Hackers Make Furnace Impossible to Shutdown in German Steel Factory
The German Federal Office for Information Security (BSI) recently revealed that unidentified German steel plants were compromised for an indeterminate length of time, so much so that furnaces could not be shut down. On page 31 of a report issued by the agency, which is the equivalent of an Information Technology NSA for the German government, the Google-translation of the document reads:
The know-how of the attackers was not only in the field of conventional IT security [is] very pronounced, but extended on detailed knowledge on applied Industrial control and production processes.
Mystery Surrounds German Steel Factory Cyber Attack
The as-yet-unknown hackers used a sophisticated spear phishing method to gain entry. Subsequently they were able to take full control of various automated processes, including the aforementioned furnace which the plant was then unable to shut down. This could have been catastrophic in the case of an emergency.
Spear phishing is a method whereby the attacker targets specific individuals within an organization and gets them to click a link which then grants the attacker access to the same things the target has access to. It was famously employed by British intelligence to hack into Belgium’s largest telecommunications company, Belgacom.
One can only speculate as to what became of this attack. Given the overall secretive nature of the report – it does not specify which steel mill was victimized nor does it describe how the problem was detected or resolved – we can assume that they would not have reported it at all had it not been finally stopped. It could have gone on for a week, or it could have gone on for most of the year, for all we know. It is also unclear why the attack took place, with some speculating that it was Mafia or state-sponsored. There is always, in these cases, the possibility of a good-natured hacker simply wanting to prove to himself or his community that such a thing could be done.
As more and more of the world’s production facilities become automated, this kind of scenario gets to be a more common possibility, with less opportunities for human detection. Luckily, no lives were lost here, but what if it were something more sinister, like an intentional flaw inserted into the production of consumer cars or airplane parts?
No one knows for sure what the future holds, but we have to hope that our best and brightest find ways to avert disaster. We have to hope that incidences like this are used to learn from more than they are to expand government power, as may result from the American government reaction to the Sony Hack.
Images from Shutterstock.