Ukraine Power Outage May Be the First One Caused By Hackers (arstechnica.com) 62
bricko notes a report on what appears to be the first power outage known to have been caused by hackers:
Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. ... On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.
Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.
Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.
Ob (Score:1)
In former and possibly future Soviet Russia frosty piss gets YOU
Re:Cowards... (Score:5, Insightful)
Hmm, organized hacking efforts that keep hitting important Ukrainian entities, with targeted code that can take out industrial systems... I can't imagine who could possibly be behind this.
Re:Cowards... (Score:4, Funny)
Aliens?
Signed,
fuzzy hairs guy.
Re: (Score:2)
Re: (Score:2)
That dastardly Ukrainian Government is at it again!
Re: (Score:3)
Avakov:
Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.
Yatsenyuk:
Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.
Re: (Score:2)
it is simply cowardly to attack the electrical system.
As opposed to actually shooting people with guns?
Re: (Score:1)
The logic is straight forward though. Screw up their country and they'll apologize to Saint Putin. The more they are hurt today the more they will smile tomorrow and sign up for Russian language classes.
Re: (Score:3, Insightful)
By disrupting the electrical grid you aren't helping either side, and are actively putting people at risk.
Much in the same spirit as Russia bombing civilians in Syria, don't you think?
Re: (Score:1)
Isn't this the same as... (Score:3)
Re: (Score:3)
Since the title is different the editors don't consider it a dupe.
Estonia? (Score:3)
Didn't Putin Jugend already do something similar in Estonia?
Re: (Score:2)
Don't worry comrade, Putin will invade the Luddites once he is done with the Ukraines.
Re: (Score:2)
Be realistic. There aren't that many who could find their own country.
It's always someone else's fault in Ukraine (Score:3, Interesting)
And sure enough Ukraine simply blows up power lines going to Crimea to leave 2 million people without power in the midst of winter - no hackers needed.
Re: (Score:3)
Avakov:
Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.
Yatsenyuk:
Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.
Re: (Score:2)
More likely a pack of ass clowns stupidly hooked up an essential service to the internet because 'er' 'um', ass clowns. It was just a matter of time before it was taken down, nationality of black hats is pretty much arbitrary as black hats from all over the globe would have taken it down including those from inside the Ukraine but outside of course outside the affected region, especially if they were having a digital spat with those in that particular region. The attack nothing fancy at all, a MS Office do
Another form of terrorism (Score:2)
I know that some people throw around the term “terrorism” too much. But this is a sad and increasing element of our modern society. When setting off bombs, the terrorists have to go through huge efforts to go to the target and plant bombs without getting caught. You know you’re killing humans. The terrible thing about cyberterrorism is that it’s too much like Ender’s game. From the comfort of their homes, they can take out infrastructures 1000s of miles away, and the peopl
Re: (Score:3)
You mean like telling upper management that putting the control systems ON THE INTERNET is a really stupid idea?
Good luck with that.
How about restricting access to one system (and a backup) that requires real two-factor-authentication AND IS NOT ON THE INTERNET?
Re: (Score:1)
Re: (Score:2)
Designing control systems with the view that they are disconnected from the Internet leads the developers to become lazy.
Every system has some level of connection to the Internet today. If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.
Control system developers need to deal with this reality. That means getting patches installed immediately after they become available -- tricky, because today most serious SCADA installations rely on in-house t
Re: (Score:1)
If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.
For mission critical systems of vital infrastructure:
1. All changes (including every minor update) should be done manually, after a significant test period.
2. Changes should only be made as necessary (where it can be proven there is an existing vulnerability/flaw).
For powerstation control systems, if it ain't broke, dont fix it. They don't need to be running the latest OS. They don't need to be streaming social media updates. Get them off the damn internet.
But of course this is completely against the profit
Re: (Score:2)
You say the completely opposite of my post, but you provide no arguments why your position is correct and mine is wrong.
You did not deal with the most important point:
Every system has some level of connection to the Internet today.
This is simply unavoidable. It might be air gapped, but it will still have an indirect connection in the form of USB sticks or other media transfers. And since that is the case, the old way of working is no longer an option.
Re: (Score:3)
And to think that a FREE air gap would have prevented this.
It's more than just an air gap. We know that an air gap [wikipedia.org] isn't enough to stop hacking, although it helps and recommendable.
If you want to have secure software, you need to think about security from the very beginning. US infrastructure is at risk because SCADA programmers didn't think about security from the ground up, which you really should if you're going to be running anything critical on software.
Re: (Score:2)
VM guests can be better isolated [invisiblethingslab.com] than air gaps.
Physical interfaces are usually more complex and exploitable than the interfaces available from a locked-down hypervisor.
Re: (Score:2)
Re:AIR GAP (Score:4, Informative)
Oh, you mean like how Stuxnet couldn't infect airgapped machines? https://en.wikipedia.org/wiki/... [wikipedia.org]
"Hackers" of the past (Score:1)
In times past when you wanted to "hack" the power lines you used an axe or something similar.
