Connect with us

Cybersecurity

Study: U.S. Power Grid Is Vulnerable to State-Sponsored Hackers

Published

on

All networks, equipment, and computers can be hacked. A smart coffee maker can be hacked. So too, can a power station that figures in the grid of an entire country. Are such threats overstated? Or, is there a genuine reason to be concerned?

Here’s the good news first. Malicious attackers haven’t pulled the plug to switch off the power from their remote locations. The bad news? It may be entirely possible that a group of ill-intending hackers may have gained the necessary blueprints and knowledge to do just that, after an investigation by the Associated Press revealed that cyber-attackers have systematically carved a hole to gain access to critical operation networks. These compromised networks can be manipulated in such a way that a small group of sophisticated hackers from halfway across the world could potentially unplug the electricity consumed by millions.

In a comprehensive investigation, AP amazed dozens of data sets, private analyses, government reports and over a hundred interviews to look at the cybersecurity infrastructure of the U.S. power grid. The findings make for grim reading.

The complete AP Investigation can be found here.

A Breach of Capline Power Corp

The discovery was first made by security researcher Brian Wallace from Cylance Inc, a cybersecurity firm. Wallace was looking into an incident wherein hackers had stolen the house files from a California-based university when he unwittingly discovered something far more diabolical and significant – the trail of a group of hackers who had gained access to networks housing the power grid of the United States.

Calpine Corporation is the largest generator of electricity from geothermal resources and natural gas in the U.S., with 83 power plants currently in operation in 18 states in the U.S. and Canada. When Wallace stumbled into the breach, he discovered FTP servers that contained a cache of nearly 20,000 stolen files. These files were gathered from thousands of computers from around the world and they also contained important documents from Calpine.

I saw a mention in our logs that the attackers stored their malware in some FTP servers online. It wasn’t even my job to look into it, but I just thought there had to be something more there.

Despite the discovery, Wallace had his priorities – tracking the attackers and figure out their next move and if possible, stop them. Staying up late into the night after being caffeinated became the norm while he worked on reverse-engineering malware that he found injected into the company’s FTP servers. It was months before he received a ping, alerting him of the attackers that he discovered were using IP addresses from Tehran, Iran.

With the ping, Wallace discovered the hackers deploying a Trojan malware called TinyZbot, a keylogger program that also took screenshots of the targeted computer’s screen and helped the hackers obtain backdoor access to the targets.

Wallace was persistent and stuck to the trail, trying to gather as much evidence as he could before finding what could conceivably be the hackers’ prized heist – a folder containing comprehensive, detailed engineer diagrams of Calpine’s power plants.

The investigation by AP also confirmed that usernames and passwords were included among the drawings, credentials that could be used by a malicious attacker to gain access to a critical firewall. The firewall performs a substantial role, one that separates Calpine’s communications network from its operations network. Sources attest to the fact that the blueprints also contain specific locations of devices inside the process control networks of power plants, devices that obtain critical information from power-generating equipment that’s fundamental to a plant’s operations.

With all of those above details, experts have confirmed that hackers could fundamentally breach the operations network of Calpine to shut down power generating stations to induce a blackout.

Remarkably, it was also discovered that the hackers lacked proper security measures themselves, as the stolen trove of information was discovered in seven unencrypted FTP servers. The FTP servers also revealed custom-authored malware that cloaked its originating computers’ locations. It was a small bunch of comments written in Persian that led investigators and Wallace to believe that the hackers are likely to be operating out of Iran.

As things stand, the deduction is still purely circumstantial, as U.S. officials could not confirm that Iran was categorically involved in the Calpine Corp breach.

