CIA Says Hackers Have Cut Power Grid

Oh my god! I sure hope the CIA comes up with a plan to protect us. I don't know what it will take. Maybe if we let them spy on all internet traffic wholesale, then we will be safe from the evil terrorists? We don't need any privacy as long as we are protected from evil, right?

Guess the CIA should hire John McClane. He's experienced in these sort of things. Maybe he's a little too old. He doesn't seem to mind, though.

Does anyone here actually know there is know link to the power grids main system. I say link. Do you know for sure, that someone does have internet access and access to one persons computer on the LAN who may have access? Are you certain?

Please provide links with this info, I work network security, and you would be shocked at 1) How many people use windows to control everything, and the small hacks and links you can achieve because of this. You would THINK they know better, but I never met a company that has a system that isn't hackable and you can blame Mr.Gates for that and his ability to put out flawed operating systems. How many of our power grid systems are unix based or just proprietary OS/softwares.

Any info on the systems themselves I think would be good for this thread

So what do 20 of the top 25 U.S. electric companies run,

www.oracle.com...


Here how hard it was to figure out.
Google
"power company" software computers

Brought me to a a tech article on changing the infrastructure of a 1 Billion dollar power company

search.techrepublic.com.com...

Said they Choose
Stellent Content Management system as their 3rd party software provider.

Stellent was bought by Orcale, which led me to this.

www.oracle.com...

They want it all linked, they want to save money in what they perceive as being efficient. They are told, No Oracle is very safe, sure for a normal company, but not a Utility company which are private owned and publicly traded.

Bottom line its to much hassle to to do it right, its a 1 and million shot someone will hack it they are told, when presented with the cost of doing it right and the cost of doing it with a slim margin of failure, and the difference is a few 100 million dollars. Guess which one the corporation with the bottom line to worry about chooses.

Sorry to say you should not trust in corporation to look out for your or this countries best interest.

Didn't this happen in Live Free or Die Hard?


CIA is getting quite lazy these days with their new ways of terrorizing americans into thinking we're always being attacked...They'll say and do anything to get a police state goin' on here...

CIA-

Can't
Intelligently
Act

This is definatly step one of georges plan to grab power, hes gonna do something really stupid(or smart dependin on which side of the fence) before hes kicked out of the white house!hell shut down the entire us for a day or two and then he's just gonna start droppin nukes! hes the anti christ i tell you the anti christ!were all *takes deep breath* DOOOOOOOOOOOOOOMMMMMMMMMEEEED!

Even if the power grid was on its own network, which it hopefully is does not necessarily mean it can't be accessed from the internet. It is not that uncommon for some idiot to hook up a modem to his terminal at work so that he can access it from his home. Companies have strict policies against this but people will always be stupid and ignorant. All the hacker would do is scan the address block that the power grid is located at for any modems and then proceed to gain access when he finds one. Once he has access he will then attempt to get deeper and deeper into the network through this one node.

WHOA dude it's it weird because i just had TWO blackouts that lasted about 1-2 seconds each a few minutes ago! I hope it's not related to the article

[edit on 19-1-2008 by noobius0ne]

In case you didn't notice, these attacks were on cities outside the US, but that doesn't mean it couldn't happen here. I remember a few months ago there was an article on how a hacker could cause damage at a power plant.

www.pcworld.com...

There has also been talk about using existing power lines to also carry communications, which I think would open a whole new way to hack the power grid.

en.wikipedia.org...

I don't know if it is possible to affect anything this way now, but who knows?



reply to post by Dulcimer

I'm curious as to how you know someone hacked your light bulb. When you say disabled the light bulb, did you mean burned it out or something else? Do you have computer controls for your lights in your house? More info please.

So when George is gone, and the problem is still there, will people at least pay attention then. Its funny, this is an actual conspiracy here, of big business , not interested in maintain powers 24/7 but maintain business and the bottom line IMHO. But people think its the big bad Government setting us up.

Look up some of this info, the more you read the more it says people who run these companies are just as dumb and ignorant as people who run any other fortune 500 company.

See whats funny is this is a REAL problem, and its the ole boy who cried wolf problem, You feel lied to so much you ignore a real threat.
Dammed if you do Dammed if you dont



[edit on 19-1-2008 by ShiftTrio]

FERC, SERC and NERC have all addressed this issue over the last decade and while yes, ten or so years ago a good hacker could wreck havoc over a utility companies servers it is no longer an option.

Systems have been split off to standalone networks with full encryption. There is no way to "hack" into any of the major utilities in the US at this time and cut the power. Some small co-ops maybe, but even then there are automated switches to split them off of the grid if an event occurs.

Sleep well.

I was joking with my light bulb post as I wanted to have a little fun. I never get to have fun.

I for one do not believe that it would be very easy to disable an entire power company with computer "hacks".

