Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Attackers Have Successfully Hit A Nuclear Power Plant And A Lab (reuters.com)

Posted by EditorDavid on from the going-nuclear dept.

Slashdot reader zootsewt1 quotes a rundown by Security Taco of two unrelated breaches at nuclear-related facilities that were recently disclosed -- one "disruptive" and the other involving the remote theft of documents: Director Yukiya Amano from the IAEA disclosed that a nuclear power generation facility came under cyber attack within the last few years. He declined to state which specific nuclear facility was involved. Mr. Amano advised that "This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it's the tip of the iceberg."

In a separate incident, a nuclear lab in the University of Toyama in Japan conducting research on tritium (used in nuclear power plants), also came under cyber attack earlier this year. The attacker appears to have been able to exfiltrate large large amounts of data, some of which was related to the Fukushima clean-up.
The Reuters article lists other data breaches and malware infections at nuclear sites over the years, and notes that the IAEA director "also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called 'dirty bomb'." At the isotope research center at the University of Toyama, the attacker reportedly compressed more than 1,000 files to make them easier to transmit.

31 of 55 comments (clear)

  1. But what part of the plant. by Mr+D+from+63 · · Score: 1

    Of course, if we are just talking about an administrative network breach, and not the isolated control network, it sounds a lot worse than the risk it presents. There have been some cases of malware migrating to corporate network connected devices, but they've been isolated from anything that could affect operation of the facility.

    1. Re:But what part of the plant. by Mr+D+from+63 · · Score: 1

      BTW, "disruptive" means once it was discovered they went through some level of effort to analyze the extent of condition. They disrupted the normal work of the day, but not the operation of any safety controls of the plant.

    2. Re:But what part of the plant. by Joe_Dragon · · Score: 2

      The t-437 safety command console.

    3. Re:But what part of the plant. by Lumpy · · Score: 1, Informative

      Here is the scary part. MOST places dont have the control network isolated from the internet. Typically because of the drooling moron managers that want to log in and spy on the workers from home.

      I know of at LEAST 4 water filtration plants that have the C&C network directly connected to the internet.

      Honestly the managers that deem that security breach necessary need to be waterboarded while someone takes a cattle prod to their testicles.

      --
      Do not look at laser with remaining good eye.
    4. Re:But what part of the plant. by Waffle+Iron · · Score: 4, Funny

      It was the reactor core.

      Some salesmen convinced management to install the new "AtomikRodz" smart controllers into the reactors. They monitor power demand levels, and over time they learn to automatically adjust power output in advance, cutting down on personnel costs. Even better, the associated app allows operators to manually adjust the control rods with their phones from anywhere in the world. No need to run down to the station just to fiddle with power output.

      Unfortunately, as with most IoT gear, this product was riddled with security holes.

    5. Re:But what part of the plant. by Mr+D+from+63 · · Score: 1

      Whats really funny is that some folks here will take you seriously.

    6. Re:But what part of the plant. by flyingfsck · · Score: 1

      They exfiltrated radio active data from the AC plant. The data will make Wiki Leaks glow in the dark and halve Julian Assange's heating bill.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    7. Re:But what part of the plant. by AchilleTalon · · Score: 1

      So, someone cracked the security gate guard's iPhone. Why such an uninfomative article makes its way to /.?

      --
      Achille Talon
      Hop!
    8. Re:But what part of the plant. by Big+Hairy+Ian · · Score: 1

      I did some work for the IAEA three or four years ago they were still using a 30 year old Mainframe that still hadn't been Y2K certified to do most of their work. Welcome to the UN

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  2. A tritiumn lab? by Mr+D+from+63 · · Score: 1

    Why would we worry about a tritium lab?

    1. Re:A tritiumn lab? by mbkennel · · Score: 4, Informative


      Because substantial amounts of tritium are essential for "boosted" fission nuclear weapons. Tritium (and deuterium, which is cheap and easy to procure) adds fusion to the core of a fission warhead. It's not significant in energy production directly (unlike a true H-bomb) but it substantially increases the efficiency and potency of the fission reaction by adding a boost of neutrons at the moment of maximum compression.

      It is considered essential to producing warheads which are small enough for militarily capable missiles.

      Hackers were hence probably DPRK.

