American fears highlighted following hacker-driven Ukrainian power outage

Updated on 3-1-2016 by Lulu Chang: Following an alarming confirmation that Ukraine’s power outage last Christmas was indeed caused by hackers (making it the first known instance of a successful attack of that nature), the Obama administration is urging American power companies, water suppliers, and transportation networks to remain vigilant, the New York Times reports. The “extensive reconnaissance” of the Ukrainian power system managed to leave over 225,000 citizens without electricity, a situation that U.S. officials now worry could very well happen at home.

While the government has not yet officially placed the blame on Russia, it seems that suspicions are running higher than ever.

“There’s never been an intentional cyberattack that has taken the electric grid down before,” Robert M. Lee of the SANS Institute told the Times. He also noted that the attack was primarily symbolic in nature — indeed, it seems that the power outage was meant to send a message more than inflict any real damage or harm. “It was large enough to get everyone’s attention,” he said, “and small enough not to prompt a major response.”

But if the same were to happen in the United States, the results may vary drastically. Ted Koppel (formerly of ABC News), pointed out major vulnerabilities in the American electric grid.

“We have 3,200 power companies, and we need a precise balance between the amount of electricity that is generated and the amount that is used,” he said. “And that can only be done over a system run on the Internet. The Ukrainians were lucky to have antiquated systems.”

So to prevent any such attacks from plunging us into darkness in the future, the Department of Homeland Security has made a number of recommendations. As the Times reports, “Make sure that outsiders accessing power systems or other networks that operate vital infrastructure can monitor the system, but not change it; close ‘back doors’ — system flaws that can give an intruder unauthorized access; have a contingency plan to shut down systems that have been infected, or invaded, by outsiders.

Original article and 2-27-2016 update by Lulu Chang: 

A new report published Thursday by the DHS Industrial Control Systems Cyber Emergency Response Team suggests that Ukraine’s power outage last Christmas was indeed the result of hacking. This confirms that the occurrence was the first known incident of a power outage caused directly by malicious hacker activity.

It’s still unclear how BlackEnergy malware contributed to the outage, and the new analysis from the DHS states, “… it is important to note that the role of BE (BlackEnergy) in this event remains unknown pending further technical analysis.”

What is known, however, is that “power outages were caused by remote cyber intrusions at three regional electric power distribution companies (Oblenergos) impacting approximately 225,000 customers,” and that the attack was “synchronized and coordinated, probably following extensive reconnaissance of the victim networks.” Each of the attacks took place within half an hour of one another, suggesting a relatively high level of sophistication.

One thing is for sure — the more we learn about this attack, the more concerning it seems.

To recap, Ukrainian power outage in late December was at the time suspected to be the result of a cyberattack, making the blackout the first ever caused by malware. American officials investigated Russian hackers for their alleged involvement in the scheme, in which at least three different power stations were compromised. Tens of thousands of people were left without power for several hours after the computers used to control the national grid were infected with the BlackEnergy Trojan malware, and many security experts expressed concern over the implications of the attack.

While 2015 exposed major problems in the digital infrastructure of companies across a variety of industries, few of these data breaches resulted in physical consequences (though of course, having your credit card information compromised is serious enough in and of itself). But this hack raised red flags around the issue of digitized warfare, with repercussions that may be more far-reaching than ever before.

“[The attack is] a milestone because we’ve definitely seen targeted destructive events against energy before — oil firms, for instance — but never the event which causes the blackout,” John Hultquist, head of security firm iSIGHT’s cyber espionage intelligence told Ars Technica, at the time the hack occurred “It’s the major scenario we’ve all been concerned about for so long.”

Ukrainian officials believe that a Russian group known as SandWorm is behind the malware attack, as the particular virus used is one that the hackers have been known to employ in the past.

One anonymous American official told the Washington Post that certain questions were being raised about the hack, such as, “What was the process that led up to it? Did we see any key indicators ahead of time?”

Although experts like Michael Assante at the SANS Institute, a cyber-training organization, say the attack was of “low to moderate sophistication,” the incident could still be a worrisome sign of things to come. President Obama has noted previously that the American electrical grid could be vulnerable to attack, and stated that, “In other countries cyber attacks have plunged entire cities into darkness.”

Product Review

Simple and reliable, Apple's AirPods are among the best fully wireless earbuds

Apple’s AirPods wireless headphones have dominated the market essentially since they hit stores in December 2016. Though not without some faults, they cracked the connectivity code to rank among the best fully wireless earbuds you can…
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.
Movies & TV

The best shows on Netflix right now (March 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Social Media

New Zealand attack shows that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.

Firefox 66 is here and it will soon block irritating autoplay videos

Do web advertisements have you frustrated? Mozilla is here to help. The latest version of the browser will soon block autoplaying videos by default and will also help make web page scrolling smoother.
Movies & TV

No TV? No problem. Here's how to watch the Final Four online

Whether you want to watch the Big Dance on your phone or on your smart TV, we have the lowdown on all the ways to watch March Madness you can handle. Grab your foam finger and some nachos.

Patreon is having another go at changing the way it charges creators

Patreon messed up pretty badly the last time it tried to change its payment system. Now it's having another go, though this time the changes mainly affect future sign-ups rather than its current community of creators.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. But with so many subreddits to choose from, exploring them can be overwhelming. Here are some of the best subreddits to get you started.

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.