Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Power Security United States Technology

Hackers Have Penetrated Energy Grid, Symantec Warns (fortune.com) 69

An anonymous reader quotes a report from Fortune: Hackers have been burrowing their way inside the critical infrastructure of energy and other companies in the U.S. and elsewhere, warns cybersecurity giant Symantec. In a new report, Symantec claims that the threat of cyberattack-induced power outages in the west has elevated from a theoretical concern to a legitimate one in recent months. "We're talking about activity we're seeing on actual operational networks that control the actual power grid," Eric Chien, technical director of security technology and response at Symantec, told Fortune on a call. Reports surfaced over the summer of hackers targeting staff at nuclear energy facilities with phishing attacks, designed to steal login credentials or install malware on machines. The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time. Symantec is now erasing all doubt. "There are no more technical hurdles for them to cause some sort of disruption," Chien said of the hackers. "All that's left is really motivation." Symantec detailed its findings in a report released Wednesday morning. The paper tracks the exploits of a hacker group that Symantec has dubbed DragonFly 2.0, an outfit that the company says it has linked to an earlier series of attacks perpetrated between 2011 and 2014 by a group it dubbed DragonFly.
This discussion has been archived. No new comments can be posted.

Hackers Have Penetrated Energy Grid, Symantec Warns

Comments Filter:
  • did n
    • Re:they (Score:5, Informative)

      by Mr D from 63 ( 3395377 ) on Wednesday September 06, 2017 @04:30PM (#55150085)
      More hyperbole with little substance. With the obligatory mention of NUCLEAR! even though no nuclear plant was involved in the referenced attack. And now some generic reference to 'operational networks' which tells me they were not control networks, so any 'disruption' as claimed still isn't going to turn off power anywhere.

      Maybe there is a reason, despite these continuously 'escalating attacks', that we are not seeing any power outages in the US. Maybe it is because our methods to prevent them from being successful are effective. Maybe because we know about all these attacks before they are doing any harm is also a sign our methods are effective.

      We can't let our guard down, but we don't have to fall for the hype.
      • Re:they (Score:4, Funny)

        by zlives ( 2009072 ) on Wednesday September 06, 2017 @04:33PM (#55150107)

        also, the only way symantec is going to detect/know about anything is if a snail mail letter is delivered to their headquarters from the self aware botnetwork.

        • Symantec is a 'security giant' because they make an antivirus product that runs in userspace on Windoze clients.

          I remember Symantec C++, back when they were a tech company.

          • by zlives ( 2009072 )

            i guess they are back to their "scareware" tactics to move products. some people always bought their products for some reason.

      • by Pascoea ( 968200 )
        I didn't read the article (I know, right?), but it theoretically isn't that difficult to "hack" an airgapped system to drop off some sort of time-bombed attack. I've worked on generation facilities' DCS systems, the ones that are connected to a network but not the internet. Every Workstation/Server/switch in the system is COTS hardware, every one of them has USB ports on them that they use to apply patches/etc. All it takes is one system engineer with a hacked PC plugging a USB stick into his computer th
        • by zlives ( 2009072 )

          yes it also takes that same dumbass to hit the off switch, no hacking required.

        • Well, they were not talking about air gapped systems (although their vagueness leaves much to assume). There are what can be called 'operational networks' that are not part of any plant or grid control, but merely places where operational data is stored. This is most likely what they are talking about because you can bet if a plant control system had been breached it would have been spelled out. They specifically avoid the term 'control' network.

          Yes, there are ways to breach air gaps, and the human eleme
          • Interesting your take on the fact they didn't say control network to mean they didn't breach to the controls layer. They said:

            "We're talking about activity we're seeing on actual operational networks that control the actual power grid"

            "The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time."

            I read actual operational network and operational IT networks as they were saying the controls n

            • All good points. I agree they could have meant a DMZ, but I have been reading these types of article that talk about power system (or company) breaches and one thing that has been consistent is where there is vagueness, and where the actual details come out later, the original article was misleading, making things sound worse then they really were.

              I did not mean to assert when they meant, but meant to point out that there is good reason, based on the vagueness coupled with hyperbole, to be very skeptical
          • I don't really understand the difference between operational and control, they both translate to the same german word.

