a new report.

Unnamed “top experts” told AP that attackers had struck at the heart of the nation’s ageing operations networks around a dozen times over the period—although such attacks have largely gone unreported.

Rather than effect massive blackouts across the country now, the hackers are likely to be sitting tight inside these networks until a more propitious time, it is believed.

Although the US regularly defends attacks from Russia, China and even the Islamic State, it was a recently discovered intrusion by Iranian hackers which has caused most consternation.

They are said to have targeted power provider Calpine—which has over 80 plants in North America—back in August 2013.

In a classic APT-style intrusion, the attackers first targeted a contractor of the energy firm. From here they obtained usernames and passwords to remotely connect to the Calpine network.

Although the level of access they achieved could have enabled them to shut down power plants, they instead chose to steal detailed engineering drawings of networks and power stations across the country.

This gave them knowledge of what devices they’d need to hack to target specific plants—although it has been suggested these were out of date and so not as useful as at first thought.

Also stolen apparently were plans showing how individual plants transmit information back to the company's virtual cloud.

Cylance researcher Brian Wallace first made the discovery, finding over 19,000 files stolen from all over the world by the group, including from Pakistan International Airlines, the Israel Institute of Technology, Mexican oil firm Pemex and the Navy Marine Corps Intranet.

Iran-based IP addresses and snippets of Persian comments in the code led investigators to speculate about the origin of the attack, although the involvement of the nation’s government was too tricky to attribute.    

Key parts of the US power grid run on outdated software for which there are no longer patches, yet they are connected to the internet to make management easier—crucially exposing them to these kinds of attacks.

However, business continuity is built into the system, making a nationwide blackout difficult to effect.

It’s not just the power grid that’s at risk. A new report claims Iranian hackers managed to break in and gain access to the industrial control systems of a New York dam—in a move which could have allowed them to control the flood gates.

It’s claimed that the US has the highest number of internet-connected industrial control systems in the world—over 50,000.

Photo © Jim Parkin

Source: Information Security Magazine