Connect with us

Cybersecurity

Study: U.S. Power Grid Is Vulnerable to State-Sponsored Hackers

Published

on

All networks, equipment, and computers can be hacked. A smart coffee maker can be hacked. So too, can a power station that figures in the grid of an entire country. Are such threats overstated? Or, is there a genuine reason to be concerned?

Here’s the good news first. Malicious attackers haven’t pulled the plug to switch off the power from their remote locations. The bad news? It may be entirely possible that a group of ill-intending hackers may have gained the necessary blueprints and knowledge to do just that, after an investigation by the Associated Press revealed that cyber-attackers have systematically carved a hole to gain access to critical operation networks. These compromised networks can be manipulated in such a way that a small group of sophisticated hackers from halfway across the world could potentially unplug the electricity consumed by millions.

In a comprehensive investigation, AP amazed dozens of data sets, private analyses, government reports and over a hundred interviews to look at the cybersecurity infrastructure of the U.S. power grid. The findings make for grim reading.

The complete AP Investigation can be found here.

A Breach of Capline Power Corp

The discovery was first made by security researcher Brian Wallace from Cylance Inc, a cybersecurity firm. Wallace was looking into an incident wherein hackers had stolen the house files from a California-based university when he unwittingly discovered something far more diabolical and significant – the trail of a group of hackers who had gained access to networks housing the power grid of the United States.

Calpine Corporation is the largest generator of electricity from geothermal resources and natural gas in the U.S., with 83 power plants currently in operation in 18 states in the U.S. and Canada. When Wallace stumbled into the breach, he discovered FTP servers that contained a cache of nearly 20,000 stolen files. These files were gathered from thousands of computers from around the world and they also contained important documents from Calpine.

I saw a mention in our logs that the attackers stored their malware in some FTP servers online. It wasn’t even my job to look into it, but I just thought there had to be something more there.

Despite the discovery, Wallace had his priorities – tracking the attackers and figure out their next move and if possible, stop them. Staying up late into the night after being caffeinated became the norm while he worked on reverse-engineering malware that he found injected into the company’s FTP servers. It was months before he received a ping, alerting him of the attackers that he discovered were using IP addresses from Tehran, Iran.

With the ping, Wallace discovered the hackers deploying a Trojan malware called TinyZbot, a keylogger program that also took screenshots of the targeted computer’s screen and helped the hackers obtain backdoor access to the targets.

Wallace was persistent and stuck to the trail, trying to gather as much evidence as he could before finding what could conceivably be the hackers’ prized heist – a folder containing comprehensive, detailed engineer diagrams of Calpine’s power plants.

The investigation by AP also confirmed that usernames and passwords were included among the drawings, credentials that could be used by a malicious attacker to gain access to a critical firewall. The firewall performs a substantial role, one that separates Calpine’s communications network from its operations network. Sources attest to the fact that the blueprints also contain specific locations of devices inside the process control networks of power plants, devices that obtain critical information from power-generating equipment that’s fundamental to a plant’s operations.

With all of those above details, experts have confirmed that hackers could fundamentally breach the operations network of Calpine to shut down power generating stations to induce a blackout.

Remarkably, it was also discovered that the hackers lacked proper security measures themselves, as the stolen trove of information was discovered in seven unencrypted FTP servers. The FTP servers also revealed custom-authored malware that cloaked its originating computers’ locations. It was a small bunch of comments written in Persian that led investigators and Wallace to believe that the hackers are likely to be operating out of Iran.

As things stand, the deduction is still purely circumstantial, as U.S. officials could not confirm that Iran was categorically involved in the Calpine Corp breach.

Dark power grid

 

The investigation led by AP also revealed hackers to obtain:

  • Passwords and user names that could be used remotely to connect to Calpine’s two networks by the hackers.
  • Detailed blueprints. The investigation also revealed a total of 71 networks and power stations coast-to-coast between New York and California were found with detailed engineering drawings showing the exact locations of critical devices. These devices often relay and communicate with boilers, gas turbines and other vital equipment.
  • Information flow diagrams. Furthermore, diagrams showed the patterns and means through which plants relayed information back to the company’s virtual cloud. A man-in-the-middle attack could potentially see attackers gaining stealth access to this information.

