Connect with us

Cybersecurity

Study: U.S. Power Grid Is Vulnerable to State-Sponsored Hackers

Published

on

All networks, equipment, and computers can be hacked. A smart coffee maker can be hacked. So too, can a power station that figures in the grid of an entire country. Are such threats overstated? Or, is there a genuine reason to be concerned?

// -- Discuss and ask questions in our community on Workplace.

Here’s the good news first. Malicious attackers haven’t pulled the plug to switch off the power from their remote locations. The bad news? It may be entirely possible that a group of ill-intending hackers may have gained the necessary blueprints and knowledge to do just that, after an investigation by the Associated Press revealed that cyber-attackers have systematically carved a hole to gain access to critical operation networks. These compromised networks can be manipulated in such a way that a small group of sophisticated hackers from halfway across the world could potentially unplug the electricity consumed by millions.

In a comprehensive investigation, AP amazed dozens of data sets, private analyses, government reports and over a hundred interviews to look at the cybersecurity infrastructure of the U.S. power grid. The findings make for grim reading.

The complete AP Investigation can be found here.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

A Breach of Capline Power Corp

The discovery was first made by security researcher Brian Wallace from Cylance Inc, a cybersecurity firm. Wallace was looking into an incident wherein hackers had stolen the house files from a California-based university when he unwittingly discovered something far more diabolical and significant – the trail of a group of hackers who had gained access to networks housing the power grid of the United States.

Calpine Corporation is the largest generator of electricity from geothermal resources and natural gas in the U.S., with 83 power plants currently in operation in 18 states in the U.S. and Canada. When Wallace stumbled into the breach, he discovered FTP servers that contained a cache of nearly 20,000 stolen files. These files were gathered from thousands of computers from around the world and they also contained important documents from Calpine.

I saw a mention in our logs that the attackers stored their malware in some FTP servers online. It wasn’t even my job to look into it, but I just thought there had to be something more there.

Despite the discovery, Wallace had his priorities – tracking the attackers and figure out their next move and if possible, stop them. Staying up late into the night after being caffeinated became the norm while he worked on reverse-engineering malware that he found injected into the company’s FTP servers. It was months before he received a ping, alerting him of the attackers that he discovered were using IP addresses from Tehran, Iran.

With the ping, Wallace discovered the hackers deploying a Trojan malware called TinyZbot, a keylogger program that also took screenshots of the targeted computer’s screen and helped the hackers obtain backdoor access to the targets.

Wallace was persistent and stuck to the trail, trying to gather as much evidence as he could before finding what could conceivably be the hackers’ prized heist – a folder containing comprehensive, detailed engineer diagrams of Calpine’s power plants.

The investigation by AP also confirmed that usernames and passwords were included among the drawings, credentials that could be used by a malicious attacker to gain access to a critical firewall. The firewall performs a substantial role, one that separates Calpine’s communications network from its operations network. Sources attest to the fact that the blueprints also contain specific locations of devices inside the process control networks of power plants, devices that obtain critical information from power-generating equipment that’s fundamental to a plant’s operations.

With all of those above details, experts have confirmed that hackers could fundamentally breach the operations network of Calpine to shut down power generating stations to induce a blackout.

Remarkably, it was also discovered that the hackers lacked proper security measures themselves, as the stolen trove of information was discovered in seven unencrypted FTP servers. The FTP servers also revealed custom-authored malware that cloaked its originating computers’ locations. It was a small bunch of comments written in Persian that led investigators and Wallace to believe that the hackers are likely to be operating out of Iran.

As things stand, the deduction is still purely circumstantial, as U.S. officials could not confirm that Iran was categorically involved in the Calpine Corp breach.

Dark power grid

 

The investigation led by AP also revealed hackers to obtain:

  • Passwords and user names that could be used remotely to connect to Calpine’s two networks by the hackers.
  • Detailed blueprints. The investigation also revealed a total of 71 networks and power stations coast-to-coast between New York and California were found with detailed engineering drawings showing the exact locations of critical devices. These devices often relay and communicate with boilers, gas turbines and other vital equipment.
  • Information flow diagrams. Furthermore, diagrams showed the patterns and means through which plants relayed information back to the company’s virtual cloud. A man-in-the-middle attack could potentially see attackers gaining stealth access to this information.

A spokesman for Calpine, Brett Kerr, noted that the company’s information was stolen from a third-party contractor who had previous business ties with the power manufacturer. While Kerr admitted that the company was unaware of the breach until Wallace’s discovery, he claimed stolen diagrams and passwords to be ‘old’, as old as 2002 and will pose no threat. Independent cybersecurity experts polled by AP however, disagree.

During his investigation, Wallace discovered the hacking group to possess members physically located in Canada, Netherlands and the United Kingdom, besides Iran.

