Hackers Breached A Dozen Power Plants In May – Could Be A Dry Run For Something Bigger

by | Jul 10, 2017 | Headline News | 44 comments

Do you LOVE America?

    Share

    Calloway-Nuclear-Power-Plant

    It may only be a matter of time before the power grid in the United States, which is far more vulnerable to hacking than most people realize, suffers from a catastrophic cyber attack. We know this, because there is already evidence that unknown hackers have been targeting companies that run power plants throughout the country. According to the FBI and Homeland Security, in May hackers made their way into computer systems related to a dozen power plants, including the Wolf Creek nuclear power plant in Kansas.

    However, it doesn’t appear that any damage was done, and the hackers didn’t gain access to the controls for the power plants. They only infiltrated systems that were “limited to administrative and business networks.” So what were these hackers going after? According to the experts, these cyber attacks may have been a dry run for a future attack that could have a far more devastating effect.

    The intruders could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

    The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek — owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. — on a lake shore near Burlington, Kansas.

    The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies.

    Though the government thinks Russia is responsible, they have yet to find any proof linking the attack to any particular nation (gee, where have we heard that before?). Regardless of who is responsible, these cyber attacks have some alarming traits.

    Homeland Security and the FBI sent out a general warning about the cyberattack to utilities and related parties on June 28, though it contained few details or the number of plants affected. The government said it was most concerned about the “persistence” of the attacks on choke points of the U.S. power supply. That language suggests hackers are trying to establish backdoors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified.

    Those backdoors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems, according to Galina Antova, co-founder of Claroty, a New York firm that specializes in securing industrial control systems.

    “We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems — and you can get into the control systems by hacking into the plant’s regular computer network — then the basic security mechanisms you’d expect are simply not there.”

    Clearly, someone is trying to learn the ins and outs of our power grid, so they can exploit any weaknesses for a future cyber attack that could gain access to the control systems of our power plants. Obviously, the results of that kind of attack could devastating, if the hackers decided to turn the power plants off, and leave large swaths of the country without electricity.

    But it’s not just the loss of power for a long period of time that we should be worried about. In regards to nuclear power plants, the officials also admit that if control systems were accessed, they could disable safety features responsible for dispersing heat, which could then result in a nuclear meltdown. And we’ve already seen massive unprecedented cyber attacks this year, which government agencies admit could one day lead to full blown wars.

    As time goes on, cyber attacks are becoming more sophisticated, and they are infiltrating deeper into our infrastructure and utilities. There’s an arms race going on between hackers and the cyber security systems that protect our way of life, and it appears that we are losing that race.

    Related:

    The Power Grid Is Far More Vulnerable Than Most People Realize

    NATO Secretary General Warns Future Cyber Attacks Could Spark A War

    Massive Global Cyber Attack Using NSA Hacking Tools Takes Down 45,000 Computers Across 74 Countries: “A Scale Never Seen Before”

    URGENT ON GOLD… as in URGENT

    It Took 22 Years to Get to This Point

    Gold has been the right asset with which to save your funds in this millennium that began 23 years ago.

    Free Exclusive Report
    The inevitable Breakout – The two w’s

      Related Articles

      Comments

      Join the conversation!

      It’s 100% free and your personal information will never be sold or shared online.

      44 Comments

      1. Put in three decades in power generation. Shutting one down is one thing catastrophically damaging it is another. The protective interlocks are all hard wired hence immune from DCS control.

        • K2,
          Were your interlocks “Galvanic” or did they run through a PLC?
          I used to work with Interlocks intended to prevent lethal damage to people and really big expensive pieces of moving equipment.
          I’m just curious.

          • For water level hi a hard wired make circuit. Once submerged alarm.

            For water level low a hard wired break circuit two probes once not submerged hard wired to MFSO (main fuel shut off valve) 4/20 mil amp signal. All independent of PLC / DCS control.

