Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Have Infiltrated the US Power Grid's Control Networks (lasvegassun.com)

Posted by Soulskill on from the solar-panels-make-excellent-stocking-stuffers dept.

davidwr writes: A security researcher and the Associated Press are reporting that hackers have infiltrated many of the United States' power grid networks. "About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter." Exfiltrated data included engineering plans and other non-public information that could aid an attacker later, as well as account credentials. Multiple companies were affected, but one of the more notable ones was the energy provider Calpine. "Circumstantial evidence such as snippets of Persian comments in the code helped investigators conclude that Iran was the source of the attacks. Calpine didn't know its information had been compromised until it was informed by Cylance, Kerr said."

3 of 129 comments (clear)

  1. I wonder by sgrover · · Score: 3, Insightful

    putting on my skeptical hat here to consider alternate views. One could easily wonder about the "anonymous" nature of this disclosure and how the message is about instilling fear. Who profits? It would be easy to conclude that this is a propaganda release with the aim of softening up the sheeple's perspective to allow for increased budget expenses, or even direct action at the supposed culprits. Blaming a nation-state on flimsy evidence such as what language was used suggests a preconception being reinforced by circumstancial tidbits. Afterall, there can't ever be anyone else in the world that speaks that language, perhaps even within one of the superpowers known to be fairly multicultural. Or those who hirer foreign workers. Yep, a sceptic would be wary of reports like this - even if the infiltration is 100% true.

  2. Re:Not too difficult by khasim · · Score: 4, Insightful

    That's one of the reasons why I'm having trouble believing TFA. There isn't much skill needed to crack most organizations I've seen.

    Anyway, from TFA:
    1. Guy working on thing for A notices that A has been cracked. ok
    2. Guy tracks crack back to open FTP servers. ok
    3. Guy finds lots of other stuff on open FTP servers. ok
    4. Guy does magic to find next time malware attacks someone. um, not ok

    Before Wallace could dive into the files, his first priority was to track where the hackers would strike next - and try to stop them.

    He started staying up nights, often jittery on Red Bull, to reverse-engineer malware. He waited to get pinged that the intruders were at it again.

    Months later, Wallace got the alert: From Internet Protocol addresses in Tehran, the hackers had deployed TinyZbot, a Trojan horse-style of software that the attackers used to gain backdoor access to their targets, log their keystrokes and take screen shots of their information. The hacking group, he would find, included members in the Netherlands, Canada, and the United Kingdom.

    So Iranian "hackers" in Canada deploy malware via Tehran servers?

    And unless he uploaded a hacked version of their malware to those cracked FTP servers ... how did he know?

    Maybe he moved one of his cracked machines to a "honey-net"?

    But then, why would any competent crackers deploy from servers in Iran? Particularly if they live in Canada and elsewhere?

    This reads more like fear-mongering. IRAN IS ATTACKING US! BE AFRAID! EVIL IRANIANS! (and some canadians).

  3. Re:Not too difficult by aaarrrgggh · · Score: 3, Insightful

    Really it is a lot more complicated than that. I was speaking to a vendor last week, and asked about how they do spanning tree within their system for redundant network links to their engine controllers. "Oh, we program a couple little DIN rail switch ourselves and provide a single network handoff to the building." While I am sure they can figure out the basics, security is hard enough that without dedicated people and systems you aren't going to defeat a committed attacker.

    Solid security is very hard when dealing with any kind of interconnected system. It gets even harder when you need different systems to have their own IOT crap without RADIUS authentication or the like.