A Real Reason for Concern or an Overstated Gloomy Prediction?

This might not come as a surprise if you’re a regular reader of Hacked. The AP investigation revealed the Calpine breach –while significant—was hardly unique. Plenty of ‘top experts,’ the publication notes, who spoke on the condition of anonymity have confirmed that offshore hackers have gained plenty of remote access controls over the period of the past decade.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts.

While breaches affecting large masses of people such as the infamous cases of Ashley Madison and the OPM breaches gain more publicity, word of power plants being vulnerable or exploited in a cyber-attack rarely gets headlines. This is despite the potential outcome of the fallout of such a breach where hackers do take remote control of critical power infrastructure, a scenario that is arguably direr than a breach that could result in the identity theft of millions of citizens.

Although critical infrastructure breaches haven’t led to any blackouts yet, the underlying threat comes from the capabilities of hackers who have the means to engage in cyber warfare at a time of their choosing.

Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer explained:

If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information, it will make it a lot easier. It will also help them to stay quiet and stealthy inside.

There is the school of thought that threats against critical infrastructure are overstated. Taking down the power grid is no easy task. The power grid structure is designed in such a way that the constant flow of electricity is maintained, even when lines go down routinely for maintenance or other reasons.

Keith Alexander, the former director of the NSA who now heads a cybersecurity firm said:

The grid is a tough target, but a lucrative target. There is a constant, steady upbeat (in the growing number of sophisticated attacks). I see a rising tide.

Despite an increase in cybersecurity measures, there is no foolproof system to curb the threat of attackers gaining access to crucial systems. Two recent examples of intrusions adds to the above theory.

  • In summer 2014, a hacker took control of an unnamed utility provider’s wind far by simply using the anonymity software, Tor. Once the connection was established, the hacker was able to change the automatic voltage regulator for the wind farm from “automatic” to “manual.”
  • An operations supervisor working for a subsidiary of the largest power grid operator in the United States – American Electric Power, opened his personal email containing a zip attachment, on his work computer. As it turned out, he downloaded ransomware malware, unknowingly, in the form of CryptoLocker. Before any real damage was done, the AEP security team were able to wipe the supervisor’s computer clean.

Ransomware fundamentally encrypts all files and folders on a victim’s computer before demanding a ransom in return for the decrypting key required to gain access to the files again. If CryptoLocker found a tunnel connection from the work computer to AEP’s network, the outcome may have been catastrophic.

It’s notable that AEP’s power plants, equipment and sub stations, much like most big utilities are on an intranet network separating its in-house software with multiple layers of encryption and is also not accessible by the internet. This fundamental separation is a vital step to ensure attackers are kept at bay in their attempts to gain access to critical infrastructure.

Experts agree that knocking the power grid of a country offline would be a monumentally hard for hackers but the same naysayers who note that cybersecurity risks are exaggerated, also agree that it is entirely within the realm of possibility for hackers to knock sectors in the power grid offline.

A previous study by the Federal Energy Regulatory Commission claimed:

A coordinated attack on just nine critical power stations could cause a coast-to-coast blackout that could last months.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

1 Comment

1 Comment

  1. Naiyor Naiyor

    February 22, 2016 at 6:39 am

    This is a best way to have Education Consultants https://www.hsconsultants.net/

You must be logged in to post a comment Login

Leave a Reply

Breaches

Skepticism Grows Over BitGrail’s Supposed $167 Million Hack

Published

on

A relatively unknown cryptocurrency exchange by the name of BitGrail has informed its users of a coordinated cyber attack targeting Nano (XRB) tokens. However, the incident does not appear to be holding up to scrutiny after the founder of the exchange made an odd request to the developers of Nano shortly after discovering the alleged theft.

// -- Discuss and ask questions in our community on Workplace.

BitGrail Exchange Allegedly Compromised

The Italian exchange issued a notice to its clients last week informing them that 17 million XRB tokens were compromised in a cyber attack. The XRB token, formerly known known as Raiblocks, is valued at $9.80 at the time of writing for a total market cap of $1.3 billion. That puts the total monetary loss of the supposed heist at nearly $167 million.

Parts of the notice have been translated into English from the original Italian by Tech Crunch, a media company dedicated to startups and technology news. According to the agency,  BitGrail has stated the following:

“… Internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by BitGrail… Today a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The notice indicated that all transactions have been put on hold until authorities complete their investigation.

Very little is known about BitGrail, as it is not listed among the 183 exchanges whose volume is ranked by CoinMarketCap.

Suspicion Grows

Unlike other crypto heists, the circumstances surrounding the alleged BitGrail attack have been met with widespread suspicion. As David Z. Morris of Fortune rightly notes, this isn’t the first time BitGrail has suspended Nano withdrawals. The same thing happened in early January when the exchange halted not only Nano, but Lisk and CryptoForecast transactions as well.

