INTERNET LAW - CIA Report: Cyber Extortionists Attacked Foreign Power Grid, Disrupting Delivery

Kelly O'Connell, IBLS Editor
mail icon Email discuss icon Discuss printer icon Print

In an unusually bold statement detailing another incursion of the Net battle targeting government sites, the CIA admitted web hackers penetrated overseas power grids, compromising service while demanding payment in exchange for cessation. The U.S. Central Intelligence Agency made this announcement at a meeting hosted by the SANS Institute on January 16, in New Orleans, LA. The meeting was of 300 U.S., British, Swedish, and Dutch government officials, engineers and security managers from electric, water, oil & gas and other essential infrastructure industry asset owners from North America. The SANS Institute offers solutions for hacked companies

Join the Internet Law Forum (ILF) to... discuss, share information and knowledge, questions and doubts... regarding the legal aspects of the Internet. The ILF is ALL about the INTERNET... business, laws and regulations, social media... Sign up to enjoy the benefits of the Free Global membership in the IBLS international community!

In an unusually bold statement detailing another incursion of the Net battle targeting government sites, the CIA admitted web hackers penetrated overseas power grids, compromising service while demanding payment in exchange for cessation. The U.S. Central Intelligence Agency made this announcement at a meeting hosted by the SANS Institute on January 16, in New Orleans, LA. The meeting was of 300 U.S., British, Swedish, and Dutch government officials, engineers and security managers from electric, water, oil & gas and other essential infrastructure industry asset owners from North America. The SANS Institute offers solutions for hacked companies.

 This topic has been detailed in previous IBLS articles on Internet attacks targeting governmental and industrial sites, such as 'Cyber Cold War' Has Been Launched. There are now a large number of hackers toiling round the clock to find weaknesses in important computer systems in order to steal intellectual property and also to plan a Cyber Cold War. These hackers have been especially linked to sites found in China and Russia, and are thought to be officially state-sanctioned employees. See also, Chinese Web Spies Steal Rolls Royce & Shell Oil Secrets.

 Tom Donahue, the CIA's top cybersecurity analyst, said, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

An attendee of the meeting said that the attack was not well-known through the industry and came as a surprise to many there. Said the person who asked to remain anonymous, "There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack."

While Americans may believe they exist behind the walls of a fail-safe computer system, a recent demonstration has shown this is not the case. An example of the potential of unknown web users hacking into U.S. power grids was recently highlighted last September when CNN showed a U.S. Department of Homeland Security video, known as the "Aurora Generator Test." This test depicted an Idaho National Laboratory attack, showing how a software assault on the site computer system controlling power generators made one unit inoperable. In fact, the cyber-attack left the generator a smoking hulk.

 At the annual DefCon Hacker Conference in August, staged at Las Vegas, analyst Ganesh Devarajan from the security firm Tipping Point gave a presentation on various techniques on how hackers could access a SCADA (Supervisory Control And Data Acquisition) system to hijacking and sabotage them. SCADA systems are typically used to control industrial site computer systems.

Alan Paller, director of the SANS Institute, says "In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems. Hundreds of millions of dollars have been extorted, and possibly more. It's difficult to know, because they pay to keep it a secret. This kind of extortion is the biggest untold story of the cybercrime industry."

Paller says he fears these types of industrial Internet sabotage incidents will increase in the future, stating, "There's been very active and sophisticated chatter in the hacker community, trading exploits on how to break through capabilities on these systems. That kind of chatter usually precedes bad things happening."

Hacker extortion also is more often against private entities, reports Bruce Schneier, chief technology officer for security firm BT Counterpane. A typical target of such activities would be offshore-hosted Web sites for pornography and gambling enterprises. Schneier claims power companies are a new victim.

Schneier believes that security analysts should not simply assume the SCADA system was the entry point in the assalts, especially since the CIA claimed the penetration resulted from "inside knowledge" of systems access. He said, "How much of this is a computer vulnerability, how much is a human vulnerability? I wouldn't jump to any conclusions." But Schneier also dismisses the idea that America is safer than the rest of the world in terms of industrial infrastructure attacks, stating "There's nothing magical about a system being in the U.S. The same vulnerabilities are everywhere."

Paller said he believes agent Tom Donahue and the CIA had very carefully pondered whether to reveal the disturbing information before they released the bombshell and had done so with a specific purpose, going against normal protocol to not unduly alarm the public. Said Pall, "My sense is that they wouldn't have disclosed this if they thought the problem had been fixed."

 

 

Kelly O'Connell, IBLS Editor

[Reference 1]

[Reference 2]

[Reference 3]

email icon Email discuss icon Discuss printer icon Print