Hacking the power grids is no longer a worry for the world of hypothesis. It’s one for the here and now. This week, information is coming from Ukraine that their power grid was hacked on December 23. The details of just what sort of damage was done to the computer systems and the power grid in Eastern Europe is not entirely clear, but the long and short of it, is that this is the latest incident in a series of attacks that has targeted the North Atlantic Treaty Organization, eastern European governments and energy industries. The outage in Ukraine marks the first time the organization known to intelligence agencies as “The Sandworm Gang” actually succeeded in causing a blackout.
The Sandworm Gang works mostly by using a malware package dubbed “DarkEnergy” to disable and destroy the computers controlling whatever entity the Sandworms are interested in infecting. The latest version of this malware is called KillDisk. It is capable of shutting down systems, but more disturbingly, the DarkEnergy program itself inserts a clandestine back door to the computer system that is infected. As a result, any programmer can get into any utility system which is infected and make a real mess.
On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to “destructive events” that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.
“It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.”
Not only that, but according to the ARS Technica article, the malware was embedded in Microsoft Office documents.
According to ESET, the Ukrainian power authorities were infected using booby-trapped macro functions embedded in Microsoft Office documents. If true, it’s distressing that industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy. It’s also concerning that malware is now being used to create power failures that can have life-and-death consequences for large numbers of people.
And therein lies the real danger for all utilities that are connected to the internet, and who are using industry standard software. The Sandworms are thought to be Russian in origin, although maybe not connected to the government, and as we have seen in countless James Bond movies over the years, could quite easily sell their technology to the highest bidder. (Can you say ISIS?)
In the United States, we had a bit of a wake-up call in 2003 when a switch flipped and knocked out a third of the country’s power. Continental power is regulated and compliance certified by the North American Electric Reliability Corporation (NERC) which includes not just the U.S., but Canada and part of northern Mexico. Regulation is to bulk providers, of which there are many that do not work and play well with each other. From Business Insider:
“Hackers can’t take down the entire, or even a widespread portion of the US electric grid,”Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. “From a logistical standpoint, this would be far too difficult to realistically pull off — and it’s not what we should be devoting our attention to.
“What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level.”
Great, but still not exactly a comfort in the twilight of the Obama Administration when the man with a pen and a phone might get a bright idea.
Now that the theoretical is a reality and a real world worry – some part of the electrical grid being cut off with catastrophic implications – the war on cyber crime is going to heat up. So is the concept of arms being in the form of software. Hackers have already taken control of a hydroelectric dam for a short time in the United States. It’s only a matter of time before they try for something bigger.
More from Jazz Shaw at HotAir