Or maybe those were "whackers" *whackwhackwhack*.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?
Probably in the 19th century, but it might have been a telegraph pole.
I'm sure there have been some one-off cases of people taking out utility poles in the 20th and maybe even the 21st century that could be classified as "a terrorist act" by modern "definitions" which sweep lost of "acts done in anger/for revenge" under the "terrorism" label, but as someone else mentioned, they probably used something faster than an ax.
As provided elsewhere (Score:2)
How is this important? (Score:3)
A hundred thousand customers? Drop in the bucket. Not much to see here.
What happened is 3 substations went offline. Three out of thousands of substations. In the USA we've had larger outages caused by a single squirrel who decided to become charcoal and crawled across the wrong two wires or by some hapless lineman who hit the wrong disconnect in the switchyard.
Heck, I've heard second hand where a couple of theater workers crashed the local grid on purpose back in the late 80's by wiring up every stage light they had and then bumping all the dimmers to full at 2AM. The lights all when bright just before the power shut down. The dramatic and unexpected power surge caused the local grid to disconnect and presto, hundreds of thousand of sleeping customers' power went out. I wasn't there, but I have no reason to doubt their story...
Where this idea that hackers could bring down electric service is troubling, it is not really a significant risk, nor is the way this exploit took place hard to counter. Virus scanners, firewalls, all are commonplace as are "air gapped" data networks used by utility providers in North America. And so 100,000 customers loose power sometime? Big deal. Yea it shouldn't happen, but mistakes get made and equipment sometimes fails. It's not like the restoration of power wasn't possible nearly instantly. The hack didn't cause a pile of expensive equipment to be reduced to junk, or that somebody armed with an RPG launcher (commonly available in the area) couldn't do more damage.
There are much bigger fish to fry here in the risk pool than this; Bigger fish which are much harder to protect from. Just the physical security problem presented by the hundreds of thousand substations is a bigger risk than the risk of hacking attacks. Add to that all the towers holding up the transmission lines running between all those substations. That risk is huge and literally everywhere. Why sweat the small stuff?
Re: (Score:2)
Yep and spell check won't catch the mistake because it's still a word albeit not the correct one.
Re: (Score:2)
Attacks on substations and power lines mean that you actually have to be physically nearby. Despite Putin's efforts, it is also easier to identify men in green uniforms with tools to do such acts than it is to say for sure that e.g. Israel made Stuxnet.
Everything just scales better when you automate it.
Re: (Score:2)
Everything just scales better when you automate it.
Not in this case. Automation of such an attack implies you have your exploit installed on a lot of separate systems and you can access them all remotely. Even in this case, the number of compromised systems was limited and the damage was exceedingly light. Plus this is Ukraine, home of Chernobyl and other well designed soviet technologies. Am attacker would have a much more difficult time in North America.
why is critical infrastructure on the internet? (Score:5, Insightful)
i've said it once and i'll say it again: what the FUCK is wrong with people who think it's okay to put a country's critical infrastructure on the public internet AT ALL? there should be absolutely no way that power, water, gas, electricity or any kind of public utility should be even VAGUELY "internet connected". to anyone considering responding "but they might want to quotes manage quotes the infrastructure" then they should fucking well have a private closed-loop network or pay key emergency staff to live right next door to the infrastructure. there's a whole boat-load of long-range communications options that don't involve the public internet, which we *know* is wide-open to attack. any country that doesn't have laws in place which make it illegal for critical infrastructure to be on the public internet is quite literally asking for trouble. you don't leave the door to your house unlocked and then complain "but someone stole all my stuff!" - this is exactly the same thing.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Probably because a good chunk of "critical infrastructure" runs on bog-standard Wintel systems that have reached the point where they almost don't work without a continuous Internet connection for licensing, updates, and non-stop marketing data.
I agree that not airgapping is d-u-m-b, but I also think the people who do it basically run up against all the usual obstacles of time, skill and resources in building out systems that work in an expected manner without Internet access and somebody, somewhere decides
Re: (Score:2)
While not universally true, there's a good deal of critical infrastructure that is airgapped and "secure". What can happen is these systems end up compromised when an engineer plugs a previously invected laptop or flash drive into that secure network/system. The payload can then either infect those airgapped systems or exfiltrate data (onto the infected laptop/drive) in order to exfiltrate it to the internet once its on a connected system.
This is the sort of hacking that is done by APTs [wikipedia.org], i.e. full blown cyb
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
I say this mostly because I like to nitpick from time to time. But, well... I've heard it stated, and I'm inclined to agree, that the internet is itself a part of the critical infrastructure. I've even heard it stated that one should have a right to basic access - I've even heard people postulate that a minimal access level should be paid for by tax payers indirectly or by an increased tax on those who pay for full services.
To the point!
So, if we count the internet as a part of a country's critical infrastr
It's deja vue... (Score:2)
Why? (Score:2)
Air gap my ass. (Score:3)