            Various for other equipment such as low oil pressure on turbines but all hard wired non PLC / DCS. Typical on turbine a solenoid is held in by power. Lose power, hydraulic oil dumps to reservoir, steam rack closes, your off line. Everything errs to safety.

            Could an operator on site disable it? Sure, often necessary but it takes physical hands, jumpers. In the “old days” you made the call. Later 100 LBS of paperwork preceding it.

            Missed the old days.

            • Last line of defense on a turbine is the mechanical overspeed bolt trip. As long as there is centrifugal force in physics the bold comes out, mechanical “mouse trap” linkage, hydraulic oil dumps, main steam valve closes; un-hackable.

              • Redundant low oil pressure uses the same mechanical linkage too along with the rack.

                Absolutely un-hackable.

                • Reactors and the grid overall, ran for decades without computer control (at least as we know it today). It almost seems like adding weak links to the system, to have everything so easily accessed online. Would it really be that much hassle to revert to physical firewalls, of units not being directly connected to the web?

                  As far as hacking, the Russians would be fools not to be prepping for something like that, given how they have been provoked for the last decade. More likely, I’d wager it is China, or one of their proxies. Who knows? Lots of people PO’d at America these days…

        • Its NOT Russia hackers. Its Israehell hackers using various proxy servers in Russia to make it look like Russia and frame and blame them to get the US into WW3. Only idiot suckers believe it was Russia. And this article too is anti Russian propaganda hate, nonsense. Oh and how convenient to try and derail Trump and Putins meet up by doing this? Makes no sense for Russia to hack, but Israehell benefits from this. Netanyahoo nut job said refering to the U.S. “Hit em and hit em again and again. And why? Because we destroy countries we hate. So we can make them our slaves.”

          Russia did not send 5 dancing Russians over to the US to film 911 plane crashing did they????? NO… Gee but (((WHO))) did send their 5 dancing crew over to film it? Yeah thats (((WHO))).

          • Whats your problem with Israel?

            I never get a straight answer from people like you bashing them constantly saying they have complete control over the US….

          • It’s NOT Israel. Just because there is proxy server somewhere doesn’t make what ever attack that come from them from that government. There are fingerprints to this stuff and profiles, just like with regular crime. In dissecting some of this stuff you will find code snippets from other known actors. Sometimes it’s code that only one group has used. There is some sharing, but not really. So if APT28 or APT29 are up to something we can usually figure it out. They work hard to make it look like someone else did it, but that is where profiling comes in. We can usually say so and so created this malware, but only with 80-90 percent certainty. 100% is rare. So is starting a war over 90% worth it. Not usually. My bet is that these hackers want to have the ability to shut it down if they HAD to, say during a regular conflict with us. Just another weapon in the arsenal of country. The U.S. would NEVER do such a thing. Oops I forgot the Shadow Brokers released NSA tool kit fairly recently and we a feeling the effects of that. Anyone hear of WannaCry and Petya?

            I do this stuff for a living and yes we are behind the curve in the commercial sector, because the C level folks are pretty clueless. Let their company experience a breach and they get with the program real fast, except oops again, there are not enough of the guys/gals like me out there. It’s got so bad I don’t answer the phone if I don’t recognize the number, someone trying to poach me. I’ve outgrown my mercenary days, so no I just don’t jump at higher pay or whatever promises they try to make.

        • The Wolf Creek plant is 1970s technology. All the process controls are still analog. Unhackable from outside the control room.

        • Yep, and I know who they are (at least some of them)… Its described in a book I read years ago by this guy… basially, there are a lot of people concerned about global warming (especially young people) and they have no qualms about doing whatever is necessary to stop carbon dioxide emissions– its either stop the burning of fossil fuels, or young people have no viable future– they know what is at stake even if half the country is clueless.

          Lets put it this way– if you knew your life depended on something being stopped and you knew the government and old people didn’t give a crap (they are only interested in money and their own selfish desires)… then what would you do if you were in their place??

