Slashdot Mirror
Ukraine Power Outage May Be the First One Caused By Hackers (arstechnica.com)
bricko notes a report on what appears to be the first power outage known to have been caused by hackers:
Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. ... On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.
Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.
Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.
Hmm, organized hacking efforts that keep hitting important Ukrainian entities, with targeted code that can take out industrial systems... I can't imagine who could possibly be behind this.
Shiny New Australia.
this story that's still on the front page? http://it.slashdot.org/story/1...
Horror & SciFi Erotic Nudes
Didn't Putin Jugend already do something similar in Estonia?
Couldn't it be that Ukrainian power networks are just old and crumbling, management and specialists are incompetent and the cold weather last week didn't help? But hey, it's much easier to blame it on hackers, who are "clearly" sponsored by Putin himself.
And sure enough Ukraine simply blows up power lines going to Crimea to leave 2 million people without power in the midst of winter - no hackers needed.
You mean like telling upper management that putting the control systems ON THE INTERNET is a really stupid idea?
Good luck with that.
How about restricting access to one system (and a backup) that requires real two-factor-authentication AND IS NOT ON THE INTERNET?
Aliens?
Signed,
fuzzy hairs guy.
A hundred thousand customers? Drop in the bucket. Not much to see here.
What happened is 3 substations went offline. Three out of thousands of substations. In the USA we've had larger outages caused by a single squirrel who decided to become charcoal and crawled across the wrong two wires or by some hapless lineman who hit the wrong disconnect in the switchyard.
Heck, I've heard second hand where a couple of theater workers crashed the local grid on purpose back in the late 80's by wiring up every stage light they had and then bumping all the dimmers to full at 2AM. The lights all when bright just before the power shut down. The dramatic and unexpected power surge caused the local grid to disconnect and presto, hundreds of thousand of sleeping customers' power went out. I wasn't there, but I have no reason to doubt their story...
Where this idea that hackers could bring down electric service is troubling, it is not really a significant risk, nor is the way this exploit took place hard to counter. Virus scanners, firewalls, all are commonplace as are "air gapped" data networks used by utility providers in North America. And so 100,000 customers loose power sometime? Big deal. Yea it shouldn't happen, but mistakes get made and equipment sometimes fails. It's not like the restoration of power wasn't possible nearly instantly. The hack didn't cause a pile of expensive equipment to be reduced to junk, or that somebody armed with an RPG launcher (commonly available in the area) couldn't do more damage.
There are much bigger fish to fry here in the risk pool than this; Bigger fish which are much harder to protect from. Just the physical security problem presented by the hundreds of thousand substations is a bigger risk than the risk of hacking attacks. Add to that all the towers holding up the transmission lines running between all those substations. That risk is huge and literally everywhere. Why sweat the small stuff?
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
And to think that a FREE air gap would have prevented this.
It's more than just an air gap. We know that an air gap isn't enough to stop hacking, although it helps and recommendable.
If you want to have secure software, you need to think about security from the very beginning. US infrastructure is at risk because SCADA programmers didn't think about security from the ground up, which you really should if you're going to be running anything critical on software.
"First they came for the slanderers and i said nothing."
i've said it once and i'll say it again: what the FUCK is wrong with people who think it's okay to put a country's critical infrastructure on the public internet AT ALL? there should be absolutely no way that power, water, gas, electricity or any kind of public utility should be even VAGUELY "internet connected". to anyone considering responding "but they might want to quotes manage quotes the infrastructure" then they should fucking well have a private closed-loop network or pay key emergency staff to live right next door to the infrastructure. there's a whole boat-load of long-range communications options that don't involve the public internet, which we *know* is wide-open to attack. any country that doesn't have laws in place which make it illegal for critical infrastructure to be on the public internet is quite literally asking for trouble. you don't leave the door to your house unlocked and then complain "but someone stole all my stuff!" - this is exactly the same thing.
Oh, you mean like how Stuxnet couldn't infect airgapped machines? https://en.wikipedia.org/wiki/...
Avakov:
Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.
Yatsenyuk:
Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.
The reason for connecting vital infrastructure systems to the Internet is very simple. Many of those systems are distributed. So you have a choice: build your own network or use existing one (Internet). In most cases building your own network is a no go for many obvious reasons. Like, for example, money, uptime, etc.
By disrupting the electrical grid you aren't helping either side, and are actively putting people at risk.
Much in the same spirit as Russia bombing civilians in Syria, don't you think?
When all you have is a hammer, every problem starts to look like a thumb.