Global Panic Update: Government Reveals Details About Energy Grid HacksPosted: April 5, 2016
Hackers have stolen sensitive information from American energy companies — and have planted malware in the energy grid with the intent to turn off the lights in the future.
Jose Pagliery reports: They even managed to infect at least three energy companies with Cryptolocker ransomware, a particularly nasty computer virus that locks digital files and demands a ransom payment.
Newly released documents from the Department of Homeland Security are finally shedding some light on what exactlyhackers are doing when they sneak into the American electrical grid.
Some of the attacks described in the report are potentially serious.
Aggressive foreign government hackers broke into American companies 17 times between October 1, 2013 and September 30, 2014, according to DHS. In two cases they snuck into U.S. petroleum organizations, and hackers are “suspected of exfiltrating data” from one of them.
It’s rare, but highly sophisticated foreign government hackers have gotten inside the energy grid, DHS said. They hack “primarily to conduct cyber espionage … to conduct a damaging or disruptive attack in the event of hostilities with the United States,” DHS stated in a recent internal “intelligence assessment.”
That sounds alarming, but DHS is throwing cold water on any present worries. The agency concluded that damaging cyberattacks against the American energy sector is “possible but not likely.”
That calm demeanor doesn’t sit well with some cybersecurity experts. Ryan Duff is a researcher and former member of U.S. Cyber Command, the American military’s hacking unit. He warned that once a hacker gets into a computer — even if physical damage hasn’t been caused yet — the potential is there.
“While I agree with the DHS assessment overall, it’s still pretty frightening,” he said. “The fact is that the ability to cause destruction exists. Their assessment that attack is unlikely is based on political realities instead of technical realities. Attack is way more than technically possible.”
DHS prefers to label these cyber incidents as “espionage or some other activity,” rather than “cyberattacks.” To date, there have been “no damaging or destructive attacks against the U.S. energy sector,” DHS said.
“The majority of malicious activity occurring against the U.S. energy sector is low-level cybercrime that is … not meant to be destructive,” DHS analysts wrote.
“Most of the attacks that we’ve witnessed against this sector are in fact criminal in nature,” he told CNNMoney. “In some cases we even see criminals not realizing the importance of some of the machines [they gained access to.]”
The agency cautions against media using the term cyber “attack,” although it’s own 2013 advisory refers to cyber “attack” 56 times.
Closely guarded secrets
Government investigators typically keep silent about potentially destructive hacks targeting the U.S. energy sector.
A CNNMoney investigation last year showed that Corporate America keeps huge hacks secret by having the government deem any evidence “Protected Critical Infrastructure Information,” which is then specially guarded from public view.
No companies with computers infected by hackers are mentioned by name. And details are slim….(read more)