The suspension was followed by an announcement that the exchange was taking measured steps to verify users and enforce anti-money laundering requirements. It was around this time that users became suspicious that BitGrail was going to cut and run with their tokens.

BitGrail founder Francesco Firano made an unusual request to the developers of Nano following the alleged attack: he asked them to fork their record, a move that would essentially restore the stolen funds.

Nano officially rejected the request on Friday, the day after Firano supposedly discovered the stolen coins. In a post that appeared on the Nano Medium page, the team said:

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Last month, hackers made off with more than $400 million worth of NEM tokens stolen from Coincheck, a Japan-based cryptocurrency exchange. The coins have yet to be recovered and the perpetrators remain at large. In 2014, a cyber heist brought down Mt Gox, which was the world’s largest exchange.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 155 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

ICO

ICO Analysis: Serenity

Published

on

During the past few decades, internet connectivity and technological advancement evolved rapidly to satisfy a large spectrum of the digital consumer crowd up to and including finance. The demand for online stock exchange, currency trading and investing has led to the development of thousands of online brokerage platforms and systems all over the globe. However, the lack of regulations when it comes to security and protection exposes the current online market with almost 90% of the platforms being unregulated. This environment attracts ‘scammers’ and creates unhealthy manipulative situations in the sphere, impacting both traders and companies that are involved in the digital markets. Here comes Serenity with an attempt to change that for good.

// -- Discuss and ask questions in our community on Workplace.

Serenity’s financial services promise to create an independent marketplace based on smart contracts, where trading records will be transparent and monitored by a blockchain based platform. Blockchain guarantees transparency and lack of affiliation in order to secure traders from misuse of their funds by centralized exchange markets.

In addition to a secure trading environment, Serenity will allow users to buy, sell and exchange CFDs, futures, cryptocurrencies and even shares for cryptocurrencies all in a decentralized fashion, recorded and monitored by the blockchain in order to avoid the possibility of counterfeiting.

Over the last decade, the online trading process has not changed at all. Forex based exchanges attract popularity due to the lack of regulations while at the same time putting traders’ funds at risk since most of these platforms are not transparent (as we have observed, they can influence their users’ actions, freeze their accounts or deny a withdraw request at any time). Only 10% of the online broker companies have a license to provide intermediary services in the financial sector due to the complicated and expensive procedure that can cost from $200,000 to several millions per company, a sum most are not willing to pay. Serenity plans to radically change that approach by creating a transparent regulatory system powered by the modern blockchain technologies.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The Token

The SRNT token, the native currency of the Serenity financial platform, will be used to purchase, sell, exchange and withdraw digital assets within the platform that will consist of a pool of brokers. After the token sale, the user is free to transfer their SRNT into external exchanges in order to trade them for possible pairs of digital assets which the platform might not support at the moment.

At the pre-ICO, the SRNT token will have a 50% discount and then a 40% to 10% discount during the public sale that will run until March 7.

According to a spokesman for the company, the total token supply will be 400,000,000 SRNT. Anything that will be left behind after the prementioned deadline will be burned. As for the circulating supply, it is not yet fixed and it will be composed after the token sale.

The spokesman tells us that 3% of the funding will be used for bounty rewards and 12% is reserved for the team. As for the rest, we must wait for further official announcements that will take place after the token sale.

Team

At first glance, we can already see a professional team with years of experience in the field. In  words, Serenity is not just another cryptocurrency platform made by GitHub coders.

Project co-founder Stanislav Vaneev is the CEO and founder of Grand Capital, an international level financial services company that has a monthly turnover of $6 billion USD and serves over 300,000 clients worldwide. Anton Vasin (co-founder & COO), has more than a decade of experience in the forex sphere and is also the head of risk hedging department. Denis Kulagin (CEO) is a marketing expert for multiple forex companies in China, Indonesia, Vietnam, and India. Vasiliy Alexeev (CTO) is the man behind UpTrader, a global provider of software for brokers. His ten years of experience are also focused on marketing and product development for various Forex companies.

The list goes on and from what we can see here, Serenity has a legit team with solid financial background and not just a ‘collage‘ of individuals that want to enter the blockchain game.

Verdict

In general, more than 6,000 brokers provide online exchange services using MetaTrader platforms. According to industry statistics, around 4 million traders use their platforms on a daily basis. As mentioned before, only a small percent of these companies are actually regulated and can guarantee a risk-free relationship.

Serenity is the first cryptocurrency focused exchange market that will be regulated and at the same time provide traders the ability to invest in broader options such as CFDs and futures.

Of course, regulations could mean that anonymity will be gone, which was the main reason people invested in cryptocurrencies in the first place. At the same time, this is important for professional traders who make a living out of official and licensed exchange markets. Don’t forget that regulations are unavoidable and they are necessary to establish a trusted relationship between governmental institutions and the crypto sphere.