            I assume with 'operational' you mean the buisiness part? Well, it is easy to hack the 'control' part by feeding wrong information into the business part.

            E.g. that your company just made a successful deal at the spot market and is supposed to feed in 1GW extra into the grid from next hour on ... your 'operational' grid will react to that and power up the plants close to the feed in point and

            • Operational can simply mean a system used for monitoring and statistics. It could even mean a system for scheduling maintenance. You could feed it the wrong information, or the system could have an internal fault, a bad sensor, and present the wrong information. Bu like you said, the systems can handle anomalies. Its not like some movie where they fool everyone.

              Of course we could guess at what they mean all day. That's the problem, they are intentionally vague, and every time we see that the reality is m
        • I sure hope all the system design engineers who haven't considered "air gapped systems and the USB port threat" are reading slashdot. You may have just saved the day!
        • USB ports are usually disabled.
          You are not allowed to bring laptops into the facility.
          Your laptop would not get any access to the network, as it has an unknown MAC.

          Try again ...

          • by Pascoea ( 968200 )
            I'm not trying to be a dick, but I've worked in multiple power generation facilities (Coal, non-nuclear). Literally have managed the complete upgrade of 4 DCS systems. I'm not just pulling this out of my ass. I'm also not saying this has happened, merely speculating that it could be a potential attack vector.

            USB ports are usually disabled.

            Probably in some cases, not the ones I worked on.

            You are not allowed to bring laptops into the facility.

            False. I (and every other contractor, including those that actually applied the programming to DCS.) brought our laptops on-site every day. One part

            • USB ports active and external Laptops allowed in your facilities ...
              Not fase in general.

              Here in Germany you can not even bring a phone or a pad, and often not even an eBook reader into a facility.

              Regardless if the facility is nuclear or not ...

  • Now Symantec will just sell them their AV crap!
  • electrical grids to switch to McAfee security products.

  • Reliability (Score:5, Insightful)

    by StormReaver ( 59959 ) on Wednesday September 06, 2017 @04:26PM (#55150061)

    I would need to see this confirmed by a competent, reliable source.

  • "There are no more technical hurdles for them to cause some sort of disruption,"

    But maybe, they're here to help. IT COULD HAPPEN !!! :-)

  • Any power outages caused by the recent CME eruption from our sun might scare people into purchasing 'protection'.

    http://spaceweather.com/ [spaceweather.com]

  • While there are a few North Koreans hacking the grid, it's mostly been Russian state hackers and Chinese state hackers. In point of fact, we made a deal with China to hold off on that, so now it's mostly just the Russians.

    Source: various agencies. No, not linking it.

    On the plus side, residential and commercial building solar and wind power systems are mostly not hacked.

    Far more risk factor from fires, quakes, floods, and storms, actually.

  • I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack. People either don't grasp what I mean or write it off as paranoia but this is a prime example of the vulnerability that centralized power systems create.

    Be it a tree or hacker, centralized power systems a vulnerable to attack. (We shouldn't have pissed off the trees.)

    • by blindseer ( 891256 ) <blindseer@noSPAm.earthlink.net> on Wednesday September 06, 2017 @05:50PM (#55150459)

      I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack.

      It seems every time solar is brought up there is a mention of a "smart grid" to address issues of this thing called "night" that keeps solar collectors from providing 24/7 power. So, which is it? Do we get cheap solar energy from a "smart grid" or do we have expensive decentralized power?

      If you want energy that is cheap, reliable, and decentralized then solar power cannot make any significant portion of the grid. Solar is only cheap if it is connected, and that means there's some centralized utility. If you take solar off the grid then you need storage, and that costs money.

      I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack.

      I live in the US Midwest, and we have a lot of "attacks" on the power grid. It was quite interesting to work the late shift at a call center in the middle of a rainstorm when a nearby lightning strike took out the grid power. We sat in the dark for a few seconds until the backup diesel generators started up. If that call center had decentralized solar power then the lightning strike would not have taken out the power, but that's because we'd have been running on the diesel generators since sundown.