    2. Re:A tritiumn lab? by rholtzjr · · Score: 1

      Because tritium in particular is an integral part of certain thermonuclear devices (though in quantities several thousand times larger than that in a keychain), consumer and safety devices containing tritium for use in the United States are subject to certain possession, resale, disposal, and use restrictions.

      Hmm, I wonder?

    3. Re:A tritiumn lab? by AHuxley · · Score: 1

      Its the gateway to better nuclear weapons. The easy guide to that is to study the UK's production sites like Chapelcross.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:A tritiumn lab? by Mr+D+from+63 · · Score: 2

      Nice cut and paste from wiki. But a cyber attack on a tritium lab doesn't get materials into the hands of anyone.

  3. Confused report by Mr+D+from+63 · · Score: 2

    The Reuters article lists other data breaches and malware infections at nuclear sites over the years, and notes that the IAEA director "also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called 'dirty bomb'." At the isotope research center at the University of Toyama, the attacker reportedly compressed more than 1,000 files to make them easier to transmit.

    This paragraph conflates separate, unrelated incidences, one of which has nothing at all to do with cyber attack. Why?

    1. Re: Confused report by Nidi62 · · Score: 1

      Because nuclear and dirty bombs and terrorism.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    2. Re:Confused report by Princeofcups · · Score: 1

      The Reuters article lists other data breaches and malware infections at nuclear sites over the years, and notes that the IAEA director "also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called 'dirty bomb'." At the isotope research center at the University of Toyama, the attacker reportedly compressed more than 1,000 files to make them easier to transmit.

      This paragraph conflates separate, unrelated incidences, one of which has nothing at all to do with cyber attack. Why?

      Viewer clicks.

      --
      The only thing worse than a Democrat is a Republican.
    3. Re:Confused report by AHuxley · · Score: 1

      Most nations who joined the nuclear club late kind of have to sign up to all kinds of international standards and protections to keep their university, power, medical and research tracked and watched.
      Stuff missing is tracked as nations like to build projects on the side. To prevent that everything is registered.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Confused report by queazocotal · · Score: 2

      Also, enriched uranium is a _TERRIBLE_ isotope for a dirty bomb.
      Enriched uranium is more radioactive than natural uranium - but only in a ridiculously small amount, because instead of half decaying in 4 billion years, half decays in 700 million years.

      Alexander_Litvinenko was poisoned by around 10 micrograms of Polonium-210.
      In rough numbers, polonium-210 is two billion times more active than uranium-235.
      To have the same dose equivalent of uranium, you'd need a 20 kilogram lump of uranium-235.
      There is no real way to get any radioactive danger from uranium-235 unless you make it into a bomb, at any dose the chemical effects (broadly similar to lead) would vastly overwhelm the radioactive.

    5. Re:Confused report by doom · · Score: 1

      And the word "successfully" in this context suggests that a cracker has hijacked the control system of a nuclear power plant. Actually the news appears to be that someone got some data from a lab that works with tritium. So: EditorDavid is either a fear-mongering anti-nuclear fanatic, or a fear-mongering yellow journalist hustling for clicks-- why exactly am I reading this site?

    6. Re:Confused report by Mr+D+from+63 · · Score: 1

      Its hard sometimes to tell the fear mongers from those that are just ignorant. Mostly I just hear parrots repeating whatever fits their ill informed vision of all things nuclear.

      I try to do my part to educate and point out the utter stupidity which is common to almost every anti-nuke submission, but sometimes I agree, why bother.

  4. Compression by Anonymous Coward · · Score: 1

    "the attacker reportedly compressed more than 1,000 files to make them easier to transmit."
    As long as the attacker didn't try the same trick with the uranium - that tends to not end so well...

  5. Give the atacker a metal.. by BlueCoder · · Score: 1

    And whomever put the plant online and or designed the computer system needs to be shot for treason.

    1. Re:Give the atacker a metal.. by Anonymous Coward · · Score: 1

      What kind of metal? Polonium?

  6. Reduced physical security by mdsolar · · Score: 1

    US nuclear plants are bucking for reduced physical security, disarming guards, leaving waste with little supervision. Cyber attacks may end up being more effective as the human security component is curtailed.

  7. You have missed the critical point here by thesupraman · · Score: 1, Funny

    A clickbait headline!

    I mean, after all a NUCEAR REACTOR has been HIT!!! by ATTACKERS!!!

