It is an undeniable fact that almost every network, computer, and equipment can be hacked. From a smart coffee maker to a full-fledged power grid station, everything is hackable, reveals a study conducted by the Associated Press (AP).
In its comprehensive investigation the AP concluded, after analyzing dozens of data sets, government reports, private analysis and over a hundred interviews regarding the cyber security infrastructure of the US power grid, that there was every reason to be concerned.
AP revealed that cyber-attackers have managed to carve a hole systematically to acquire access to operation networks of a critical nature. They need to compromise sensitive networks to manipulate them so that even from halfway across the world they could potentially deprive millions of consumers of electricity.
Calpine Power Corp Breach
A security researcher from a cybersecurity firm Cylance Inc, Brian Wallace, firstly identified the breach while evaluating an incident wherein a California-based university’s house files were stolen by hackers. Wallace unwittingly learned something much more important; he traced a group of hackers who acquired access to networks housing the United States’ power grid Calpine Corp.
Calpine Corporation is the United States’ primary and largest electricity generating station with 83 power plants in operation currently in 18 states across the US and Canada. The plant utilizes geothermal and natural gas resources to create electricity.
When Wallace discovered this breach, he also found a trace of FTP servers containing a cache of around 20,000 stolen files, which were gathered from thousands of computers from across the globe. Some important documents of Calpine were also in those stolen files.
“I saw a mention in our logs that the attackers stored their malware in some FTP servers online. It wasn’t even my job to look into it, but I just thought there had to be something more there,” states Wallace.
Wallace then tracked those cybercriminals behind the hack in the quest of figuring out their next move and to try to thwart their efforts. He worked on the reverse-engineering malware that was found to be injected into the company’s FTP servers.
It took him months to receive a ping that alerted him of the attackers. He also identified that the IP addresses being used by the attackers were located in Tehran, Iran.
The ping exposed to Wallace that the hackers were busy deploying TinyZbot, a Trojan malware program, to take the screenshot of the target computer and obtain backdoor access.
He tried to gather as much information and evidence as possible before identifying what potentially could be the main agenda of these hackers, which was the folder that contained detailed engineer diagrams of Calpine Corp power plants.
This finding was also confirmed by the study conducted by AP, in fact, the news service also confirmed that stealing usernames and passwords were also part of the plan. The data would be very useful for an attacker to get access to an important firewall.
Firewalls, as evident, perform a very crucial role in separating Calpine’s communication network from its operations network. According to sources, the blueprints also contained locations of specific devices present inside the power plants’ process control networks. These devices obtain crucial, sensitive information from the power-producing equipment, which is vital for the safe and sound operations of a plant.
Experts confirmed that hackers can fundamentally violate Calpine Corp’s operations network to completely shut down power generation and encourage a blackout.
Furthermore, experts identified that the hackers were not properly equipped with security measures themselves since the stolen data was found to be located on seven unencrypted FTP servers. These FTP servers revealed the malware that was being custom-authored and was responsible for cloaking the computers of its origin. Some comments written in the Persian language led Wallace and experts to believe that the hackers were operating from Iran.
Dark power grid
As per the study from AP, it was revealed that hackers could obtain passwords and usernames, which could be helpful for them in remotely connecting to two of Calpine’s networks.
Additionally, detailed blueprints of around 71 networks and power stations between New York and California were also possessed by hackers. These contained detailed engineering drawings depicting the accurate locations of sensitive devices that often relay communications with vital equipment like boilers and gas turbines, etc.
Moreover, information flow diagrams were also part of the package. These diagrams showed patterns through which the information was relayed back to Calpine’s virtual cloud. In the case of a man-in-the-middle attack, attackers could gain access to this information easily.
As per Brett Kerr, a spokesperson from Calpine, the company’s data was hacked by a third-party contractor who previously has business ties with the power generating corp. Kerr admitted that Calpine Corp was unaware of the violation until Wallace’s findings. He claimed that the stolen diagrams and passwords were quite ‘old’ and therefore, posed no immediate threat.
Wallace also identified while investigating this incident that the hacking group possessed members from other locations including Canada, Netherlands and the United Kingdom apart from Iran.
What’s the threat?
According to an investigation by cyber security experts at AP, the Calpine breach was quite novel since hackers gained a considerable amount of remote access controls over the past decade. Various sophisticated foreign hackers gained remote access to control the operational networks of electricity generation stations in the past decade.
Although such breaches haven’t prompted any blackouts as yet there is the underlying threat of the heightened capabilities of the hackers since they can use this information while engaged in cyber-warfare.
A former US Air Force cyberwarfare operations officer, Robert M. Lee, explained:
“If the geopolitical situation changes and Iran want to target these facilities, if they have this kind of information, it will make it a lot easier. It will also help them to stay quiet and stealthy inside.”
Some might think that these threats to critical infrastructure are blown out of proportion and are heavily overstated. Shutting down an entire power grid is no easy feat because the power grid structure has been designed in a way that it can ensure constant electricity supply even if regular maintenance is going on.
This theory is confirmed by the former NSA director Keith Alexander:
“The grid is a tough target, but a lucrative target. There is a constant, steady upbeat (in the growing number of sophisticated attacks). I see a rising tide.”
Although cyber security measures have been rising steadily, there is still no fool-proof system intact that could reduce the threat of attackers in gaining access to sensitive infrastructure.
Experts do agree that shutting down a whole country’s main power grid would be quite hard for hackers, but they also agree that it is, however, not impossible.
In the past, a confidential document from the Federal Bureau of Investigation (FBI) revealed that US energy, defense and educational institutions are the top targets of a possible sophisticated cyber attack from the Iranian hackers.
The former director of US national security agency Mc Connell warned of cyber 9/11 due to the vulnerable cyber infrastructure of the country.