Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ukraine Power Station Outage -- Enabled By Malware, But Not Caused By Malware (sans.org)

Posted by Soulskill on from the splitting-malhairs dept.

itwbennett writes: A new study of a recent cyberattack against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers. While malware was used to gain access to networks, the attackers then opened circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team. The attackers used direct intervention to try to mask their actions to the power systems operators and also conducted denial-of-service attacks on the utilities' phone systems to block complaints from affected customers, SANS said.

2 of 35 comments (clear)

  1. Re:Sheesh by aicrules · · Score: 4, Insightful

    It's more like if you leave a shim in a door on your way out of a light bulb plant, then later come back and use that door to gain access and then proceed to smash hundreds of bulbs. The shim wasn't what destroyed the light bulbs, but it sure did come in handy to let you do it when you wanted to. If the shim placed in the door then sprung to life at a predetermined time and went about smashing bulbs on its own, then that would be akin to what they were originally thinking. Overall it doesn't matter too much to the crime committed, but from a technological standpoint it means the malware had less complex behavior built into it than they were giving it credit for.

  2. Re:Probably russian hackers by Fire_Wraith · · Score: 3, Interesting

    Even Putin isn't indiscriminately using force in any of the conflicts in the Ukraine. Even if no one believes that "it's really just the separatists, not Russian troops pretending to be separatists" bit, it's an important fig leaf of plausible deniability. Putin still seems to feel it's important to be able to pretend to be doing this stuff.

    And it would be the same with this. Assuming the Russians were behind it, they'd likely be using this method in part because it obscures their connection to the point that, despite everyone thinking they did it, no one can prove it beyond a reasonable doubt. Which, if you think about it, is sort of the best of both worlds. You get the intimidation factor that comes with people not wanting to mess with you, but also without the consequences of having gotten caught doing it.