Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Broke Into Brazil Power Grid Operator's Website Last Thursday

Posted by kdawson on from the wolf-no-really-this-time-i-mean-it dept.

An anonymous reader writes "A week ago, 60 Minutes had a story (we picked it up too) claiming that hackers had caused power outages in Brazil. While this assertion is now believed to be in error, hackers were inspired by the story actually to do what was claimed. Last Thursday, they broke into ONS, the operator of the grid (Google translation; Portuguese original). DarkReading has specific details on the SQL injection vulnerabilities the hackers probably used."

5 of 85 comments (clear)

  1. actually by Anonymous Coward · · Score: 5, Informative

    the hackers invaded the _website_, the ONS network of computers that actually control the system is private and not connect to the internet.

  2. Re:closed systems by John+Hasler · · Score: 4, Informative

    > One would think critical power networks would be close systems.

    Read the article. What was broken into was the "corporate network" of the organization that runs the system. The control system was not broken into and in fact appears to be protected by an air gap.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:closed systems by nametaken · · Score: 4, Informative

    FTA...

    "ONS was notified last week of this problem. They've confirmed that, indeed, its Website was hacked. It claims to have fixed the SQL injection problems and that there was no danger because there was no connection between its Website network and back-end control network."

  4. Wrong summary by Tellarin · · Score: 4, Informative

    Well, first of all, the 60 minutes episode about blackouts in 2005 and 2007 provides absolutely no proof or other data about those blackouts being caused by hackers, except for two anonymous sources that suspect it was.

    Second, there was no breach in the grid network, at least not know so far. What happened was that the ONS (the Brazilian electric grid operator) website was hacked.

    --
    -- SouNerd.com
  5. Re:full disclosure by mitoyarzun · · Score: 5, Informative

    Here in Chile a guy reported the government about a serious bug on their outsourcing website (chilecompra.cl), they ignored him for months, and he made the bug public (you were able to know your competition's offer to the government just by changing a GET parameter).

    He was condemned by a court for breaking the law, more info here (spanish)

    What kind of action should one take in those cases? Has this happened before in other countries?