Dark power grid

 

The investigation led by AP also revealed hackers to obtain:

  • Passwords and user names that could be used remotely to connect to Calpine’s two networks by the hackers.
  • Detailed blueprints. The investigation also revealed a total of 71 networks and power stations coast-to-coast between New York and California were found with detailed engineering drawings showing the exact locations of critical devices. These devices often relay and communicate with boilers, gas turbines and other vital equipment.
  • Information flow diagrams. Furthermore, diagrams showed the patterns and means through which plants relayed information back to the company’s virtual cloud. A man-in-the-middle attack could potentially see attackers gaining stealth access to this information.

A spokesman for Calpine, Brett Kerr, noted that the company’s information was stolen from a third-party contractor who had previous business ties with the power manufacturer. While Kerr admitted that the company was unaware of the breach until Wallace’s discovery, he claimed stolen diagrams and passwords to be ‘old’, as old as 2002 and will pose no threat. Independent cybersecurity experts polled by AP however, disagree.

During his investigation, Wallace discovered the hacking group to possess members physically located in Canada, Netherlands and the United Kingdom, besides Iran.

A Real Reason for Concern or an Overstated Gloomy Prediction?

This might not come as a surprise if you’re a regular reader of Hacked. The AP investigation revealed the Calpine breach –while significant—was hardly unique. Plenty of ‘top experts,’ the publication notes, who spoke on the condition of anonymity have confirmed that offshore hackers have gained plenty of remote access controls over the period of the past decade.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts.

While breaches affecting large masses of people such as the infamous cases of Ashley Madison and the OPM breaches gain more publicity, word of power plants being vulnerable or exploited in a cyber-attack rarely gets headlines. This is despite the potential outcome of the fallout of such a breach where hackers do take remote control of critical power infrastructure, a scenario that is arguably direr than a breach that could result in the identity theft of millions of citizens.

Although critical infrastructure breaches haven’t led to any blackouts yet, the underlying threat comes from the capabilities of hackers who have the means to engage in cyber warfare at a time of their choosing.

Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer explained:

If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information, it will make it a lot easier. It will also help them to stay quiet and stealthy inside.

There is the school of thought that threats against critical infrastructure are overstated. Taking down the power grid is no easy task. The power grid structure is designed in such a way that the constant flow of electricity is maintained, even when lines go down routinely for maintenance or other reasons.

Keith Alexander, the former director of the NSA who now heads a cybersecurity firm said:

The grid is a tough target, but a lucrative target. There is a constant, steady upbeat (in the growing number of sophisticated attacks). I see a rising tide.

Despite an increase in cybersecurity measures, there is no foolproof system to curb the threat of attackers gaining access to crucial systems. Two recent examples of intrusions adds to the above theory.

  • In summer 2014, a hacker took control of an unnamed utility provider’s wind far by simply using the anonymity software, Tor. Once the connection was established, the hacker was able to change the automatic voltage regulator for the wind farm from “automatic” to “manual.”
  • An operations supervisor working for a subsidiary of the largest power grid operator in the United States – American Electric Power, opened his personal email containing a zip attachment, on his work computer. As it turned out, he downloaded ransomware malware, unknowingly, in the form of CryptoLocker. Before any real damage was done, the AEP security team were able to wipe the supervisor’s computer clean.

Ransomware fundamentally encrypts all files and folders on a victim’s computer before demanding a ransom in return for the decrypting key required to gain access to the files again. If CryptoLocker found a tunnel connection from the work computer to AEP’s network, the outcome may have been catastrophic.

It’s notable that AEP’s power plants, equipment and sub stations, much like most big utilities are on an intranet network separating its in-house software with multiple layers of encryption and is also not accessible by the internet. This fundamental separation is a vital step to ensure attackers are kept at bay in their attempts to gain access to critical infrastructure.

Experts agree that knocking the power grid of a country offline would be a monumentally hard for hackers but the same naysayers who note that cybersecurity risks are exaggerated, also agree that it is entirely within the realm of possibility for hackers to knock sectors in the power grid offline.