    Carefully ignore the fact that it probably means some script kiddie accidentally run a scan against
    a poorly configured break room web terminal used to access ebay during lunchtimes..

    a REACTION was HIT!

    FLEE for your LIVES! and its CYBER, thats even worse! next YOUR reactor will be hit! there is no ESCAPE!

    Sigh. Welcome to the death of actual journalism (or at least the rape of its long dead corpse)

  8. The Fukushima clean-up? by drinkypoo · · Score: 2

    Let's hope they release that stuff publicly ASAP. I want to know what Tepco has been lying about lately.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:The Fukushima clean-up? by MrKaos · · Score: 2

      Let's hope they release that stuff publicly ASAP. I want to know what Tepco has been lying about lately.

      That the ground around unit four spent fuel pool has subsided 30 inches since the accident with 400 or so spent fuel rods still in there.

      Allegations are that unit 4 was being upgraded when the quake struck and that fuel was being stored illegally in the spent fuel pool at the time of the quake. Money that should have been spent on seawall and generator upgrades.

      Japanese civil engineers have said they're at a loss to explain the damage to the concrete supports for the spent fuel pool in unit four as the quake did not have enough ground acceleration to damage them.

      Accounts are emerging that when part of the crane fell in the pool, some of the illegal fuel rods struck one another causing a neutron pulse and it is that which damaged the concrete supports.

      Meanwhile The fall guy president admits there is a cover up of a meltdown to cover-up the illegal activity that was happening in unit four in the first place. Look at that silly monkey!

      We have this brain dead blanket on all news and information about Fukushima there is little chance we are going to get much real information while they continue to let that pig of a plant belch radioisotopes into the pacific ocean. I wish they would at least close in the sea walls around the plant to at least *try* to stop or filter the ground water that reaches the ocean. Plutonium Chloride is very soluble.

      Here is my ---> theory about what is going on in Japan: The shutdown of their reactor fleet has nothing to do with protestors or anything other that what is happening in Unit 4 spent fuel pool. I suspect that the government now knows just how badly Tepco fucked up, but they're in a bind. If they let Tepco hang, everyone will know why and they won't be able to control the situation.

      The situation at Unit 4 is so dire they have been toiling day and night since the accident to remove all the fuel rods from the damaged pool. It has stopped because they need to do maintenance on the crane. The count is down from 1100 spent rods, to 400 rods so far, which is awesome work, but remains a threat. I reason it is because of the following potential scenarios:

      Best Case: All the fuel rods are removed and Fukushima is no worse than it already is, an INES level 7 accident whose radioactive steam effluents will continue to blow via the jet stream over the US.

      Worse Case: There is some failure which initiates a plutonium file in the remaining rods with hundreds of millions of curies blowing over the continental US mainland and into the pacific ocean.

      Worst Case: *IF* the Japanese continued to operate their reactors, the worse case above initiates a much larger neutron pulse that initiates meltdowns in all of the nuclear plants on the japanese eastern seaboard, leaving most of the Japanese population unable to respond to the multiple meltdowns. I know, it seems far fetched, but it seems more reasonable that the Japanese government would respond to pressure from that scenario to shut down the economic benefit they get from nuclear power, as opposed to pressure from any hippy hick NIMBY anty-nukker protestor.

      Excuse me dp, I have to address the fanboi reading, yes you fanboi, re-read the worst case scenario again, notice the big *IF*, no read it again. Now before you respond, you don't know enough fact to make up a fictional scenario that elaborate, so it's either possible or you don't know what you are talking about enough to respond with anything other than an emotive diatribe. *IF*.

      Apologies dp, it's just a theory though. We will know if the Japanese reactors are started up again *after* the last of the fuel rods are removed from unit 4.

      --
      My ism, it's full of beliefs.
  9. Re:Umm, never connect them to the internet? by m.alessandrini · · Score: 1

    But then, how can you make Homer Simpson work from home?

  10. Hey mom, look what I can do... by MTEK · · Score: 1

    This whole internet thing has been fun and all, but can we please go back to pen and paper? Thx.

  11. It is obvious we need to derez nuclear fission by WillAffleckUW · · Score: 1

    Besides, we already have military fusion reactors, so it's not like we need risky nasty fission any more.

    Thanks to the UW and other teams that developed them!

    --
    -- Tigger warning: This post may contain tiggers! --