Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Power Security

Ukraine Power Outage May Be the First One Caused By Hackers (arstechnica.com) 62

bricko notes a report on what appears to be the first power outage known to have been caused by hackers: Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. ... On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.

Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.

This discussion has been archived. No new comments can be posted.

Ukraine Power Outage May Be the First One Caused By Hackers

Comments Filter:
  • In former and possibly future Soviet Russia frosty piss gets YOU

  • this story that's still on the front page? http://it.slashdot.org/story/1... [slashdot.org]
  • by Carewolf ( 581105 ) on Tuesday January 05, 2016 @04:00PM (#51243463) Homepage

    Didn't Putin Jugend already do something similar in Estonia?

  • by Anonymous Coward on Tuesday January 05, 2016 @04:09PM (#51243523)
    Couldn't it be that Ukrainian power networks are just old and crumbling, management and specialists are incompetent and the cold weather last week didn't help? But hey, it's much easier to blame it on hackers, who are "clearly" sponsored by Putin himself.
    And sure enough Ukraine simply blows up power lines going to Crimea to leave 2 million people without power in the midst of winter - no hackers needed.
    • That is! I would mod this up, but I have just commented, which could strengthens your point:


      Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.


      Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.

    • by rtb61 ( 674572 )

      More likely a pack of ass clowns stupidly hooked up an essential service to the internet because 'er' 'um', ass clowns. It was just a matter of time before it was taken down, nationality of black hats is pretty much arbitrary as black hats from all over the globe would have taken it down including those from inside the Ukraine but outside of course outside the affected region, especially if they were having a digital spat with those in that particular region. The attack nothing fancy at all, a MS Office do

  • I know that some people throw around the term “terrorism” too much. But this is a sad and increasing element of our modern society. When setting off bombs, the terrorists have to go through huge efforts to go to the target and plant bombs without getting caught. You know you’re killing humans. The terrible thing about cyberterrorism is that it’s too much like Ender’s game. From the comfort of their homes, they can take out infrastructures 1000s of miles away, and the peopl

    • by khasim ( 1285 )

      I want to protect against attacks ...

      You mean like telling upper management that putting the control systems ON THE INTERNET is a really stupid idea?

      Good luck with that.

      How about restricting access to one system (and a backup) that requires real two-factor-authentication AND IS NOT ON THE INTERNET?

      • But how could we do that? Then, we couldn't hire folks for $.02 per month in other parts of the world to do stuff for us!
      • by amorsen ( 7485 )

        Designing control systems with the view that they are disconnected from the Internet leads the developers to become lazy.

        Every system has some level of connection to the Internet today. If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.

        Control system developers need to deal with this reality. That means getting patches installed immediately after they become available -- tricky, because today most serious SCADA installations rely on in-house t

        • If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.

          For mission critical systems of vital infrastructure:

          1. All changes (including every minor update) should be done manually, after a significant test period.
          2. Changes should only be made as necessary (where it can be proven there is an existing vulnerability/flaw).

          For powerstation control systems, if it ain't broke, dont fix it. They don't need to be running the latest OS. They don't need to be streaming social media updates. Get them off the damn internet.

          But of course this is completely against the profit

          • by amorsen ( 7485 )

            You say the completely opposite of my post, but you provide no arguments why your position is correct and mine is wrong.

            You did not deal with the most important point:

            Every system has some level of connection to the Internet today.

            This is simply unavoidable. It might be air gapped, but it will still have an indirect connection in the form of USB sticks or other media transfers. And since that is the case, the old way of working is no longer an option.

  • In times past when you wanted to "hack" the power lines you used an axe or something similar.

    Or maybe those were "whackers" *whackwhackwhack*.

    • Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?
      • Us technologically advanced rednecks use chainsaws to take out the power grid... much faster and more satisfying! If use an axe, your beer usually gets warm before you finish taking down the pole.
      • by davidwr ( 791652 )

        Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?

        Probably in the 19th century, but it might have been a telegraph pole.

        I'm sure there have been some one-off cases of people taking out utility poles in the 20th and maybe even the 21st century that could be classified as "a terrorist act" by modern "definitions" which sweep lost of "acts done in anger/for revenge" under the "terrorism" label, but as someone else mentioned, they probably used something faster than an ax.

  • As provided elsewhere here [sans.org] is some more information on what was actually found.
  • by bobbied ( 2522392 ) on Tuesday January 05, 2016 @04:36PM (#51243675)

    A hundred thousand customers? Drop in the bucket. Not much to see here.

    What happened is 3 substations went offline. Three out of thousands of substations. In the USA we've had larger outages caused by a single squirrel who decided to become charcoal and crawled across the wrong two wires or by some hapless lineman who hit the wrong disconnect in the switchyard.

    Heck, I've heard second hand where a couple of theater workers crashed the local grid on purpose back in the late 80's by wiring up every stage light they had and then bumping all the dimmers to full at 2AM. The lights all when bright just before the power shut down. The dramatic and unexpected power surge caused the local grid to disconnect and presto, hundreds of thousand of sleeping customers' power went out. I wasn't there, but I have no reason to doubt their story...