A spokesman for Calpine, Brett Kerr, noted that the company’s information was stolen from a third-party contractor who had previous business ties with the power manufacturer. While Kerr admitted that the company was unaware of the breach until Wallace’s discovery, he claimed stolen diagrams and passwords to be ‘old’, as old as 2002 and will pose no threat. Independent cybersecurity experts polled by AP however, disagree.

During his investigation, Wallace discovered the hacking group to possess members physically located in Canada, Netherlands and the United Kingdom, besides Iran.

A Real Reason for Concern or an Overstated Gloomy Prediction?

This might not come as a surprise if you’re a regular reader of Hacked. The AP investigation revealed the Calpine breach –while significant—was hardly unique. Plenty of ‘top experts,’ the publication notes, who spoke on the condition of anonymity have confirmed that offshore hackers have gained plenty of remote access controls over the period of the past decade.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts.

While breaches affecting large masses of people such as the infamous cases of Ashley Madison and the OPM breaches gain more publicity, word of power plants being vulnerable or exploited in a cyber-attack rarely gets headlines. This is despite the potential outcome of the fallout of such a breach where hackers do take remote control of critical power infrastructure, a scenario that is arguably direr than a breach that could result in the identity theft of millions of citizens.

Although critical infrastructure breaches haven’t led to any blackouts yet, the underlying threat comes from the capabilities of hackers who have the means to engage in cyber warfare at a time of their choosing.

Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer explained:

If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information, it will make it a lot easier. It will also help them to stay quiet and stealthy inside.

There is the school of thought that threats against critical infrastructure are overstated. Taking down the power grid is no easy task. The power grid structure is designed in such a way that the constant flow of electricity is maintained, even when lines go down routinely for maintenance or other reasons.

Keith Alexander, the former director of the NSA who now heads a cybersecurity firm said:

The grid is a tough target, but a lucrative target. There is a constant, steady upbeat (in the growing number of sophisticated attacks). I see a rising tide.

Despite an increase in cybersecurity measures, there is no foolproof system to curb the threat of attackers gaining access to crucial systems. Two recent examples of intrusions adds to the above theory.

  • In summer 2014, a hacker took control of an unnamed utility provider’s wind far by simply using the anonymity software, Tor. Once the connection was established, the hacker was able to change the automatic voltage regulator for the wind farm from “automatic” to “manual.”
  • An operations supervisor working for a subsidiary of the largest power grid operator in the United States – American Electric Power, opened his personal email containing a zip attachment, on his work computer. As it turned out, he downloaded ransomware malware, unknowingly, in the form of CryptoLocker. Before any real damage was done, the AEP security team were able to wipe the supervisor’s computer clean.

Ransomware fundamentally encrypts all files and folders on a victim’s computer before demanding a ransom in return for the decrypting key required to gain access to the files again. If CryptoLocker found a tunnel connection from the work computer to AEP’s network, the outcome may have been catastrophic.

It’s notable that AEP’s power plants, equipment and sub stations, much like most big utilities are on an intranet network separating its in-house software with multiple layers of encryption and is also not accessible by the internet. This fundamental separation is a vital step to ensure attackers are kept at bay in their attempts to gain access to critical infrastructure.

Experts agree that knocking the power grid of a country offline would be a monumentally hard for hackers but the same naysayers who note that cybersecurity risks are exaggerated, also agree that it is entirely within the realm of possibility for hackers to knock sectors in the power grid offline.

A previous study by the Federal Energy Regulatory Commission claimed:

A coordinated attack on just nine critical power stations could cause a coast-to-coast blackout that could last months.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

1 Comment

1 Comment

  1. Naiyor Naiyor

    February 22, 2016 at 6:39 am

    This is a best way to have Education Consultants https://www.hsconsultants.net/

You must be logged in to post a comment Login

Leave a Reply

Altcoins

Monero Price Analysis: Stronger Malware to Mine Monero; XMR/USD Has Room for Another Potential Squeeze South

Published

on

  • Researchers: a stronger malware has been uncovered, which can mine Monero.
  • XMR/USD price action remains stuck in a narrowing range, subject to an imminent breakout.

