Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Broke Into Brazil Power Grid Operator's Website Last Thursday

Posted by kdawson on from the wolf-no-really-this-time-i-mean-it dept.

An anonymous reader writes "A week ago, 60 Minutes had a story (we picked it up too) claiming that hackers had caused power outages in Brazil. While this assertion is now believed to be in error, hackers were inspired by the story actually to do what was claimed. Last Thursday, they broke into ONS, the operator of the grid (Google translation; Portuguese original). DarkReading has specific details on the SQL injection vulnerabilities the hackers probably used."

14 of 85 comments (clear)

  1. actually by Anonymous Coward · · Score: 5, Informative

    the hackers invaded the _website_, the ONS network of computers that actually control the system is private and not connect to the internet.

    1. Re:actually by Anonymous Coward · · Score: 1, Informative

      If your security consists of hiding the manual... You're doing it wrong.

  2. Re:closed systems by John+Hasler · · Score: 4, Informative

    > One would think critical power networks would be close systems.

    Read the article. What was broken into was the "corporate network" of the organization that runs the system. The control system was not broken into and in fact appears to be protected by an air gap.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:closed systems by nametaken · · Score: 4, Informative

    FTA...

    "ONS was notified last week of this problem. They've confirmed that, indeed, its Website was hacked. It claims to have fixed the SQL injection problems and that there was no danger because there was no connection between its Website network and back-end control network."

  4. Re:Really.... by nametaken · · Score: 3, Informative

    They were not. Read the article.

    "there was no danger because there was no connection between its Website network and back-end control network"

  5. Misundestood news by aylons · · Score: 2, Informative

    Hackers didn't broke into the ONS (national power grid operator) system. They have broken into its web site, and this has happened days after the blackout. And the website, naturally, has nothing to do with the operational servers. There are no evidences whatsoever that last Thurday's blackout was caused by an online attack.

    --
    This comment may contain speech figures. Reader discretion is advised.
  6. Re:Really.... by cdesousa · · Score: 2, Informative
    You should read the article (or the translation) first.... That is exactly how the system is implemented. The original article says

    "A rede operativa é blindada, separada da internet e operada via comando de voz", segundo informou a entidade

    In English,

    According to the organization, "The operative network is secure, is separated from the internet, and is operated by voice command"

    The article also says that the hackers got into the operative network but not in the operative network.

  7. Re:full disclosure by Anonymous Coward · · Score: 1, Informative

    Uh oh, best watch out or the Anti-Sec will destroy you... hahaha.

    Oh i bet those kiddos will be all over this story.
    Hey there AS, how'ya doin? You want some candy?

  8. Re:SQL injection? by Tellarin · · Score: 2, Informative

    ONS, the operator of the electric system, whose website was hacked, is not a state-run company. It is a private non-profit regulated by Brazil's National Electrical Energy Agency.

    --
    -- SouNerd.com
  9. Re:Do you believe in Coincidence? by Tellarin · · Score: 2, Informative

    There was no issue with Itaipu. It remained working. For now it seems it was a problem with distribution lines.

    --
    -- SouNerd.com
  10. Wrong summary by Tellarin · · Score: 4, Informative

    Well, first of all, the 60 minutes episode about blackouts in 2005 and 2007 provides absolutely no proof or other data about those blackouts being caused by hackers, except for two anonymous sources that suspect it was.

    Second, there was no breach in the grid network, at least not know so far. What happened was that the ONS (the Brazilian electric grid operator) website was hacked.

    --
    -- SouNerd.com
  11. Re:full disclosure by mitoyarzun · · Score: 5, Informative

    Here in Chile a guy reported the government about a serious bug on their outsourcing website (chilecompra.cl), they ignored him for months, and he made the bug public (you were able to know your competition's offer to the government just by changing a GET parameter).

    He was condemned by a court for breaking the law, more info here (spanish)

    What kind of action should one take in those cases? Has this happened before in other countries?

  12. Mod story down by acid06 · · Score: 2, Informative

    Hackers didn't "break into the grid" or anything close to that. They defaced the *website*, that's it.
    While that is surely a shame for them, is nothing even close to a real worry.

    No power outages were caused at all (and, in fact, couldn't be caused).

    Now please quit posting uninformed crap.

  13. Re:Really.... by Procasinator · · Score: 2, Informative

    Go to Options and change Comment Post Mode to Plain Old Text.

    That will take care of the newlines (inserting <br /> tags for newlines).