Just last month we looked at an instance where hackers, possibly of Russian origin, briefly took control of computer systems at a hydroelectric dam in New York. That’s a worrisome development to be sure, but it was hardly an isolated incident. This week we learned that a far more effective attack took place around Christmas in the Ukraine. Hackers knocked out the power to a broad area in the middle of some brutal winter conditions and once again the Russians are suspected as the source. (Forbes)
Just before Christmas, power went out across western Ukraine. Soon after, the energy ministry confirmed it was exploring claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing blackouts across the Ivano-Frankivsk region on 23 December. The SBU state intelligence service said Russian attempts to disrupt the country’s power grid had been deflected, but did not comment on any specific attack.
The details were patchy. But today, the Computer Emergency Response Team of Ukraine – CERT-UA – told FORBES the outages were caused by an attack. National CERTs are in charge of coordinating responses to and investigations into cyber attacks. Eugene Bryksin, a member of the government organization, said it was working with Prykarpattyaoblenergo on the investigation but could provide no information other than to confirm the accuracy of the reports.
ARS Techica has some of the geek oriented details and the picture isn’t a pretty one.
Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by “BlackEnergy,” a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable. More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems. The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.
Until now, BlackEnergy has mainly been used to conduct espionage on targets in news organizations, power companies, and other industrial groups. While ESET stopped short of saying the BlackEnergy infections hitting the power companies were responsible for last week’s outage, the company left little doubt that one or more of the BlackEnergy components had that capability.
Intelligence agencies have dubbed the group suspected to be behind the development of BlackEnergy as “the Sandworm gang” and they’ve been a busy organization indeed. Their list of previous targets includes NATO, several eastern European government computer systems and major industrial corporations. Their malware transmission methods sound frighteningly simple, including the use of infected Microsoft Office documents which unwitting utility operators open without realizing that they’ve just given control of the power grid to the hackers.
This should serve as yet another wake up call in the United States. We’ve now seen a real life demonstration of malicious hackers taking down the power grid and endangering the lives of hundreds of thousands of people. While it might be comforting to think that Ukraine is some sort of backwards nation technologically and that America must be safer, it’s sadly not true. Business Insider reported on this problem last October and the results of their investigation showed that our own grid is complex, but broken up into competing regions controlled by a large number of players who don’t cooperate with each other very much and are unwilling to invest the money to make the system more secure. What happened in Ukraine could just as easily happen in the United States and the power could be out for a significant amount of time.
Remember… winter isn’t coming. It’s already here.