BY PAVEL POLITYUK
Hackers were able to attack four sections of Ukraine's power grid with
malware late last year because of basic security lapses and they could take
down other industrial facilities at any time, a consultant to government
investigators said.
Three power cuts reported in separate areas of western and central Ukraine
in late December were the first known electrical outages caused by cyber
attacks, causing consternation among businesses and officials around the world.
The consultant, Oleh Sych, told Reuters a fourth Ukrainian energy company
had been affected by a lesser attack in October, but declined to name it.
He also said a similar type of malware had been identified by the Ukrainian
anti-virus software company Zillya! where he works as far back as July, making
it impossible to know how many other systems were at risk.
"This is the scariest thing - we're living on a powder keg. We don't
know where else has been compromised. We can protect everything, we can teach
administrators never to open emails, but the system is already infected,"
he said.
Sych, whose firm is advising the State Security Service SBU and a
commission set up by the energy ministry, said power distributors had ignored
their own security rules by allowing critical computers to be hooked up to the
Internet when they should have been kept within an internal network.
This so-called "air gap" separates computer systems from any
outside Internet connections accessible to hackers.
"A possible objective was to bring down some branches (of the
Ukrainian energy system) and create a 'domino effect' to collapse the entire
system of Ukraine or a significant part," Sych said.
Ukraine has also been targeted in other cyber attacks, which included
hacking into the system of Ukraine's biggest airport and TV news channels.
Security services and the military blamed the attacks on Russia, an
allegation dismissed by the Kremlin as evidence of Ukraine's tendency to accuse
Russia of "all mortal sins".
Russia annexed Crimea from Ukraine in 2014 and has supported separatist
rebels in east of the former Soviet republic, arguing that Kiev's
Western-backed government, elected after the Moscow-backed president fled
widespread protests, was illegitimate.
Sych, who said he could not reveal all the details of the probe, said there
was no conclusive evidence that the attacks originated in Russia. One of the
emails was sent from the server of a German university, another from the United
States, he said.
INSIDER
International cyber-security researchers who have studied the attacks believe
the attackers broke into networks by sending targeted emails designed to trick
utility insiders to click on Excel documents that were poisoned with
malware used to gain control inside the networks.
Sych agreed, saying:
"We understand that this couldn't have happened without an insider. To
carry out this kind of attack you need to know what kind of operating system
and SCADA (supervisory control and data acquisition) are used and what software
controls the industrial facility," he said.
SCADA software is widely used to control industrial systems worldwide.
"The attackers must have known what software was installed ... to test
(the malware) on it. Clearly preliminary investigations were carried out and
this was easy to do with this kind of insider information."
He said the hackers had sent the e-mails in question to workers at the
affected power distribution companies with infected Word or Excel files that
were meant to look like official correspondence from the energy ministry.
They contained topics that would have been recognizable to the workers and
were not sent out en masse but targeted certain individuals instead. One of the
emails was about regional electricity production levels, he said.
"It was all very simple and stupid," Sych said, adding that the
hackers totally wiped the data of some of the computers in one of the firms.
Details of the impact of the attacks have been sketchy, but one is reported
to have affected 80,000 customers for two hours. The three named companies
declined to comment on Sych's remarks.
"All experts agree this sort of attack on electric utilities or other
critical infrastructure was bound to happen because engineering-wise,
physics-wise it is technically possible to do," said Kenneth Geers, a
Kiev-based national security analyst who worked for U.S. intelligence agencies
for 20 years until 2013.
All it takes is political will or opportunism to try something like this,
he said.
Ukrainian Deputy Energy Minister Oleksander Svetelyk has also accused the
companies of lapses, saying on Tuesday there had been a "a lot of
errors". He added that U.S. cyber experts would come to Kiev later this
week to help with the investigation.
No comments:
Post a Comment