Researchers’ Discovery of Power Grid-Wrecking Malware Worrisome
Researchers have discovered a troubling breed of power grid-wrecking software, saying in a report published Monday that the program was very likely responsible for a brief blackout in Ukraine late last year.
The malicious software has the ability to remotely sabotage circuit breakers, switches and protection relays, the report said, a nightmare scenario for those charged with keeping the lights on.
“The potential impact of malware like this is huge,” said Robert Lipovsky, a researcher who helped draw up the report for Slovakian anti-virus firm ESET. “It’s not restricted to Ukraine. The industrial hardware that the malware communicates with is used in critical infrastructure worldwide.”
Policymakers have long worried over programs that can remotely sabotage industrial systems because of their potential to deal catastrophic damage across the internet. Examples of hackers being able to turn off the lights were once confined to the movie screens, but that is slowly changing. In 2010 researchers discovered Stuxnet, a groundbreaking piece of malware apparently designed to sabotage Iran’s nuclear program by sending its centrifuge machines spinning out of control.
Last year’s power outage appears to have been a sequel to Stuxnet. Ukrainian officials have already described the Dec. 17, 2016, outage at transmission facility outside Kiev, the capital city, as a cyberattack. The report drawn up by ESET and Dragos, Inc. – a Maryland-based firm that specializes in industrial cybersecurity – adds technical details, saying that the malware was designed to communicate directly with industrial control systems, flipping circuit breakers on and off with a string of code before mass-deleting data in a bid to cover its tracks.
The level of sophistication need to write code for the generally obscure industrial controllers that operate the world’s electrical grids suggests a group of hackers well-versed in the field and with the resources to test their creations in the lab, the report said.
Lipovksy declined to be drawn on who might be behind the malware, although Ukrainian officials have in the past laid the blame for such intrusions on Russia.
Ukrainian officials didn’t immediately return a message seeking comment on the report.
Despite the malware’s sophistication, the 2016 incident had relatively little impact.
“Maybe it was a test,” said Lipovsky, before adding that that was no reason not to take the malware seriously.
“This could affect hundreds of thousands of people,” he said.