          • P.S. For the uninformed… electricity is produced by burning fossil fuels.

            • Except when it’s Nuclear, Hydroelectric, Solar or Wind. Yes most is produced by coal. Some natural gas and oil. Causing a meltdown of Nuke plant would be good for the environment though now would it. Plus if you closed down most of the coal fired generators in the US, it wouldn’t dent the CO2 emission of China and India. Most activism is shooting oneself in the foot. Most young people while not stupid, are naive, misguided and easily manipulated. Hacking a power plant won’t save the world, it will get you put in jail.

              If all of the people who are concerned about Climate Change, went off grid that would show the world they were serious and not the Hippocrates they really are. Drive a Prius? Please! Meanwhile they keep the AC on 70 when it’s 90 out, or fly wherever whenever.

      2. I don’t understand why critical system aren’t on dedicated lines/networks. We’ve had the hacker threat in the public awareness for years.

        Guess they want us dead.

      3. Worked in power production engineering back in the late ’60s and Amen Kevin2. The article seems to be implying power plant ‘attacks’ equals Grid Attacks. These are not totally separate, but mostly.

        In order to compromise the Grid by attacking Power Plants means that you would have to knock many units off line. Like Kevin2 said, taking them out of service would be temporary and not permanently destructive.

        Grid Compromise is best accomplished by attacking the Distribution Network, not Power Plants.

        <bb

        • Exactly. Put sleeper cells in the US and a few well placed RPG’s or .50 cal rounds would cause a lot of chaos.

      4. I hope I get to leave to my BOL in time and have it done in time. You guys are going to see me just disappear from this site. Those who have BOL’s need to get out as fast as you can, and permanently leave while you can

        HCKS.

        • Heard that before…….

          • …and from the same secret squirrrrl guy lol. He’s a poseur.

        • Please explain more. I have found your posts to quite interesting but find them a little criptic. I would appreciate a full post on what you know. Mahalo

        • HiCKS, we can only HOPE & PRAY you disappear from this site. You are a total fucking nutcase that really does need professional help.

          BTW, what are you gonna to when all the “Chi-Comms” show up at your “BOL”???? You better head out now before the “Chi-Comms” get there first!!!!!!!!!!!!!!!!

      5. If the grid goes down, it is nice to live somewhere with temperate climate; not too hot, not too cold. That way you can survive fairly easily without electricity. At least with regard to staying cool in the summer and warm in winter. I live in a nice location. There are hills that keep the ocean winds from becoming too crazy in winter, but allow in a cool breeze on hot days.

        Yesterday was 100 degrees and I went with family in an air conditioned car to a cafe. On the top level of the shopping center, it was about 85 or 90 degrees. Cooler than 100 because it was on the beach. But walking down, the bottom floor and cafe were 15 or 20 degrees cooler. There was no direct sunlight.

        This is the best insulation. Getting to that cooler basement level reminded me of the importance of having a home with a root cellar, basement, or cool level below street level.

        It got cool early in the evening yesterday. I was not affected by the grid down. In fact, I learned about it here. Thanks to KY Mom.

        __ ?

        • B from CA

          Amen to a basement being a heat sink both ways. Had a 2000 sq/ft rancher, full relatively dry basement, full 8+ ft deep. Ran AC / Heat fan on manual all the time, duct work cut in. Huge reservoir of 55 deg air. The $30 month in electricity was more than offset by the lower amp load on the compressor and less gas used in winter (plus a very comfortable finished basement).

          • Kevin2:

            Nice

            _ ?

            • We retired to hurricane prone area SW Florida. Looking to upgrade emergency generator as the demands for such are different here than up north where both natural gas and smaller size were adequate. Looking for a diesel that is 10KW and portable as codes for a fixed one require full home capacity (200 Amp here). Any direction in finding what I want would be helpful.