    Where this idea that hackers could bring down electric service is troubling, it is not really a significant risk, nor is the way this exploit took place hard to counter. Virus scanners, firewalls, all are commonplace as are "air gapped" data networks used by utility providers in North America. And so 100,000 customers loose power sometime? Big deal. Yea it shouldn't happen, but mistakes get made and equipment sometimes fails. It's not like the restoration of power wasn't possible nearly instantly. The hack didn't cause a pile of expensive equipment to be reduced to junk, or that somebody armed with an RPG launcher (commonly available in the area) couldn't do more damage.

    There are much bigger fish to fry here in the risk pool than this; Bigger fish which are much harder to protect from. Just the physical security problem presented by the hundreds of thousand substations is a bigger risk than the risk of hacking attacks. Add to that all the towers holding up the transmission lines running between all those substations. That risk is huge and literally everywhere. Why sweat the small stuff?

    • by amorsen ( 7485 )

      Attacks on substations and power lines mean that you actually have to be physically nearby. Despite Putin's efforts, it is also easier to identify men in green uniforms with tools to do such acts than it is to say for sure that e.g. Israel made Stuxnet.

      Everything just scales better when you automate it.

      • Everything just scales better when you automate it.

        Not in this case. Automation of such an attack implies you have your exploit installed on a lot of separate systems and you can access them all remotely. Even in this case, the number of compromised systems was limited and the damage was exceedingly light. Plus this is Ukraine, home of Chernobyl and other well designed soviet technologies. Am attacker would have a much more difficult time in North America.

  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Tuesday January 05, 2016 @04:58PM (#51243785) Homepage

    i've said it once and i'll say it again: what the FUCK is wrong with people who think it's okay to put a country's critical infrastructure on the public internet AT ALL? there should be absolutely no way that power, water, gas, electricity or any kind of public utility should be even VAGUELY "internet connected". to anyone considering responding "but they might want to quotes manage quotes the infrastructure" then they should fucking well have a private closed-loop network or pay key emergency staff to live right next door to the infrastructure. there's a whole boat-load of long-range communications options that don't involve the public internet, which we *know* is wide-open to attack. any country that doesn't have laws in place which make it illegal for critical infrastructure to be on the public internet is quite literally asking for trouble. you don't leave the door to your house unlocked and then complain "but someone stole all my stuff!" - this is exactly the same thing.

    • ... you mean like America? Use Shodan to look for SCADA devices. Not hard to find.
    • by swb ( 14022 )

      Probably because a good chunk of "critical infrastructure" runs on bog-standard Wintel systems that have reached the point where they almost don't work without a continuous Internet connection for licensing, updates, and non-stop marketing data.

      I agree that not airgapping is d-u-m-b, but I also think the people who do it basically run up against all the usual obstacles of time, skill and resources in building out systems that work in an expected manner without Internet access and somebody, somewhere decides

    • While not universally true, there's a good deal of critical infrastructure that is airgapped and "secure". What can happen is these systems end up compromised when an engineer plugs a previously invected laptop or flash drive into that secure network/system. The payload can then either infect those airgapped systems or exfiltrate data (onto the infected laptop/drive) in order to exfiltrate it to the internet once its on a connected system.

      This is the sort of hacking that is done by APTs [wikipedia.org], i.e. full blown cyb

      • In windows, it it possible to disable all USB interfaces so no USB drives can be plugged in. That, and MAC address filtering on the local network switch should make it difficult to connect equipment to the airgapped local network, shouldn't it? I worked for a company that was so paranoid they actually disabled USB on all computers. I didn't tell them that anybody could easily plug in a laptop or unsecured router to the Ethernet and copy all their data anyway, precisely because I didn't want them implementin
    • It is hard to lock down pirated Windows XP.
    • by KGIII ( 973947 )

      I say this mostly because I like to nitpick from time to time. But, well... I've heard it stated, and I'm inclined to agree, that the internet is itself a part of the critical infrastructure. I've even heard it stated that one should have a right to basic access - I've even heard people postulate that a minimal access level should be paid for by tax payers indirectly or by an increased tax on those who pay for full services.

      To the point!

      So, if we count the internet as a part of a country's critical infrastr

  • ...all over again.
  • I'm still not clear on why anybody thinks it's ok to connect computers that control the power grid to the Internet. Can somebody help me out on this? Sure, smart meters would connected to the net, so you could hack the billing side of the utility. But the actual powerplant and switching station controls? If you're going to control remote switches over the 'net, wouldn't you use a secure tunnel?
  • by sshir ( 623215 ) on Tuesday January 05, 2016 @09:17PM (#51245193)
    The reason for connecting vital infrastructure systems to the Internet is very simple. Many of those systems are distributed. So you have a choice: build your own network or use existing one (Internet). In most cases building your own network is a no go for many obvious reasons. Like, for example, money, uptime, etc.

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton