Hack­ers leave Kiev in the dark. Is Man­hat­tan next?

Ukraine was an easy tar­get—but the U.S. has its own weak­nesses “We al­ways thought there would be this Pearl Har­bor event”

Bloomberg Businessweek (Asia) - - CONTENTS - −Jor­dan Robert­son and Michael Ri­ley

It was an un­sea­son­ably warm af­ter­noon in Ukraine on Dec. 23 when the power sud­denly went out for thou­sands of peo­ple in the cap­i­tal, Kiev, and western parts of the coun­try. While tech­ni­cians strug­gled for sev­eral hours to turn the lights back on, frus­trated cus­tomers got noth­ing but busy sig­nals at their util­i­ties’ call cen­ters.

Al­most im­me­di­ately, Ukrainian se­cu­rity of­fi­cials made claims about the cause of the power fail­ure that evoked fu­tur­is­tic con­cepts of cy­ber­war. Hack­ers had taken down al­most a quar­ter of the coun­try’s power grid, they said. Specif­i­cally, the of­fi­cials

blamed Rus­sians for tam­per­ing with the util­i­ties’ soft­ware, then jam­ming the power com­pa­nies’ phone lines to keep cus­tomers from alert­ing any­one.

Hack­ing a power grid: It sounds like the kind of dooms­day sce­nario ex­perts in the U.S. and Europe have warned about for years. “Imag­ine if some­one shut down the power to New York’s traf­fic grid dur­ing rush hour,” says Tony Lawrence, chief ex­ec­u­tive of­fi­cer of cy­ber­se­cu­rity firm VOR Tech­nol­ogy. “Cy­ber at­tacks against pub­lic util­i­ties sys­tems could have dis­as­trous ef­fects.” But the cy­ber­se­cu­rity re­searchers in­ves­ti­gat­ing the power fail­ure now say it’s clear this wasn’t the kind of so­phis­ti­cated at­tack that could fell the U.S. in 15 min­utes, as for­mer White House coun­tert­er­ror­ism chief Richard Clarke fa­mously pre­dicted.

“We al­ways thought there would be this Pearl Har­bor event. One day, some­one would get mad enough, and they’d un­leash the hounds of hell,” says Ja­son Larsen, a con­sul­tant with cy­ber­se­cu­rity firm IOAc­tive who spe­cial­izes in in­dus­trial con­trol sys­tems. “That’s not re­ally what we’ve seen.”

The Ukrainian hack knocked out at least 30 of the coun­try’s 135 power sub­sta­tions for about six hours. Cy­ber­se­cu­rity firms work­ing to trace its ori­gins say the at­tack oc­curred in two stages. First, hack­ers used mal­ware to di­rect util­i­ties’ in­dus­trial con­trol com­put­ers to dis­con­nect the sub­sta­tions. Then they in­serted a wiper virus that made the com­put­ers in­op­er­a­ble.

Sev­eral of the firms re­search­ing the at­tack say signs point to Rus­sians as the cul­prits. The mal­ware found in the Ukrainian grid’s com­put­ers, Black­En­ergy3, is a known weapon of only one hack­ing group—dubbed Sand­worm by re­searcher ISight Part­ners—whose at­tacks closely align with the in­ter­ests of the Rus­sian govern­ment. The group car­ried out at­tacks against the Ukrainian govern­ment and NATO in 2014. The wiper virus was last seen in at­tacks against jour­nal­ists cov­er­ing lo­cal elec­tions in Ukraine in Oc­to­ber. “The tar­gets are def­i­nitely in line with Rus­sian geopo­lit­i­cal in­ter­ests,” says John Hultquist, ISight’s di­rec­tor of cy­ber espionage anal­y­sis.

The more au­to­mated U.S. and Euro­pean power grids are much tougher tar­gets. To cloak Man­hat­tan in dark­ness, hack­ers would likely need to dis­cover flaws in the sys­tems the util­i­ties them­selves don’t know ex­ist be­fore they could ex­ploit them. In the Ukrainian at­tack, lead­ing se­cu­rity ex­perts be­lieve the hack­ers sim­ply lo­cated the grid con­trols and de­liv­ered a com­mand that shut the power off. Older sys­tems may be more vul­ner­a­ble to such at­tacks, as mod­ern in­dus­trial con­trol soft­ware is bet­ter at rec­og­niz­ing and re­ject­ing unau­tho­rized com­mands, says IOAc­tive’s Larsen.

That said, a suc­cess­ful hack of more ad­vanced U.S. or Euro­pean sys­tems would be a lot harder to fix. Ukrainian util­ity work­ers re­stored power by rush­ing to each dis­abled sub­sta­tion and re­set­ting cir­cuit break­ers man­u­ally. Hack­ers ca­pa­ble of scram­bling New York’s power plant soft­ware would prob­a­bly have to by­pass safety mech­a­nisms to run a gen­er­a­tor or trans­former hot­ter than nor­mal, phys­i­cally dam­ag­ing the equip­ment. That could keep a sub­sta­tion off­line for days or weeks, says Michael As­sante, for­mer chief se­cu­rity of­fi­cer for the non­profit North Amer­i­can Elec­tric Re­li­a­bil­ity.

Hack­ers may have tar­geted Ukraine’s grid for the same rea­son NATO jets bombed Serbian power plants in 1999: to show the cit­i­zenry that its govern­ment was too weak to keep the lights on. The hack­ers may even have seen the at­tack as in-kind re­tal­i­a­tion af­ter sab­o­tage left 1.2 mil­lion peo­ple in Krem­lin-con­trolled Crimea with­out lights in Novem­ber. In that case, sabo­teurs blew up py­lons with

ex­plo­sives, then at­tacked the re­pair crews that came to fix them, cre­at­ing a blackout that lasted for days. Re­searchers will con­tinue to study the cy­ber at­tack in Ukraine, but the les­son may be that when it comes to war, a bomb still beats a key­board.

The bot­tom line Ag­ing sys­tems made the Ukraine grid eas­ier to hack but also eas­ier to get back up in hours. A suc­cess­ful U.S. at­tack could last weeks.

Fin­ger­print Ko­diak In­dus­tries’ In­tel­li­gun rec­og­nizes a user’s fin­ger­print. Grip­ping the gun un­locks the gun, which re­locks as soon as the wielder lets go.

RFID IGun Tech­nol­ogy’s sys­tem in­cor­po­rates an RFID chip into a ring worn by the owner and uniquely coded for a par­tic­u­lar gun, which ac­ti­vates when the wearer’s ring hand is placed on the stock.

Pass­code Ar­matix’s Base­lock mod­ule re­quires a PIN to re­lease a firearm it’s hold­ing. A rod holds the gun in place.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.