Risks

  • Taking a look at the Serenity whitepaper can leave more questions than answers, as we had to personally seek assistance from the team in order to understand their token system and other core features. It is not an easy model to understand. -3
  • We still don’t know what 85% of the total funds will be used for and how the distribution benefits the investor or trader on an immediate scale. -3
  • Many new cryptocurrency-focused markets ‘pop up’ every couple of months, but none of them can actually compete with already established titans like Binance, Bitfinex, Bittrex etc. The Serenity team looks great but they will have to prove their unique approach with actual numbers before the end of the year. -1

Growth Opportunity

  • After multiple cases, including the recent DDOS attack on Binance and the attack on the Japanese exchange market Coincheck, a transparent and professional market is needed as soon as possible. This gives Serenitt a golden opportunity to make.a big difference. +4
  • Platforms like Bitfinex already set a minimum deposit of $10,000 USD for new accounts and it is most likely that more exchanges will follow with similar internally generated ‘rules’. If cryptocurrency platforms want to stay under the radar and have a nice flow with their respective governments, they will eventually have to be regulated. Serenity solves that issue from the outset. +3
  • Most online cryptocurrency exchange markets give you the option to exchange between several preset pairs of cryptocurrencies and only with other cryptocurrencies supported by each individual platform respectively. Serenity gives users the option to change their cryptocurrencies into fiat, CFDs or even futures all inside one platform. +4

Disposition

The Serenity team might have some good contacts in the forex scene and Mr. Vaneev’s own Grand Capital has already 300,000 active users that would possible join the new venture, but we must not underestimate “traditional” cryptocurrency markets like Binance which managed to raise 6 million active users in a matter of months.

Serenity can really be a revolutionary step in combining cryptocurrencies with traditionally regulated markets but we must not forget that people choose cryptocurrencies in order to avoid regulations and transparency.

A score of 4 out of 10 is reserved for Serenity, based on present facts.

Investment Details

  • Type: Crowdsale
  • Symbol: SRNT
  • Pre-Sale: Concluded
  • Public Sale: January 25th-March 7th, 2018
  • Payments Accepted: ETH (KYC Required)

Disclaimer: The writer has no position in Serenity at the time of writing.

Featured image courtesy of Shutterstock. 

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 5 (1 votes, average: 1.00 out of 5)
You need to be a registered member to rate this.
Loading...

2.9 stars on average, based on 6 rated posts




Feedback or Requests?

Continue Reading

Cybersecurity

Bee Token ICO Targeted With $1 Million Phishing Scam

Published

on

The Bee Token ICO was derailed Thursday, a mere 25 hours after launch, as criminals made off with nearly $1 million in an apparent phishing scam.

// -- Discuss and ask questions in our community on Workplace.

ICO Heist

The highly anticipated Bee Token crowdsale was the target of a phishing scam on Thursday, with hackers luring hundreds of unsuspecting investors over email and Telegram. The company, which launched its crowdraise on Jan. 31, had repeatedly warned investors to be weary of fake URLs designed to siphon their funds. Bee Token also warned investors to ignore any communications claiming to represent the company.

Those warnings were echoed in a Jan. 31 tweet from the official @thebeetoken handle:

“Please do not fund ETH to addresses that have the following warning: “Warning! There are reports that this address was used in a (BeeToken) Phishing scam.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The company has since issued a second security announcement through its Medium blog, where it said there is only one funding address and one mode of communication with investors. The blog post read:

“The Funding Address can only be found at https://tokensaleinfo.beetoken.com. The Funding Address will not be communicated via any other means. Any other address should be considered fraudulent.”

Bee Token is a home sharing platform that connects hosts and guests over a decentralized network. Its aim is to disrupt the fast-growing sharing economy by offering lower transaction fees and better incentives without the middleman.

Hacked conducted an ICO Analysis of Bee Token last month, with the project receiving a 7.5 out of 10. That puts it among the strongest ICO candidates we’ve ever reviewed.

At the time of writing, the project had raised $4.6 million with more than 26 days left to go.

ICO Theft on the Rise

Funds raised via ICO have become more attractive for cyber criminals wishing to capitalize on the booming cryptocurrency market. According to a recently published report by big-five consulting firm Ernst & Young, 10% of the ICO funds generated in 2017 have been stolen by hackers. That represents a monetary value of nearly $400 million, based on the metric used in the study.

Cryptocurrency exchanges have long been subject to security breaches, with dozens of platforms losing billions since 2014. Tokyo-based Coincheck was recently subject to the biggest crypto heist of all time after attackers diverted 500 million NEM tokens to their accounts. The thieves have since tried to unload the coins on at least six international exchanges. Their identity or whereabouts have not been verified.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 155 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending