Power plants, other infrastructure face hackers

Jan 28, 2010 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

The findings come in a survey being released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks.

The survey is based on interviews in September with 600 executives and technology managers from infrastructure operators in 14 countries. It was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data. The respondents aren't named and specifics aren't given about what happened in the attacks.

The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure.

In November, CBS's "60 Minutes" reported that several Brazilian power outages were caused by hackers - a report that Brazilian officials have played down. Last April, U.S. government officials said that spies hacked into the U.S. and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems.

In the new report, 54 percent of respondents acknowledged that they had been hit by "stealthy infiltration" of their networks. In such break-ins, criminals can plant to steal files, spy on e-mails and do even scarier things like remotely controlling equipment inside a utility.

Utilities are increasingly using mainstream software and connecting parts of their operations to the Internet so technicians can service problems remotely. Both factors heighten the danger of a break-in.

The same percentage of respondents also said they have experienced large-scale "denial-of-service" attacks, in which a computer network is knocked out of service because of it is flooded with bogus Internet traffic.

An even higher proportion of respondents - 59 percent - believed that representatives of foreign governments were involved in the attacks and others on critical infrastructure in their countries.

Perhaps even more alarming: Many intruders have apparently done something harmful with the access they've stolen.

Sixty-five percent of the respondents that had experienced large-scale denial of service attacks said the incidents had at least some effect on their operations, from minor service interruptions to sustained damage and critical breakdowns.

Extortion is a common motivation, with hackers demanding money to end or agree not to carry out an attack. The power and oil and gas sectors were the most frequently targeted.

Identifying the culprits in such attacks can be next to impossible, because computer attacks are typically routed through multiple layers of infected computers to disguise the source. However, researchers can often learn clues about the attackers' country of origin by studying the language and other signs in the malicious software's programming.

Explore further: Sistine chapel dazzles after technological makeover

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Report: DDoS attacks big Net threat

Oct 12, 2005

A new report warns that Internet service providers are facing an unrelenting barrage of distributed denial of service attacks aimed at crashing the network.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

US cybersecurity chief warns of 'market' in malware

Jun 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Audit: Air traffic systems vulnerable to attack

May 06, 2009

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Recommended for you

Sistine chapel dazzles after technological makeover

5 hours ago

High above the altar in the Vatican's Sistine Chapel, the halo around Jesus Christ's head in Michelangelo's famous frescoes shines with a brighter glow, thanks to a revolutionary new lighting system.

Free urban data—what's it good for?

21 hours ago

Cities around the world are increasingly making urban data freely available to the public. But is the content or structure of these vast data sets easy to access and of value? A new study of more than 9,000 ...

Rice team sets sights on better voting machine

Oct 27, 2014

At the urging of county election officials in Austin, Texas, a group of Rice University engineers and social scientists has pulled together a team of U.S. experts to head off a little-known yet looming crisis ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

bugmenot23
not rated yet Jan 28, 2010
This article is BS. The Brazil incident had nothing to do with their generation or distribution network. Even the dumbest network administrator knows that critical infrastructure needs its own network, not connected (i.e.: air-gapped) with the Internet. Is this article an ad for McAfee?
Caliban
1 / 5 (1) Jan 28, 2010
Or possibly another way to justify a money-grab for taxpayer dollars?
Pasha
not rated yet Jan 29, 2010
Maybe the hackers actually physically get into the network at some power plant and do their work. Although that wouldn't work if they were from another country. But I don't think that this is an ad for McAfee.
StarDust21
not rated yet Jan 29, 2010
Hearing the news in the last few months lead me to think it's a peace of cake to read someones emails for any knowledgeable hacker no matter how reputed your email provider is(gmail, yahoo mail, hotmail...)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.