Power plants, other infrastructure face hackers

January 28, 2010 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

The findings come in a survey being released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks.

The survey is based on interviews in September with 600 executives and technology managers from infrastructure operators in 14 countries. It was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data. The respondents aren't named and specifics aren't given about what happened in the attacks.

The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure.

In November, CBS's "60 Minutes" reported that several Brazilian power outages were caused by hackers - a report that Brazilian officials have played down. Last April, U.S. government officials said that spies hacked into the U.S. and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems.

In the new report, 54 percent of respondents acknowledged that they had been hit by "stealthy infiltration" of their networks. In such break-ins, criminals can plant to steal files, spy on e-mails and do even scarier things like remotely controlling equipment inside a utility.

Utilities are increasingly using mainstream software and connecting parts of their operations to the Internet so technicians can service problems remotely. Both factors heighten the danger of a break-in.

The same percentage of respondents also said they have experienced large-scale "denial-of-service" attacks, in which a computer network is knocked out of service because of it is flooded with bogus Internet traffic.

An even higher proportion of respondents - 59 percent - believed that representatives of foreign governments were involved in the attacks and others on critical infrastructure in their countries.

Perhaps even more alarming: Many intruders have apparently done something harmful with the access they've stolen.

Sixty-five percent of the respondents that had experienced large-scale denial of service attacks said the incidents had at least some effect on their operations, from minor service interruptions to sustained damage and critical breakdowns.

Extortion is a common motivation, with hackers demanding money to end or agree not to carry out an attack. The power and oil and gas sectors were the most frequently targeted.

Identifying the culprits in such attacks can be next to impossible, because computer attacks are typically routed through multiple layers of infected computers to disguise the source. However, researchers can often learn clues about the attackers' country of origin by studying the language and other signs in the malicious software's programming.

Explore further: How a denial-of-service attack works


Related Stories

Report: DDoS attacks big Net threat

October 12, 2005

A new report warns that Internet service providers are facing an unrelenting barrage of distributed denial of service attacks aimed at crashing the network.

Tech 101: How a denial-of-service attack works

July 8, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean government ...

US cybersecurity chief warns of 'market' in malware

June 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Audit: Air traffic systems vulnerable to attack

May 6, 2009

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Recommended for you

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jan 28, 2010
This article is BS. The Brazil incident had nothing to do with their generation or distribution network. Even the dumbest network administrator knows that critical infrastructure needs its own network, not connected (i.e.: air-gapped) with the Internet. Is this article an ad for McAfee?
1 / 5 (1) Jan 28, 2010
Or possibly another way to justify a money-grab for taxpayer dollars?
not rated yet Jan 29, 2010
Maybe the hackers actually physically get into the network at some power plant and do their work. Although that wouldn't work if they were from another country. But I don't think that this is an ad for McAfee.
not rated yet Jan 29, 2010
Hearing the news in the last few months lead me to think it's a peace of cake to read someones emails for any knowledgeable hacker no matter how reputed your email provider is(gmail, yahoo mail, hotmail...)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.