A previous study by the Federal Energy Regulatory Commission claimed:

A coordinated attack on just nine critical power stations could cause a coast-to-coast blackout that could last months.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

1 Comment

1 Comment

  1. Naiyor Naiyor

    February 22, 2016 at 6:39 am

    This is a best way to have Education Consultants https://www.hsconsultants.net/

You must be logged in to post a comment Login

Leave a Reply

Cryptocurrencies

Crypto Pump and Dumps Have Generated $825 Million in Activity This Year: WSJ

Published

on

Price manipulation involving ‘pump and dump’ schemes are alive and well in the cryptocurrency market. According to new research by The Wall Street Journal, organized cryptocurrency groups have generated at least $825 million in trading activity over the past six months.

Pump Groups Thrive in Nascent Crypto Market

In a comprehensive review of trading data and online communications among crypto traders between January and July, WSJ identified 175 pump and dump schemes spanning 121 different coins. Among the 50 pumps with the biggest increase in price, nearly half had lost their value.

Among the dozen pump groups analyzed by WSJ, Big Pump Signal and its 74,000 Telegram followers have had the biggest impact on markets. The group engineered 26 pumps resulting in $222 million in trades.

Pump schemes have exploded over the past 18 months as initial coin offerings (ICOs) garnered mainstream attention. More than $12 billion has flowed into coin offerings since January 2017, according to ICOData.io, inviting a new form of speculation in markets that remain largely unregulated to this day.

Analysts say most pump and dumps following a similar pattern: the group announces a time and exchange for a pump; at the set time, traders execute the signal, creating a short-term buying frenzy; after a set time (usually a few minutes), the coin is sold for instant profit.

One of the biggest pumps in recent memory came in early July after Big Pump Signal commanded its followers to buy cloakcoin (CLOAK), an obscure cryptocurrency that purports to be “fully private, secure and untraceable.” After the call was made, CLOAK spiked 50% on Binance before plummeting more than 20% after two minutes.

Stopping the Fraud

Although the pump and dump is one of the oldest forms of market fraud, regulators have struggled to stem the practice. As WSJ reports, similar practices were banned in the 1930s, but that hasn’t stopped pump and dumps from proliferating at different points in history. Jordan Belfort, whose life was chronicled in the movie “Wolf of Wall Street,” pleaded guilty in 1999 for running pump and dumps costing investors more than $200 million.

The U.S. Securities and Exchange Commission (SEC) regularly deals with pump and dumps in the stock market, but has yet to bring a case involving cryptocurrencies. In the meantime, the U.S. Commodity Futures Trading Commission (CFTC) has offered a reward for anyone who warns the agency about potential pump and dump schemes involving cryptocurrencies.

“If you have original information that leads to a successful enforcement action that leads to monetary sanctions of $1 million or more, you could be eligible for a monetary award of between 10 percent and 30 percent,” a CFTC memo, released in February, read. That translates into a potential reward of at least $100,000.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 547 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Breaches

MyEtherWallet Compromised in Security Breach; Users Urged to Move Tokens

Published

on

Popular cryptocurrency service MyEtherWallet (MEW) is urging users to move their tokens after the platform succumbed to its second cyber attack of the year. As the company reported earlier, hackers targeted MEW’s popular VPN service in an attempt to steal cryptocurrency.

Hola VPN Users Compromised

Rather than target MEW directly, hackers took control of the Hola VPN service, which claims nearly 50 million users. For the next five hours, MEW users who had the Hola chrome extension installed and running on their computer were exposed.

MEW took to Twitter to urge users to move their funds immediately.

“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!” the company said. It added the following message shortly thereafter:”We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.”

At the time of writing, MEW’s Twitter feed had no further updates.

MyEtherWallet is used to access cryptocurrency wallets, where users can send and receive tokens from other people.

The company reportedly told TechCrunch that the attack originated from a Russian-based IP address.

“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day,” MEW said, as quoted by TechCrunch.