If the scenario is like this:

-Guy hacks power company
-Power company web interface has two options. 1- Run awesome 2-Kill everything
-Guy presses option 2

Ok, maybe there would be a problem in a scenario like that. But im pretty sure any access systems would be very complicated. I imagine operating any of the technology is pretty complicated. I mean, you just dont go to a nuclear reactor and press a few switches and everything works fine. Its a very complicated, interconnected network of separate systems. Causing a fault that would shutdown the entire system is probable not that easy. The average joe that hacks a website is not going to have the knowledge of the power systems.

Could someone be trained to do it? Of course. But that still does not mean that the entire system can be accessed from around the world.


Why would major power companies have remote access that can completely obliterate the system? Do they need operators that can control everything from home?

Reminds me of an episode of the Simpsons where Homer works from home.

Vent Gas? Y-E-S


So what could happen. My worst case scenario would go like this: Guy hacks company, shuts down service for account subscribers. Chances are the service does not go out immediately anyway.

Is someone going to cause enough damage to actually stop power from being produced? No. Chances are the problems could be averted by actual people working around the systems. They do monitor all equipment you know...

So basically, my worst case scenario is that someone gets service cut off to users. It would be fixed quickly.

I would worry more about online banking, health records etc.

Well, I imagine one wouldn't target the primary generating facility. Substations and whatnot would be the more likely targets. Lower security, fewer humans. The only question then is how dumb are they (how much computer control do the substations in question actually have).

Probably easier to just plant a bomb. Unless you're in China.

Originally posted by spyder207
FERC, SERC and NERC have all addressed this issue over the last decade and while yes, ten or so years ago a good hacker could wreck havoc over a utility companies servers it is no longer an option.

Systems have been split off to standalone networks with full encryption. There is no way to "hack" into any of the major utilities in the US at this time and cut the power. Some small co-ops maybe, but even then there are automated switches to split them off of the grid if an event occurs.

Sleep well.

Like I said above, if some employee hooks up a modem to his terminal so he can work from home then the network can absolutely be hacked.

Why wouldn't they name the cities or countries in the article?

Also, the quotes from the CIA analyst Tom Donahue contradict one another:

"The goal of the attacks was extortion, he said."

"We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Allow me to suggest if the CIA is noticing this in foreign countries what's to prevent it from happening inside the USA?

Last night when reading thru 1,200 odd pages of declassified OSS/CIA documents I ran across one that sure fits dated 10/27/1943, titled
"Joint Chiefs of Staff Directive; functions of the office of Strategic Services"
Its a 7 page letter that states on page 2, use of sabotage.
www.foia.cia.gov...
I ran the search for OSS, then clicked oldest to be displayed first
move to the next or second page, then scroll down

what the hackers do here is to fall trees on the power line or seed clouds and cause lightening to blow circuits
those shmucks do it at least three times a year!
they even send vehicles to knock poles down!
I am getting tired of it and wont stand for it
Cissus in Ottawar should get on this so ordinary citizens power grids are not griddles while they fiddles!!
y
I must admit that they are sorta working on it though- I saw a guy up on a pole stake last month

Originally posted by Dulcimer
I was joking with my light bulb post as I wanted to have a little fun. I never get to have fun.

All right, I admit it. You got me on that one.

I for one do not believe that it would be very easy to disable an entire power company with computer "hacks".

Now here is where I think that people take things for granted. We think the people in charge know what their doing and we are not vulnerable to something so petty. My question is, have you been following whats been going on the last few years? Our borders are unprotected, our chemical plants are unprotected, ect.. ect.. Why? Because we are busy chasing an enemy overseas. Fight them over there, so we don't have to fight them here, is what we are told. This whole terrorism thing is out of whack.

This is a real threat that wouldn't take much to secure. The problem is getting people to recognize it.

I see this as a grab at power, more government involvement on the internet, more monitoring of society. They say things like this every once in a while to condition society for the loss of more of their freedoms. Already they can take any US citizen (or alien for that matter) and hold them for up to 3 years without a trial or even a lawyer.
With various independent voters pushing their candidates forward, the establishment feels threatened and has no other recourse but to strike fear into the society it dominates.
I think you will hear more noise like this, until one day you wake up and there is an internet tax and all of your transmissions are funneled to ECHELON (although they already most likely are).
You might think this will never happen – that only fascist regimes are capable of such corruption of freedom and privacy… Welcome to the USA – or did you forget about the AT&T whistleblower trying to stop the NSA from monitoring all domestic internet calls, urls, email, and chats...
if you never heard of it go HERE

If we don't stop these little "messages" about our loss of freedoms - we will lose everything.

I forgot to mention social engineering.


They could always gain a little too much information with that. If you call that hacking.

I think our gibsons are safe for now.