Cyberspies infiltrated US electricity grid, says official

Cyberspies from China and Russia have planted software tools that could be activated to disable critical infrastructure such as the electricity grid, according to a US official quoted in the Wall Street Journal.

Such cyber espionage was pervasive across the US, said a former Department of Homeland Security official. “There are intrusions, and they are growing. There were a lot last year,” he claimed, referring to the electricity grid.

The report also cited a senior Pentagon official as saying the defence organisation had spent $100 million repairing “cyber damage” in the past six months.

Few cyber attacks on civic infrastructure, such as power grids and sewage systems, have actually taken place. One of the more dramatic examples was a water treatment plant in Australia that was sabotaged by a disgruntled employee in 2000, flooding the grounds of a nearby Hyatt hotel with sewage.

State-sanctioned attacks on critical infrastructure are even less common. More frequent are the kinds of attacks that Estonia experienced in 2007, which involved denial-of-service attacks on internet infrastructure and defacing of public websites. The attacks originated in Russia, but whether they were initiated by officials or by civilian activists is unclear.

Unsurprisingly, both Russia and China denied any mischief when questioned by the Wall Street Journal over their cyber espionage activities. “These are pure speculations,” said a spokesman from the Russian Embassy, Yevgeniy Khorishko. “Russia has nothing to do with the cyber attacks on the US infrastructure, or on any infrastructure in any other country in the world.”

His counterpart from the Chinese Embassy in Washington, Wang Baodong, said China was “resolutely opposed to any crime, including hacking, that destroys the Internet or [a] computer network”, adding that the concept of Chinese cyber spies were “sheer lies” and the product of a “Cold War mentality”.

Symantec’s chief scientist, Dr Guy Bunker, was more speculative. “Could they have done it? Yes they could,” he told Information Age, “but it’s one of the most difficult things to track. Just because it appears to originate somewhere doesn’t mean that it did.”

Bunker describes an incident several years ago in which a server inside a state-owned Chinese bank was hijacked by phishers. “Even if you can say [the attack] is definitely coming from a bank, from behind the firewall, and everything looks exactly like it should, the server admin might not be a bank employee – instead it might be a cyber criminal located somewhere other than China.”

Furthermore, says Bunker, cyber attacks are not necessarily conducted over the Internet: “[The tools left in the electricity grid] could have been planted by a consultant going in and out, or an employee who was bribed.

“But there’s definitely an issue around SCADA (industrial control or processing) networks,” adds Bunker. “A lot of connectivity is going into systems where previously the network was kept separate. Someone will ask for it so they can monitor the system from their desk, and someone else will say ‘yes we can do that’ and install a bridge to the Internet.”

Related Topics