Energy

Russian Hackers May Have Weaponized The Grid, And It’s Got US Intel Spooked

Daily Caller News Foundation logo
Andrew Follett Energy and Science Reporter
Font Size:

U.S. security agencies and private cyber-security firms suspect that hackers linked to Russia may have caused a large-scale power outage in Ukraine over the Christmas season, signaling a huge escalation in cyber attacks.

The Ukrainian government has publicly blamed Russia for the attack which left approximately 700,000 homes without power for several hours on December 23rd, mostly in the Ivano-Frankivsk region of Ukraine.
If the blackout is directly attributed to hackers sponsored by Russia, it would be the first documented case of a cyber attack causing a blackout.

The attack was probably caused by a well-engineered malware called BlackEnergy, which disconnected electrical substations from the main power grid. A similar malware was used against Ukrainian media organizations during 2015 local elections. The United States Department of Homeland Security twice warned American utilities about that type of malware in December of 2014 and again in June of 2015.

Infecting industrial systems, such as power grids, with malware is so simple that there are 5 minute YouTube tutorials on how to do it.

By overwhelming network links with traffic in a Distributed Denial of Service (DDoS) attack, Internet users or cyber-terrorists can and have removed the ability of utilities to communicate with their own electrical grids, effectively causing a blackout. It is entirely possible to hire “mercenary” DDOS attackers over the Internet. The estimated price for 24 hours of consistent DDoS attack is a mere $40, making such attacks available to pretty much anybody. Many companies actually hire hackers to perform DDoS attacks on their competitors.

Another serious concern is unauthorized remote access by hackers. Any kind of improper use of industrial systems can also be disastrous, as demonstrated by the explosion of the Sayano-Shushenskaya hydroelectric dam in Russia in 2009, which killed 75 people and caused an environmental catastrophe. The explosion occurred when a manager improperly accessed the plant remotely.

The increased networking of electrical grids worldwide allows for various time and money-saving features which make the day-to-day operations simpler, however they also make it easier for the grid to be hacked. American utilities, which are relatively well defended compared to Ukraine’s, reported 13 different cyber break-ins between 2011 and 2014. A single one minute of grid downtime can cost up to $15,447 according to analysis.

A Freedom of Information Act request revealed that hackers successfully infiltrated the Department of Energy’s (DOE) computer system more than 150 times between 2010 and 2014. The National Nuclear Security Administration, a sub-agency within DOE that secures the country’s nuclear weapons, was hit with 19 successful cyber attacks over those four years.

Follow Andrew on Twitter

Send tips to andrew@dailycallernewsfoundation.org.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.