The XMR/USD price has seen some upside on Saturday, holding gains of around 3% towards the latter stages of the day. Despite the press higher from the bulls, a move which has been observed across the cryptocurrency market, vulnerabilities remain. Price action has been ranging for the past nine sessions. Once again, this isn’t specifically just XMR, as this type of behavior is witnessed across the board. The narrowing in play came after the steep drop that rippled across the market on 10th January.

Price action was initially well-supported to the upside by an ascending trend line, which was in play from 15th December. This at the time was a very promising recovery, as XMR/USD had gained as much as 55%. Unfortunately, however, the bulls were unable to break down supply heading into the $60 region and were eventually dealt a big hammer blow. On 10th January, the market bears forced a heavy breach to the downside, smashing through this support. The price had dropped a big double-digits, some 20%.

Stronger Malware Mining Monero (XMR)

There is a dangerous form of malware that can bypass being detected and mine Monero (XMR) on cloud-based servers. A recent notice was put out by Palo Alto Networks’ Unit 42, an intelligence team that specializes in cyber threats, regarding a Linux mining malware. This was detailed to have been developed by Rocke group, which has the ability uninstall cloud security products. It can do this to the likes of Alibaba Cloud and Tencent Cloud, to then illegally mine Monero on compromised machines.

The two researchers from Palo Alto Networks, Xingyu Jin and Claud Xiao, detailed the findings of their studies. Once the malware is downloaded, it takes administrative control to initially uninstall all cloud security products. Shortly after, it will then then transmit code that will mine the Monero (XMR). Further within their press release, they said, “To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products.”

Technical Review – XMR/USD

XMR/USD daily chart.

Given the current range block formation, eyes should be on the key near-term technical areas. Firstly, to the downside, $43, which is the lower part of the range. A breach here will likely see a retest of the December low, $38. To the upside, resistance be observed at around the mid $46 level. Should a breakout be observed here, then a potential retest of the broken trend line will be watched.

Disclaimer: The author owns Bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 125 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Dash 51% Attack Fears Cooled as Core Dev Group Suggest Benevolent Miner

Published

on

Dash investors may have been starting to question the security of their holdings in light of Ethereum Classic’s (ETC) recent attack, and the subsequent fallout which revealed Dash’s own vulnerability to 51% attacks.

Three addresses, all controlled by the same user, were in control of more than 51% of the Dash mining hashrate, as reported on CCN a few days ago. On top of that, over 74% of the entire Dash hashrate was accessible via Nicehash – a cloud-mining marketplace – where it could be purchased for as little as $3,104 per hour.

Hashing Power Removed from Nicehash

As of Saturday’s statement by the Dash Core Group, the same individual still controls the majority of the Dash hashrate. However, the group pointed out that since the news concerning a 51% attack broke out earlier this week, the individual has begun to remove their hashing power from Nicehash, and spread it around separate mining pools.

The team stated clearly that they do not believe the miner in question to be malicious:

“…we don’t believe the entity in control of the wallets in question plans or wants to attack because their mining activities began at least 4 months ago and their blocks have been published for all to see.”

The group believe the sudden removal of hashing power from Nicehash – as shown above – is a signal of benevolent intentions on the part of the miner. As a major holder of Dash, they reason that the miner would want to secure the network as best they could.

“This removes the risk of a malicious party renting the hashing power via NiceHash and simultaneously signals that the entity in control of the hashing power does not have negative intent. We believe the miner behind the hashing power was made aware by the same info we discovered online and quickly moved to more protected pools as they appear to be a major stakeholder of Dash.”

Future Proof?

The announcement ends with a look to the future in the form of Dash’s upcoming ChainLocks technology. To be implemented in an as yet unspecified future update, ChainLocks will unite the mining layer with that of the Dash’s masternodes.

This means that a 51% attacker would also have to secure a majority of the blockchain’s masternodes to execute their plans. More can be read on ChainLocks here.

Dash Coin Price

Almost mid-way through the first month of 2019, Dash has recovered 26% of its value since the market lows of mid-December. That’s when one unit of DASH was valued at $58.27 – a 96% decline since December 2017.

