Government reveals details about energy grid hacks
Hackers have stolen sensitive information from American energy companies — and have planted malware in the energy grid with the intent to turn off the lights in the future.
They even managed to infect at least three energy companies with Cryptolocker ransomware, a particularly nasty computer virus that locks digital files and demands a ransom payment.
Newly released documents from the Department of Homeland Security are finally shedding some light on what exactly hackers are doing when they sneak into the American electrical grid.
The DHS intelligence assessment — originally dated January 27, 2016 — was published by Public Intelligence, a research project that shares secretive documents to educate people.
Some of the attacks described in the report are potentially serious.
Aggressive foreign government hackers broke into American companies 17 times between October 1, 2013 and September 30, 2014, according to DHS. In two cases they snuck into U.S. petroleum organizations, and hackers are “suspected of exfiltrating data” from one of them.
It’s rare, but highly sophisticated foreign government hackers have gotten inside the energy grid, DHS said. They hack “primarily to conduct cyber espionage … to conduct a damaging or disruptive attack in the event of hostilities with the United States,” DHS stated in a recent internal “intelligence assessment.”
That sounds alarming, but DHS is throwing cold water on any present worries. The agency concluded that damaging cyberattacks against the American energy sector is “possible but not likely.”
That calm demeanor doesn’t sit well with some cybersecurity experts. Ryan Duff is a researcher and former member of U.S. Cyber Command, the American military’s hacking unit. He warned that once a hacker gets into a computer — even if physical damage hasn’t been caused yet — the potential is there.
“While I agree with the DHS assessment overall, it’s still pretty frightening,” he said. “The fact is that the ability to cause destruction exists. Their assessment that attack is unlikely is based on political realities instead of technical realities. Attack is way more than technically possible.”
DHS prefers to label these cyber incidents as “espionage or some other activity,” rather than “cyberattacks.” To date, there have been “no damaging or destructive attacks against the U.S. energy sector,” DHS said.
“The majority of malicious activity occurring against the U.S. energy sector is low-level cybercrime that is … not meant to be destructive,” DHS analysts wrote.
Kyle Wilhoit, who investigates these types of hacks for Trend Micro (TMICF), said criminal hackers sometimes gain access to sensitive machinery by mistake.
“Most of the attacks that we’ve witnessed against this sector are in fact criminal in nature,” he told CNNMoney. “In some cases we even see criminals not realizing the importance of some of the machines [they gained access to.]”
The agency cautions against media using the term cyber “attack,” although it’s own 2013 advisory refers to cyber “attack” 56 times.