      I'm not too concerned about attacks on the power grid since we get them all the time and people have the means to deal with them. If a hacker wants to shut down a grid for a while then what does that mean in the end? Not much really.

      I remember some idiot in California tried shooting up a large transformer with a rifle and was almost successful in creating a pretty big blackout. It was only because the guy goofed and missed out on cutting all the control wires for diverting power that he was not successful in making the substation go up in sparks and flames. Of course you then had some US senators call for more gun control (because in California the gun ban didn't work so we have to ban them again) and to armor up all substations (because utility prices aren't high enough already).

      How do you protect solar panels from an attack? Wouldn't an idiot with a rifle be even more successful in attacking solar panels than a coal, nuclear, or natural gas power plant? I mean we can (and do) put a nuclear power plant in a big concrete dome to protect it from attack but we can't do that to solar panels. What of a hail storm? Wouldn't that turn your precious decentralized solar panels into a worthless (and toxic) busted up mess? Without a tie to the grid then how are these people supposed to get power until the solar panels are repaired? I know the answer, on site diesel generators, kind of like how we deal with grid outages now.

      I'm sure that there's a lot of things we could do to secure our electrical supply. I'm also sure that solar power isn't one of those things.

      • Solar is only cheap if it is connected, and that means there's some centralized utility. If you take solar off the grid then you need storage, and that costs money.

        Careful or facts might get in the way. [bloomberg.com] It's called economies of scale and it's helped us before. [forbes.com]

        Wouldn't an idiot with a rifle be even more successful in attacking solar panels than a coal, nuclear, or natural gas power plant?

        The point is the reduce amount of damage that can be done by one person. With shingles they could use a shitload of ammo to destroy the power system for one house but they can't do that to millions of houses. Even if one guy shot a bunch of solar panels, you can just go to wal-mart and buy a new panel.

        I mean we can (and do) put a nuclear power plant in a big concrete dome to protect it from attack but we can't do that to solar panels. What of a hail storm?

        Oh those pesky facts [youtube.com] are at it again!

        Without a tie to the grid then how are these people supposed to get power until the solar panels are repaired? I know the answer, on site diesel generators, kind of like how we deal with grid outages now.

        With solar shingles, you would have to take them all out to reduce power

        • I have a video with those pesky facts too.
          https://www.youtube.com/watch?... [youtube.com]

          What will your windmill or solar panel look like after a plane crashes into it? I don't care if your solar panels are bulletproof, they are never going to hold up to the abuse that a concrete bunker can.

          This isn't rocket science.

          I'm pretty sure rocket science was involved in the survivability tests of a nuclear power plant.

          The point is the reduce amount of damage that can be done by one person.

          Right, and no single person is going to take down a nuclear power plant, or any significant portion of the electrical grid. A hail storm

          • What will your windmill or solar panel look like after a plane crashes into it? I don't care if your solar panels are bulletproof, they are never going to hold up to the abuse that a concrete bunker can.

            Are you concerned about planes crashing into your house? I've never had that problem. Do you live in a concrete bunker in fear of planes?

            Right, and no single person is going to take down a nuclear power plant, or any significant portion of the electrical grid

            Did you not see what the article was about? it doesn't matter if your power supply could withstand a kinetic orbital strike if a single hacker can destroy the entire electrical grid infrastructure via computer network.

            If a bunch of solar panels and windmills get busted up then Walmart is going to run out of both real quick.

            If only there was a way to move such large items from one town to the next! -_-

            you show graphs of solar panels getting cheaper but can't nuclear power get cheaper too?

            If it hasn't happened in the last 70 years, why do you think it would start

            • Are you concerned about planes crashing into your house? I've never had that problem. Do you live in a concrete bunker in fear of planes?

              No, but I do make sure my truck is parked in a garage if hail is mentioned in the weather forecast. I've seen what hail can do to a solar panel, and to a patch of concrete. The concrete looks pretty much the same afterwards, the solar panel not so much.

              Did you not see what the article was about? it doesn't matter if your power supply could withstand a kinetic orbital strike if a single hacker can destroy the entire electrical grid infrastructure via computer network.