      6. How about that Central American power outage last week? 7 countries affected and millions of people. Some thought it was a test run.

      7. When Russian revolution of 1917 happened Lenin figure out:If you take a train station and telegraph office you own the city. Moving forward 100 years, when one takes a communication and transportation down; one owns the country.
        This is not a racket science.
        Take down the grid, take the power away is to take down the internet and everything follows like domino. Telecommunication: there are many private networks, military and government, but they all depend on private fiber network. All phones, cell phones, facebook, credit card transactions, all depend on the one thing; the Internet. Once the ability of payment processing is down the transportation does not exist. Transportation down, no petrol at the gas station, no food in grocery store. We all can have a million dollar in cash each, but there will be nothing to spend it on.
        Some of us remember NY City blackout of 1977. It took one sunset to peal the veneer of civilization and to destroy 31 neighborhoods.
        We are kidding our self’s if we think that this time will be different.
        Yesterday’s article on this very site explains exactly how dark human nature is. Despite the fact that we all know right from wrong, most of us; humans obey the law only because there is a consequence if we do not. Only some of us have a conscience, a moral compass, a character and are willing act upon.

      8. CA is fu!king in meltdown right now bros. roads, grid, bridges and dams all failing because of illegal welfare handouts. Can not wait to move to my BOL in Idaho.

      9. Could? heck I Could also win the lottery .

        • I just got a notice from Publishers Clearing House about a new $15,000,000 prize. You have to enter to win.

      10. Seems to me that the transmission lines themselves are another weak point and could suffer a less unsophisticated attack more readily.

      11. Just a friendly note, you know those password applications they marketed as an uncrackable place to keep all your passwords, well a couple of them have been hacked.

        If you are using a password storage app check to see if it’s one of them that was hacked.

        Consider going back to passwords on paper kept in a secure and hidden place. Have a code system for passwords you carry on your person in public, so anyone reading them can’t easily figure out the real password.

        Don’t make passwords up using words. There are only 20,000 commonly used words in the English language, making your passwords easy to crack. You can purposely misspell them or intermix numbers and upper/lower case. Use a different password for every site.

        • The initial letters of an easy-to-remember sentence makes a good password.

          • Archivist,
            Got it, the password is “Tiloaetrs”! LOL

      12. Remember the good old days when analog was safer than digital?

      13. Catastrophic is when the wastewater treatment plants go down and sewage starts backing up into people’s homes. The stench will force people to pitch tents in their backyards and
        dig their own poop trenches next to the tomato garden. Yuckers.

      14. If and When the Power goes out I am pretty sure it will NOT be the Russians! Somebody just wants us to believe it is them so they justify a war. Sad to say….

      15. What is being forgotten (deliberately?) is that when WikiLeaks did their dump on Vault, buried in that dump was the facts that our vaunted intelligence community utilizes software tools to spoof the identities of other locations. “Let’s make it look like evil empire flavor of the week did this!” “Make it so…”
        *cue ominous music here*
        Be well…
        Cat

        • Cat, sounds like Stuxnet!

        • Cat Herder

          You describe a tool and therefore a symptom of the intelligence agencies being either government into themselves, rogue, or under the control of an entity other than the legal chain on command. The latter is no doubt correct. We live on a stage set with the majority of the audience so captivated by the command performance they don’t realize that its not real.

          I have a stedfast unwavering core belief; I don’t.

      16. Ok, this is not nice to say but I’d say its the Never Trumpers and Hillary supporters combined with the employees force hired under Obama the Communist Chief in charge under his Social Justice mandates.
        Definitely domestic! In my opinion the country is under an internal attack across the board!
        Glad to see Sessions was out inspecting GITMO! Just wish he’d start filling it up with traitors!
        Where are the ole school tar and feather folks when you need them?
        Stupid or Complicit?

