houston news, houston local news, breaking news in houston, houston weather at newscast media





















Hackers plan to seize and shut down power plants in the U.S.


 power plants


 by Joseph Ernest August 3, 2010


Newscast Media --For the first time, experts have discovered a malicious computer code called "worm" that was specifically created to take over systems that control the inner workings of industrial plants.  The Department of Homeland Security is now scrambling to build specialized teams that can respond quickly to cyber emergencies and industrial facilities across the country.


Hackers have stepped up their game, which has brought great concern to Sean McGurk, director of control systems security for Homeland Security who said, "This type of malicious code and others we’ve seen recently are actually attacking the physical components, the devices that open doors, close doors, build cars and open gates.They’re not just going after the ones and zeros (of a computer code), they’re going after the devices that actually produce or conduct physical processes."


A successful attack against a critical control systems, the Energy Department warned in its May report, "may result in catastrophic physical or property damage and loss."


In June of 1997, the NSA, Pentagon, FBI, etc. worked jointly on an exercise called "Eligible Receiver". This exercise was designed to see what a coordinated cyberattack could do to US military functions in the Pacific Theater and with US national infrastructure. NSA "hacker" teams posed for the exercise as North Korean cyberwarriors trying to influence US policy in the Pacific, and attacked Unclassified military computer systems throughout that area, the US 911 Emergency system, and the US Power Grid.


A Defense Department official is quoted in the Washington Times as saying, "The

attacks were not actually run against the infrastructure components because we don't want to do things like shut down the power grid …. The referees were shown the attacks and shown the structure of the power-grid control, and they agreed, yeah, this attack would have shut down the power grid. Eligible Receiver then clearly indicates that our power grid is vulnerable."


Senator John Kyl, in a November 1998 interview on cyberterrorism conducted by the United States Information Agency (USIA), said about the exercise, "Well,

cyberterrorism is surprisingly easy. It's hard to quantify that in words, but there have been some exercises run recently. One that's been in the media, called "Eligible Receiver", demonstrated in real terms how vulnerable the transportation grid, the electricity grid, and others are to an attack by, literally, hackers -- people using conventional equipment, no "spook" stuff in other words."

                                   Story continues below...


The Defense Department admits to hundreds of successful attacks on its networks in recent years. Quoting Brian Murphy, who left the Defense Department's network security unit last year to work for the security firm Riptech, he said, "No computer hacker has yet shut down an electrical grid or opened a dam. But our nation's critical infrastructure is both connected to public networks and vulnerable. It's open to terrorists, operating from anywhere in the world, with the motivation and skills to wreck havoc."

Schweitzer Engineering Laboratories (SEL), in their white paper "Safeguarding Intelligent Electronic Device (IED) and Supervisory Control And Data Acquisition (SCADA) systems Against Electronic Intrusions" came up with scenarios under which the power grid could be hacked.

Attack Scenario #1: Using insider information, a disgruntled employee or ex-employee, with a grudge against a generation facility accesses protective equipment (either physically or electronically) and changes settings. The results are that the equipment either (a) fails to operate when it should, causing bus, line, or transformer damage, or (b) operates when it shouldn’t, causing service interruption.

Attack Scenario #2: Using a war-dialer (a program to control a modem for automated attacks), a disgruntled customer scans hundreds of phone numbers above and below the utility’s publicly available phone numbers, looking for answering modems. When a connection is found, multiple returns, question marks, "HELP," and "HELLO" are entered to probe the connection and look for clues as to the kind of connection. Once a login dialog is acquired, the intruder uses social engineering to determine login information, or launches a dictionary-based or brute-force password attack. When the connection is complete, the intruder is "inside" the Intelligent Electronic Device (IED) controller, or SCADA system. Data can then be altered or destroyed, communications can be blocked or rerouted, and settings can be changed deliberately or randomly. The state of the equipment and service is in jeopardy.


Attack Scenario #3: A disgruntled customer, ex-employee, foreign agent, or terrorist uses a port scan or ping-sweep program to identify active system ports and/or network IP addresses belonging to a public utility. When an active connection is found, multiple returns, question marks, "HELP," "HELLO," and "LOGIN" are entered to probe the connection and look for clues as to the kind of connection. Once a login dialog is acquired the intruder uses insider information, social engineering, or a password attack to gain access to the system. Once again, all data, communications, and settings are vulnerable, so equipment and service is jeopardized.


Attack Scenario #4: An employee with access to computer information services is duped into installing or running a computer "game" or otherwise seemingly innocuous application by a friend, ex-employee, supervisor, vendor, or virtually anyone with legitimate connections to the employee’s company. The installed computer application contains a Trojan horse program that opens a backdoor into the computer network. The inventor of the Trojan horse program is automatically notified that the backdoor is open, gains access to the system to retrieve and exploit inside information enabling him or her to access SCADA systems and protective equipment. The computer information system (e.g., control commands and metering data) and all systems subordinate to it are now in jeopardy.


Attack Scenario #5: An employee, inside service provider, or vendor representative with privileged information is approached by an unscrupulous competitor, foreign agent, or terrorist. The employee is bribed or duped into sabotaging systems and settings or creating access mechanisms the agent could use for subsequent activities that jeopardize equipment and services.


Attack Scenario #6: An unscrupulous competitor, foreign agent, terrorist or network service provider uses public information and social engineering to obtain network traffic patterns for TCP/IP packets moving between supervisory stations and remote protective equipment or metering equipment. A network analyzer or "sniffer" is attached to the network line to show the content of all data packets between the supervisory and remote. In evaluating the "worst-case" scenario, if more than one individual directed attention to more than one section of the power grid, the US could really be in trouble.


SEL, in the same white paper, states, "Finally, note that the most insidious form of electronic attack – a coordinated many-on-many attack is also the hardest to diagnose and establish culpability. A few individuals determined to disrupt power services could launch a coordinated attack on electric power systems, using the same techniques that crippled U.S. E-commerce sites in February 2000."


The US could be attacked from multiple sites across the world, experience a true Distributed Denial of Service attack on the power grid, and might never be able to determine (at least electronically) who initiated the attack.


Despite all this information, the electric power utility industry still refuses to admit that they are vulnerable out of fear of losing their local customers.

                                           Add Comments>>    

Source attribution:

SANS Institute

Department of Defense

Department of Homeland Security

Schweitzer Engineering Laboratories (SEL)






       Find newscast media on youtube for houston news and local breaking news        get newscast media news feeds for breaking news, houston local news and world news.          Get our facebook updates on world news, houston news and houston local news including sports         Twitter

 Join the Newscast Media social networks

for current events and multimedia content.






 Copyright© Newscast Media. All Rights Reserved. Terms and Privacy Policy