Posts

Is Russian Hacking of U.S. Nuclear Power Plants a Reality?

New Evidence Points to Russian Hacking of U.S. Power Grid

Russian hacking of the United States’ power grid isn’t just probable, it is already happening.

Hackers recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas. It appears they were searching for vulnerabilities in the electrical grid, likely to be exploited at a later, more critical time. In a related case, hackers also recently infiltrated an unidentified company that makes control systems for equipment used in the power industry. Although none of the security teams analyzing the breaches have linked the work to a particular hacking team or country, the chief suspect is Russia. Why are they the primary suspect? Because Russian hackers have previously taken down parts of the electrical grid in Ukraine across several attacks and seem to be testing more and more advanced methods.

An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer – likely from a spear-phishing campaign. There have been similar campaigns from the same hackers against targets in Ireland and Turkey as well as “watering hole” attacks meant to infect victims with malware based on their predictable and routine visits to certain websites.

Spend a minute imagining the destruction of a foreign nation or terrorist bringing down a portion of the U.S. electrical grid during the freezing cold of winter, near the control tower for an airport or just prior to launching a military invasion (see what happened in Ukraine).

Here’s the most important thing you need to understand – what has been launched so far are NOT ATTACKS, but preliminary tests. The Russians (or whoever is behind these “penetration tests”) want to know our vulnerabilities before they need to exploit them. They are merely testing the waters, so the absence of a serious event is definitely NOT proof that their efforts are not working. In fact, that is the mistake that many businesses make about cyber security – they wait until AFTER a successful attack on their data to become believers in the need for prevention.

In this case, as in many, the hacker’s first beta strikes are aimed at non-critical business networks – that’s how they come to learn the “language” of that particular power provider. Once they know the patterns, prejudices and back doors of these systems, they begin applying what they’ve learned to mission-critical operational systems. THAT’S HOW THEY TURN OFF THE LIGHTS, ONE TINY STEP AT A TIME.

And that is also the window in which we must solve our weaknesses. The metaphorical shot has been fired across the bow – we KNOW that someone is hacking into our nuclear power grid. But the bomb hasn’t yet landed in one of our neighborhoods. What are you doing to prevent “lights out” in your business? Organizations that have a Best Practice Cyber Security Plan already know how to avoid the dark. 

 

John Sileo is an an award-winning author and keynote speaker on security awareness training and cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. His body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Espionage's Latest Target? Your Baby Cam!

, ,


Just over a year ago I appeared on Fox Business and wrote a blog about a Texas couple who learned their child’s baby monitor had been hacked when the intruder started screaming obscenities through the device.  At the time the webcam system itself was found to have some glaring vulnerabilities, which were fixed by a firmware update, but I pointed out that the bottom line is that owners had not taken the necessary steps to secure their device and the onus was ultimately on them.

Now the news has broken about the latest in cyber espionage: a Russian website that is streaming footage from thousands of devices, including baby monitors, bedroom cameras, office surveillance systems and CCTV from gyms, in more than 250 countries, including feeds from 4,591 cameras in the United States.  Not only are they streaming the footage, but they are providing the coordinates of where the cameras are located!

Great Britain has taken the lead role in pressuring Russia to take down the site, though they will be working with the Federal Trade Commission in the US to try to force the site to close if the Russian authorities fail to cooperate.  Of course, neither the UK nor the US have jurisdiction in Russia, so it is simpler to warn people about the site than it is to try to take the site down.

Christopher Graham, the UK Information Commissioner minced no words when asked about the incident. “I will do what I can but don’t wait for me to have sorted this out.  The action is in your own hands if you have one of these pieces of kit.”

He went on to say, “We have got to grow up about this sort of thing.  These devices are very handy if you want to have remote access to make sure your child is OK, or the shop is alright, but everyone else can access that too unless you set a strong password. This isn’t just the boring old information commissioner saying ‘set a password’. This story is an illustration of what happens if you don’t do that. If you value your privacy, put in the basic security arrangements. It’s not difficult.”

Here is what Britain’s Information Commissioner’s office is advising:

1.  Change your password!!!!! These hackers are taking advantage of the fact that camera users receive default passwords (which are freely available online for thousands of cameras) to get devices working — such as “1234.”   You often are not prompted to change the password, so you must do it yourself!

2.  Switch off the remote access to a webcam if you don’t need it.

3.  As a last resort, you can always cover the lens if you don’t want to use the camera all of the time.

4. See my previous blog for even more steps.  Do this right after you’ve CHANGED YOUR PASSWORD!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Cyber Espionage Expert John Sileo