Ukraine, December 23, 2015: a worker at one of Western Ukraine’s power distribution centers watched helplessly as his computer was taken over by a hacker, who – with click after click of his now remotely controlled mouse – proceeded to take about 30 substations offline. Two other power distribution centers were hit at the same time, bringing the number of substations disabled to 60 and the total number of people without power to 230,000.
The culprit: a piece of Malware called BlackEnergy3, which had infected computers tasked with running the energy grid. Because the attackers changed users’ passwords, preventing them from logging in to stop the attack, and because the virus erased key monitoring computers, engineers were unable to immediately restore power. Eventually, hours later, power was restored using more traditional manual controls, but not before inflicting extensive damage to power control system that is still being remediated today.
The cause of all this chaos? It is believed someone at the power plant unknowingly open an infected Microsoft Word document. Makes one pause, doesn’t it?
Sure, this happened on the other side of the planet, but the United States is not immune to a similar attack. In fact, it’s already happened.
In 2014, it was reported that the US energy grid was attacked 79 times, and the modus operandi for the majority of them was similar to the Ukraine attack – the virus or malware was released through infected email. While the Department of Homeland Security has said such a thing is a “rare occurrence and unlikely to cause widespread damage,” hackers have still been able to infiltrate the US energy grid. (more…)