Dash’s 26% recovery in the past month still leaves the coin 95% off its all-time high. As of Saturday the coin had settled down along with the broader market, after a sharp 17.5% decline 48 hours before.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 147 rated postsGreg Thomson is a full-time crypto writer and digital nomad. He eats ICOs for breakfast and bleeds altcoins. Wherever he lays his public key is his home.




Feedback or Requests?

Continue Reading

Cryptocurrencies

Where to Store Your Crypto?

Published

on

By

Storing crypto on virtual exchanges has some inherent security risks that have been exploited by hackers and cyber criminals. This article will touch upon this important topic and provide you with alternative methods in which to store your digital assets.

Cold and Hot Wallets

The main thing in cryptocurrency storage is the private key and who has access to it.

Cold storage wallets operate offline and without a constant internet connection. If your key is not on the Internet, then it is much more difficult to steal.

A hot storage wallet is a wallet with constant connection to the Internet.

So, all storage options can be distinguished by the following criteria:

  1. private keys are kept by you or by third parties.
  2. without internet connection or with internet connection

A cold storage wallet with a private key is considered the most reliable storage option. Such a wallet is suitable for long-term storage of large amounts. However, it is not convenient if, for example, you do trading and need access to your wallet for transferring small amounts.

Hardware Wallets

hardware wallets like Ledger, Trezor, Pi Wallet, Keepkey, Opendime, Bitlox, etc. have a flash drive within the software without an internet connection. You can connect to the Internet only when sending a transaction. You need to confirm the transaction physically, from the device itself. This is a “cold” method of storage without an internet connection (connection only at the time of the transaction). The user keeps private keys.

Paper Wallets

This method of storage will be also convenient for you if you want to conserve your funds for an extended period. In offline mode, you can generate a public and private key. For example, if you are using the service walletgenerator.net it will transfer those keys in the form of a QR-code, which can be printed and stored by you.

Physical Bitcoin Wallet

A physical bitcoin wallet has almost the same properties as a paper wallet. Encrypted bitcoins cannot be spent until the seal protecting the secret key has been broken. However, the security of the seal is not considered very reliable.

Desktop Offline Wallets.

There are also two main types of offline wallets:

  1. Wallets, where the user is the only one with the access to private keys. You can install such wallets on a personal computer as a separate program. As a rule, these are the wallets from the developers of that cryptocurrency. For example, Bitcoin Core. Litecoin Core, Mist, etc. Such wallets are also called “heavy” wallets since during installation they take up quite a lot of space (for example, you will have to free up at least 200 GB for a Bitcoin wallet in 2018). When installing such wallets on laptops flash drives that are disconnected from the Internet can also be called “cold” wallets. In general, they are also considered safe.
  2. The so-called “light” offline wallets. These are desktop wallets that allow you to store cryptocurrency without downloading its full registry to a bunch of gigabytes. Some of them give you private keys and the ability to restore a lost wallet at any time using seed phrases. There is a drawback – they do not always contain the full version of the blockchain, and sometimes won’t show up-to-date transaction information. Examples of such a wallet are Electrum and Armory.

Light wallets can be multi-currency, with a built-in internal exchange for example Exodus. Its private keys can also be restored using seed-phrases. However, inside such wallets, not only you but also developers have access to your private keys.

It is also worth to mention an essential aspect of light wallets, which are open source code. If something happens to the wallet, then it will be only possible to restore the wallet using the seed phrase only if the function is restored.

As a conclusion on cold wallets, I can say that their main advantage is reliability and security, and the main drawback is that it is difficult to move cryptocurrencies quickly. Therefore, cold wallets are suitable for long-term storage. For everyday transactions, hot wallets are the best. The exceptions are some hardware wallets that are compatible with online cryptocurrency storage and exchange services.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.9 stars on average, based on 43 rated postsVladislav Semjonov has a legal and financial background. He has been involved in crypto space since early 2017 in both ICO advising positions in several ICO consultancy firms, and as an ICO analyst for VC. He began contributing for Hacked.com in April 2017.




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending