FROM THE ARCHIVES

Mark Blangger   
ACFE Research Editor

While a report prepared by the Risk and Infrastructure Science Center indicates that severe weather — like Hurricanes Harvey and Maria — lead the pack when it comes to causes of power outages in the U.S., Mother Nature is not without rivals. Power grids can go down for a number of reasons beyond natural disasters. They often use aging equipment, are prone to human error and can just malfunction. However, energy hackers are starting to play more of a role in blackouts.

Power grid takedowns
In December 2015, one of the operators at the Prykarpattyaoblenergo control center, which distributes power to some of Ukraine’s 24 regions, was preparing to leave for the day when he noticed his computer’s cursor move across the screen under its own power. The operator watched in disbelief as the cursor deliberately navigated toward buttons that control a regional substation’s circuit breakers, then clicked on a box to open the breakers and take the entire substation offline. When the confirmation dialogue box popped up, the cursor moved effortlessly to the box and clicked to confirm the action. The ghost attacker continued this process until almost 60 substations were taken offline. The operator had no control over the situation. The hacker even logged the operator out and changed his password. The attack left more than 230,000 residents without power.

This attack on Ukraine’s power grid was a first of its kind and well planned. Almost exactly one year later, hackers infiltrated the power grid of the Ukrainian capital, Kiev, knocking out approximately 20% of the city’s nighttime energy consumption.

Were the power grid hacks on the Ukraine the perpetrators’ way of showing exactly what they’re capable of doing — to any country?

According to a September 2017 report by USA Today , an organized hacking group has hacked into dozens of U.S. power companies. Symantec discovered the attacks, and its principal research manager, Vikram Thkur, indicated that companies that generate, transmit and distribute power have been the hackers’ focus. Joel Brenner, a senior research fellow at the Massachusetts Institute of Technology, said, “I think preparation for a potential attack is what we’re seeing. And whoever’s doing this . . . want[s] us to know.”

Examples around the world
The following incidents represent a very small sampling of the cyberattacks that are growing in number, scope and severity, along with the number of state actors (perpetrators who work for a specific government) and non-state actors (perpetrators who do not identify with a specific state or government) who perpetrate them:

• 2009: Considered to be the world’s first cyberweapon, Stuxnet, unlike earlier malware, was able to cause real-world, physical damage. Unknown perpetrators released the malware into the computer system at Iran’s nuclear facility in Natanz, where it carried out its mission for months — eventually destroying 984 uranium-enriching centrifuges. The cause of the destruction wasn’t discovered until 2010.
• 2013: DarkSeoul, a malware first discovered in 2012, shut down a bank and three television stations in South Korea. The cyberattack froze the bank’s and the stations’ computer terminals and affected the bank’s ATMs and mobile payment services. Officials linked the attack to a Chinese IP address, causing them to suspect North Korea as the perpetrator, but there was no conclusive evidence.
• 2014: In March, spy malware was found in the software used by a major U.S. energy provider to run dozens of turbines, controllers and other industrial equipment. The information security company that discovered the malware said it had been there for a year. 

The impact
Imagine a situation similar to what the Ukraine experienced — a major power grid attack blacks out large areas of the country for days, weeks or months. Everything whose core function relies on energy produced by power grids would come to a screeching halt. Some realities of this would be:

• Business stops — banks, stores, companies of all sizes and in all industries, even Wall Street, would be out of commission.
• There would be no water pumped into homes, and sewage treatment plants and fuel pumps would cease to operate.
• Those with generators, such as hospitals, would eventually run out of fuel for those generators, likely resulting in loss of lives.
• There would be no refrigeration and food would be scarce.
• Airports and other forms of transportation would be out of commission. 
• Communications would shut down, including cell phone service.

Being plunged into darkness and not having access to energy-driven resources would be just the beginning. The financial impact would be astonishing. A four-hour blackout in the Northeastern U.S. caused by a programming error in the alarm system caused economic losses between $4 billion and $10 billion. An April 2017 article by the Council on Foreign Relations indicates that a power grid cyberattack would result in an estimated $243 billion in economic losses — just economic losses, not the cost associated with repairing the power grid.

As criminals increasingly turn to anonymous online attacks, anti-fraud professionals need to be aware of new trends in cyber warfare. With the ability to cause widespread panic, large-scale loss of funds and even potential death, it’s important to keep an eye open for reports of power grid hacking.  

Read more about power grid hacking and find examples of attacks that have occurred all over the world in the full article in The Fraud Examiner newsletter archives.