DHS and the FBI are now saying that hackers have been trying to penetrate the computer systems of companies that operate nuclear power stations and other energy facilities since May. This is beyond alarming and goes straight into terrifying. They have also been seeking access to manufacturing plants. It’s not just happening in the US; it’s also happening in other countries.
One of the companies targeted is the Wolf Creek Nuclear Operating Corporation. They run a nuclear power plant near Burlington, Kansas. The Department of Homeland Security in conjunction with the Federal Bureau of Investigation has issued an urgent joint report over this. Security specialists have been responding to the attacks and confirm the ongoing incursions. The report carried an urgent amber warning, the second-highest rating for the severity of the threat. Why don’t we hear about this in the news?
Unclear if hackers were spying or looking to manipulate facility
The report did not say if the cyberattacks were espionage or something else. It’s that ‘something else’ that scares me because that would mean a plot to take down our infrastructure. According to the report, there is no evidence that the hackers were able to jump from their victims’ computers to the control systems of the facilities. It also doesn’t say the number of facilities breached. Wolf Creek won’t comment on this other than to say that no operating systems were affected. They also pointed out that their corporate network and the Internet were separate from the network that runs the plant. That’s at least some good news.
What this looks like is that the hackers were mapping out computer networks for future attacks. Investigators have been unable to analyze the malicious “payload” of the hackers’ code, so they lack details on exactly what these asshats are planning or what they are after. All nuclear facilities are required to report cyberattacks. None have been reported yet, at least according to this report they haven’t.
The hackers are smart. They are targeting individuals to gain access to the systems. This would be industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material. That is very, very disturbing and wickedly clever.
Origins of the hackers unclear
We don’t know the origins of the hackers, but this report indicated that an “advanced persistent threat” actor was responsible. Experts believe they are hackers backed by foreign governments. This investigation just started. Two people investigating the situation are saying that the hackers’ techniques mimicked those of the organization known to cybersecurity specialists as “Energetic Bear,” the Russian hacking group that researchers have tied to attacks on the energy sector since at least 2012. I’ve been watching these guys for some time, and they are incredibly talented and dangerous.
These blackhats wrote highly targeted email messages containing fake résumés for control engineering jobs and sent them to the senior industrial control engineers who maintain broad access to critical industrial control systems. The resumes were written in Microsoft Word and were laced with malicious code. Once clicked on and opened, the hackers then steal the person’s credentials and proceed to other machines on the network. They also conducted what are called watering hole attacks, where they compromise legitimate websites that they knew their victims would frequent. They would redirect the victim’s Internet traffic through their servers to gain further access.
This is one of the most serious issues for our country. We are highly vulnerable to cyberattacks, especially from foreign entities. Scada is controlling important infrastructure and, supervisory control and data acquisition systems. They are used by manufacturers, nuclear plant operators and pipeline operators to monitor variables like pressure and flow rates through pipelines. The software also allows operators to monitor and diagnose unexpected problems. But that software itself is susceptible to hacking and malware. Our infrastructure right now is a ticking time bomb. If hackers take it down across the country, the effect would be the same as an EMP attack… deadly.