              I read the article and it's a bunch of crap, and so is the mention of trying to address the problem with decentralized solar power. A hail storm busting up a bunch of solar panels is many orders of magnitude more likely to disrupt power than any computer a

      • I didn't mean to quote the same line twice. The second quote was supposed to be:

        Be it a tree or hacker, centralized power systems a vulnerable to attack.

        For some reason I didn't catch it in the preview.

      • The parent mentioned "off-grid" which means you have your own huge battery pack and don't connect to anything. Right now that is somewhat nonsense as they are expensive and an environmental catastrophe. We really don't need batteries for the night. That's why God invented combined-cycle gas turbines. We don't need to shift to 100% renewables to avoid making the planet inhospitable. Short-term, we're going to see more smart grid with more attach surface.
  • by remoteshell ( 1299843 ) on Wednesday September 06, 2017 @05:12PM (#55150275)
    According to http://cybersquirrel1.com/ [cybersquirrel1.com] there have been 1049 successful grid attacks YTD by squirrels, although raccoons pose a significant threat. Grid operators track outage causes, and human attacks are paltry compared to natural causes. A ton of strategically placed sunflower seeds could be bought for about the cost of 20 Symantec licenses. I for one quake in fear of our bushy tailed nemesis.
    • Don't you mean "nemeses"? There's more than one you know.

    • This gets modded funny, but I'd like to see the security freaks respond to this someday. Hey security guy, let's say I'm a power company exec --Why should I pay you twice what the guys battling the squirrels get? How about I fire you and hire two more squirrel fighters...

  • Our government is behind this in order to make everyone afraid and give up more rights and to justify their cyber warfare initiatives.
  • i need more than just Symantec saying so, since they themselves verge on malware.

  • 1. Isn't it true that this sort of thing isn't exactly new? That we could do it to any number of countries, too, if we wanted to, right now?
    2. If this is actually more than just FUD, then why isn't, for instance Cal ISO issuing a press release about it? I'd think they'd know before anyone else would.
    • by AHuxley ( 892839 )
      Re "1. Isn't it true that this sort of thing isn't exactly new? That we could do it to any number of countries, too, if we wanted to, right now?"
      The US moved to build networks into its grid to replace union workers on site.
      A few people with computer networks could replace a lot of workers on site per state/city.
      But few experts expected the networks to just stay in place over years once connected to the internet.
      New upgrades have to be sold to make the networks better and more secure.
      The news cycle mo
      • Humans join unions and new wage costs get passed onto poor communities.

        Then ban the unions.

        If people join a union to make demands then fire them all. Unions are their own worst enemy. They'd actually be useful if they didn't get so full of themselves and threaten a work stoppage to make their point. Breaking up the troublesome unions will cause a short time cost at first but in the end everyone is better off, including the workers.

  • After the break, barber claims long hair causes cancer.

  • I wonder if this is the result of them issuing bad SSL certs?

    Symantec Mis-issuing 30,000 SSL Certificates [arstechnica.com]

    Just sayin'...
  • Everyone's known since Stuxnet was identified in late 2010 [wikipedia.org], that these companies were vulnerable to serious attacks. So for 7 years they've done either nothing or not enough, to secure themselves. I think they're putting the public at risk, therefore, they should be in trouble for negligence. Hopefully nobody's harmed by their negligence.
  • Should you need the services of a hacker, i implore you to visit http://www.hackerspod.com/inde... [hackerspod.com] or you should contact liammoore015@usa.com. i hired him for personal exploits early december last year and that was the decision that lit up my christmas and got me set for 2017. try to hire certified veterans for your hacking needs. this guy surely works like an elite, he is efficient,reliable and provides lasting and permanent solutions.
  • First off, what in the hell would Symantec AV stuff be doing on infrastructure-critical machines that can affect said infrastructure (versus just looking at data points)? Secondly, this isn't something that would be announced by a company unless it was trying to sell a product. They would responsibly notify the infrastructure officials and have them take control of the situation, IF IT EXISTED.

    This reeks of a ploy to induce fear and sell their amazing product that cane "detect things like this" magically.

No spitting on the Bus! Thank you, The Mgt.

Working...