Digital

Cyber attack turns lights out in Ukraine

Ukraine’s energy ministry and the US Department of Homeland Security have confirmed that December’s blackout was the result of a cyber attack.

A member of the US Homeland Security Division has warned that a recent-cyber attack on Ukraine’s electricity network could be replicated in Western Europe.

The US Homeland Security Division has blamed December’s attack on hackers, while the Ukrainian energy ministry declared that the energy blackouts were caused by cyber hackers operating on Russian soil. About 225,000 people were left without power for a few hours when the Ukraine suffered what is believed to be the first successful cyber attack on an electricity distribution network.

While the report from the US acknowledges that the attack was ‘synchronised and coordinated’ it warns that, as of yet, how the attack was actually carried out is still under review.

The most popular theory at present suggests that attackers had been targeting the power plant for at least six months before power was shut off. The attackers are believed to have begun their attack by sending phishing emails to Ukraine’s power utility companies’ office. These emails had Microsoft Word documents attached. When these documents were opened, they installed malware. While firewalls did separate the affected computers from the power control systems, the malware, known as BlackEnergy 3 allowed the cyber criminals to gather passwords and logins, with which they were able to mount an attack.

The malware is also believed to have installed a component known as KillDisk, which can delete or overwrite data files. The source code for KillDisk reveals that it can destroy critical parts of a computer hard drive and it also appears to have functions that sabotage industrial control systems.

Following months of data collection, the attackers are believed to have gained the ability to remotely log in to supervisory control and data acquisition (Scada) systems. With this access, they were able to cut power at 17 substations and jammed the company’s phone lines making it hard for engineers to determine the extent of the blackout.

 The hackers also rewrote firmware in the electronic devices used to communicate with the substations’ circuit breakers. This meant that even after control of the Scada systems had been regained, engineers had to visit the substations and operate them manually.

Over the past few years much speculation in the western security world has focused on the potential of cyber hackers attacking physical infrastructure and utilities. Intelligence services warned last year that hackers were rummaging around in the systems of some European utility providers with malevolent intent. However, western security officials had always assumed that the governments with the technical capabilities to shut down a power plant, would not actually dare to do so.

 Yet this attack has drawn that assumption into doubt and with companies unlikely to be able to prevent every assault on their system, is a future of cyber attacks on infrastructure one we must all prepare for? These events should certainly give those responsible reason to focus on any potential vulnerabilities in infrastructure systems.

Show More
Back to top button