Power plants, other infrastructure face hackers

Jan 28, 2010 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

The findings come in a survey being released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks.

The survey is based on interviews in September with 600 executives and technology managers from infrastructure operators in 14 countries. It was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data. The respondents aren't named and specifics aren't given about what happened in the attacks.

The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure.

In November, CBS's "60 Minutes" reported that several Brazilian power outages were caused by hackers - a report that Brazilian officials have played down. Last April, U.S. government officials said that spies hacked into the U.S. and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems.

In the new report, 54 percent of respondents acknowledged that they had been hit by "stealthy infiltration" of their networks. In such break-ins, criminals can plant to steal files, spy on e-mails and do even scarier things like remotely controlling equipment inside a utility.

Utilities are increasingly using mainstream software and connecting parts of their operations to the Internet so technicians can service problems remotely. Both factors heighten the danger of a break-in.

The same percentage of respondents also said they have experienced large-scale "denial-of-service" attacks, in which a computer network is knocked out of service because of it is flooded with bogus Internet traffic.

An even higher proportion of respondents - 59 percent - believed that representatives of foreign governments were involved in the attacks and others on critical infrastructure in their countries.

Perhaps even more alarming: Many intruders have apparently done something harmful with the access they've stolen.

Sixty-five percent of the respondents that had experienced large-scale denial of service attacks said the incidents had at least some effect on their operations, from minor service interruptions to sustained damage and critical breakdowns.

Extortion is a common motivation, with hackers demanding money to end or agree not to carry out an attack. The power and oil and gas sectors were the most frequently targeted.

Identifying the culprits in such attacks can be next to impossible, because computer attacks are typically routed through multiple layers of infected computers to disguise the source. However, researchers can often learn clues about the attackers' country of origin by studying the language and other signs in the malicious software's programming.

Explore further: Four questions about missing Malaysian plane answered

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Report: DDoS attacks big Net threat

Oct 12, 2005

A new report warns that Internet service providers are facing an unrelenting barrage of distributed denial of service attacks aimed at crashing the network.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

US cybersecurity chief warns of 'market' in malware

Jun 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Audit: Air traffic systems vulnerable to attack

May 06, 2009

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Recommended for you

Four questions about missing Malaysian plane answered

Apr 19, 2014

Travelers at Asian airports have asked questions about the March 8 disappearance of Malaysia Airlines Flight 370 while en route from Kuala Lumpur to Beijing. Here are some of them, followed by answers.

Under some LED bulbs whites aren't 'whiter than white'

Apr 18, 2014

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Freight train industry to miss safety deadline

Apr 16, 2014

The U.S. freight railroad industry says only one-fifth of its track will be equipped with mandatory safety technology to prevent most collisions and derailments by the deadline set by Congress.

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

bugmenot23
not rated yet Jan 28, 2010
This article is BS. The Brazil incident had nothing to do with their generation or distribution network. Even the dumbest network administrator knows that critical infrastructure needs its own network, not connected (i.e.: air-gapped) with the Internet. Is this article an ad for McAfee?
Caliban
1 / 5 (1) Jan 28, 2010
Or possibly another way to justify a money-grab for taxpayer dollars?
Pasha
not rated yet Jan 29, 2010
Maybe the hackers actually physically get into the network at some power plant and do their work. Although that wouldn't work if they were from another country. But I don't think that this is an ad for McAfee.
StarDust21
not rated yet Jan 29, 2010
Hearing the news in the last few months lead me to think it's a peace of cake to read someones emails for any knowledgeable hacker no matter how reputed your email provider is(gmail, yahoo mail, hotmail...)

More news stories

Growing app industry has developers racing to keep up

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Making graphene in your kitchen

Graphene has been touted as a wonder material—the world's thinnest substance, but super-strong. Now scientists say it is so easy to make you could produce some in your kitchen.