      17. I had dinner with friend about 2 months ago from Europe. He is a Ph.D in computer science, who works in cybersecurity. He was in the US at a meeting of experts in the field. Of course, he couldn’t give me nitty gritty details, but he did say that he felt most systems were hacked.

        Why no issues, then, I asked. He replied, like the Wannacry folks, it was because they wanted money, and to use that money, you need a functioning infrastructure. All they want to do is act as a parasite, but not kill the host.

        Question is, what about when you have a Mentally Il Kim Jong Un who now realizes his empire is kaput, and wants to take the world down with him in flames? What if you have the evil nuts in Iran who want to bring back the faux 12th imam by engineering the destruction of the world? What if you have another utter nutcase like the Unibomber, Ted Kacyzinski (sp?) who wants to destroy the world (like a mad James Bond villain; BTW, the Unibomber Kaczynski was a LEFTIST, just for the record). My friend had no answer to that.

        So, in sum, preparedness is a good idea. This, CMEs, EMPs, an aging grid, etc…. all reasons to at least do a modicum of readiness. You may not, like me, be able to have some nice redoubt in New Zealand. You may not be independently wealthy and need to stay in an at risk area to both work and take care of family members who won’t or can’t leave. But to do nothing by way of self reliance – which is the history of the west until the scourge of socialism all turned us into plantation slaves, is the height of irresponsibility IMHO

      18. we should all be trembling in our boots over this. To think that all a hacker has to do is to prevent water from cooling a nuclear reactor….and the thing melts down. IF you don’t believe me, research 1) Three Mile Island…2)Chernobyl and 3) Fukushima…The nuclear energy industry is over 50 years old, yet they have not finalized the simplest of things that other industries have such as 1) removal and storage of hazardous waste..2)standardization of controls and protocols, making the building and operation of nuclear sites easier safer and more affordable..3) the removal of the weapons grade uranium and plutonium from the operation of the plant, thus making a terrorist attack on a plant, less likely…IF you are wondering WHY have these things not been done and we still build nuclear plants?….the answer is that the military industrial complex companies build and service nuclear plants. It is these giants who run Congress..That is why NO NUCLEAR PLANT has ever been built on time and on budget. They all run over time and over budget. This is because the corporations are adept and “running over”…then getting Congress to approve more money. Its an old scam..Also, the gov’t lies on behalf of the nuclear industry…the Atomic Energy Commission is a front for the industry like the Food and Drug administration is a front for Big Pharma and Big Food. If you don’t believe this, read the books “Atomic Accidents” and “The Wrong Stuff”….Look at Fukushima. This has been called a 20-30 year project at a cost of billions of dollars to clean up the mess…if the engineers can do it. Right now, its too atomically “hot”….to work. Robots that go into the containment buildings “get fried” after a few hours..The Fukushima mess has been characterized in an 11 minute video, put out by “Anonymous”….as ” not having a clue”…how to fix Fukushima. If you see the documentary put out by Front-line the Public TV channel, you will be afraid…very afraid at how nuclear plants are mis handled…you can also follow the mess at fukushimawatch.org.. And now terrorists can hack in to the controls? If I could I would waive my magic wand and stop all the nuclear plants….before the terrorists do and we go back to the Middle Ages…

        • Anthony, lol, wouldn’t waving your magic wand to stop all the nuclear plants put us back to the Middle Ages? Just saying whether your fancy magic wand or terrorists, same result. BTW, Texas is the place to be in grid attack. Texas power grid is separate from the rest of country. Designers took the secession clause in their constitution to heart.

      Commenting Policy:

      Some comments on this web site are automatically moderated through our Spam protection systems. Please be patient if your comment isn’t immediately available. We’re not trying to censor you, the system just wants to make sure you’re not a robot posting random spam.

      This website thrives because of its community. While we support lively debates and understand that people get excited, frustrated or angry at times, we ask that the conversation remain civil. Racism, to include any religious affiliation, will not be tolerated on this site, including the disparagement of people in the comments section.