Scary questions in December 23rd Ukraine energy grid hack
January 20, 2016 Apocalypse,Economic News
January 20, 2016
American investigators are traveling to Ukraine to investigate a recent electricity blackout — perhaps the first major act of cyberwar on a civilian population.
Ukraine’s top law enforcement agency, the SBU, has publicly claimed this was a cyberattack by Russia, part of its ongoing war over the Crimean peninsula.
If that’s true, this is a turning point for the use of computer hacking in warfare. It shows that military cyberattacks can be effective at physical disruption.
But right now, little is certain.
1. Parts of Ukraine’s energy grid went down
On December 23, a vast region of Ukraine experienced a power outage. Prykarpattya Oblenergo, a power distributor that serves 538,000 customers, says 27 of its substations went dead. Immediately, 103 cities were “completely blacked out,” and another 186 cities were left partially in the dark.
Meanwhile, Ukrainian customers were unable to report about the blackout. The call centers at Prykarpattya Oblenergo and another energy provider, Kyivoblenergo, were blocked.
Prykarpattya Oblenergo decided to switch to manual controls and engineering teams were dispatched around the region to flip switches back “on.”
Within a few hours, electricity was flowing again.
Even now, nearly a month later, it’s still unclear exactly what flipped the “off” switch. But there are clues about how this attack started.
2. Energy company computers were infected with malware
In a public statement three weeks after the incident, Prykarpattya Oblenergo claimed there had been “a hacker attack” on its computer network. Hackers had snuck into the extremely sensitive controls that manage electricity.
Engineers had tried to turn the power back “on,” but they discovered that a virus had erased the computers engineers use to monitor equipment, according to the SANS Institute, whose international cybersecurity professionals have first-hand analysis of the malware itself.
The U.S. Department of Homeland Security, which tells CNNMoney it is now assisting Ukrainian investigators, backs up the claim that company computers were hacked. Apparently, someone at the energy company opened an infected Microsoft Word document.
DHS confirmed to CNNMoney that computers were infected with a new version of a high-powered malware called BlackEnergy 3.
This has stark implications.
3. That malware has ties to Russia
Cyberweapons are carefully crafted tools that can, at times, show hints of their authors. One particular American cybersecurity company, iSight Partners, has profiled the creators of BlackEnergy.