It’s not yet clear how many users were compromised in the attack or how much, if any, was stolen from their wallets. MEW suffered a similar incident in February after a DNS attack wiped out $365,000 worth of cryptocurrency from users’ accounts.

Cyber Attacks on the Rise

The attack on MEW came less than 24 hours after Hacked reported another major cyber breach involving Bancor, a decentralized cryptocurrency exchange. The security breach compromised roughly $23.5 million worth of digital currency, including Ethereum, NPXS and BNT, Bancor’s native token.

Last month, a pair of South Korean exchanges fell prey to cyber criminals, prompting local regulators to expedite their approval of new cryptocurrency laws.

It has been estimated that a total of $761 million has been stolen from cryptocurrency exchanges in the first half of the year, up from $266 million in all of 2017. That figure is expected to rise to $1.5 billion this year.

CipherTrace, the company behind the estimates, told Reuters last week that stolen cryptocurrencies are mainly used to launder money and aid criminals in concealing their identities.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 547 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Breaches

Mt. Gox vs. Bithumb: That Was Then, This Is Now

Published

on

Bithumb now shares something in common with the Tokyo-based shuttered bitcoin exchange Mt. Gox — both suffered a hack on about the same date, June 19. It’s a club that no exchange wants to belong to and that Bithumb happened on the seven-year anniversary of Mt. Gox’s maiden attack has to be more than an eerie coincidence.

It’s a stark reminder of the risks involved with keeping funds on an unregulated exchange, vulnerabilities that cost South Korea’s Bithumb some $36.6 million in digital cash and Mt. Gox $450 million in hacked bitcoin and its future. The Mt. Gox theft unfolded over a series of hacks that culminated in 2014. Though it’s still early on in the Bithumb hack, it appears the South Korean exchange will recover from the security breach. So what do we know now that we didn’t on June 19, 2011?

Then vs. Now

Former Coinbase official Nick Tomaino, who is also the founder of crypto fund 1 confirmation, reflected on the Mt. Gox hack in what proved to be a prescient tweet given the Bithumb attack that was about to surface.

The thing to note about Mt. Gox is that the Japan-based exchange in 2011 controlled most of the BTC trading volume, approximately three-quarters of it by average estimates — more if you ask Tomaino. Since bitcoin fever caught on in 2017, there are more than 500 cryptocurrency exchanges on which trading volume is shared. Binance boasts the highest trading volume and captures nearly 15% of bitcoin trading. It’s much less than Mt. Gox days but still a little high.

The other thing to note is that the Mt. Gox hack or actually hacks, as there were multiple attacks on the exchange over several years, was a mysterious event that was shrouded in controversy and mistrust of a key executive. Bithumb, on the other hand, confronted the hack seemingly right away on Twitter and has not let any grass grow under its feet in the interim, which is a key difference in the way Mt. Gox was handled.

Also, the bitcoin price didn’t tank in response to the Bithumb hack. It traded lower for a while, but less than 24 hours it was back in the green, which is a reflection of the fact that bitcoin trading is no longer dependent on a single exchange.

Charlie Lee, creator of Litecoin (LTC), the No. 6 cryptocurrency by market cap, was among the first to respond to the Bithumb hack. He tweeted:

Indeed, Bithumb does expect to be able to cover the losses via their reserves.

Crypto Security

It’s still early on in Bithumb’s security breach, and more details are sure to emerge in time. In the meantime, it’s a good idea to use the hack as an opportunity to examine the security of your cryptocurrency investment portfolio. There are several hardware wallet options out there for you to choose from — whether it’s Trezor or Ledger Nano S, to name a couple — and as Charlie Lee advised, “only keep on exchange coins that you are actively trading.”

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 36 rated postsGerelyn has been covering ICOs and the cryptocurrency market since mid-2017. She's also reported on fintech more broadly in addition to asset management, having previously specialized in institutional investing. She owns some BTC and ETH.




Feedback or Requests?

Continue Reading

5 of 15 Seats Available

Learn more here.

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending