Feeds

back to article World's power-grid cyber breach traced to notorious Chinese crew

An espionage attack on Telvent - the maker of power-grid control systems and smart meters - has been linked to a prolific Chinese hacking crew. Telvent, a division of Schneider Electric, has admitted hackers breached its corporate network, implanted malicious software and lifted sensitive project files. The raid spanned Telvent …

COMMENTS

This topic is closed for new posts.
Silver badge
Meh

Approval?

This would only be happening with Government approval.

4
2
Facepalm

Re: Approval?

I'm not so sure, remember China is BIG and is controlled by a single huge, centralised bureaucratic system.

I wonder, just how much do they actuality do know, about what is going on at ground level.

4
0
Anonymous Coward

Re: Approval?

Probably, but lets not beat about the bush here. Western governments would be doing exactly the same thing to the Chinese if they had anything worth stealing.

4
0

Re: Approval?

The value of anything the Chinese may or may not have is based solely on the one doing the appraisal of the item in question. A bag of almonds may not have much value to one person, but have significant value if another were hungry.

In any event, the Chinese, in fact, now have something worth stealing. The fact they have the information cannot be changed and any retaliation will not change it either. All that can be done is to stop future incursions into American systems.

However, from what I have seen, first-hand as well as in the media, suggests that bolstering our networks will not happen anytime soon. Far too many administrators roll-out security as if it were a set-it-and-forget-it item.

0
0
Silver badge
Headmaster

Re: "I'm not so sure." Indeed, it is in fact not necessarily obvious..........

...........that the assumptions we so often see reported in the press accurately reflect the motivations behind this particular raid.

It is possible that it was straightforward industrial espionage carried out on behalf of a Chinese company operating in the same area. The automatic assumption that if it has anything to do with China then it must be a government-sponsored attack pursuing a cyber-war agenda is nothing more than just that, an assumption. The assumption may indeed sometimes be correct, however it is highly likely that the situation is more complex and varied than tabloid headlines would suggest. However, it is certainly perfectly possible that private criminals might use this information to carry out a "your money or your networks attack" as indicated in the article.

3
0
Anonymous Coward

Re: Approval?@Beau

"this would only be happening with government approval..."

"I'm not so sure, remember China is BIG...."

*French* government approval!

0
0
Gold badge
Unhappy

"smart grids" Now *all* your generating capacity *and* users belong to us.

You can expect they can add the UK to their portfolio. market leader -> economies of scale -> lower (ish) prices per unit.

Of course the hardware will be made in China anyway.

1
0
Bronze badge

Re: "smart grids" Now *all* your generating capacity *and* users belong to us.

In effect, the raiders are just relinking their remote nodes to the mothership.

0
0
Silver badge
WTF?

So much for the vaunted US Cybersecurity!

Once again, the US is vulnerable because it assumed it was more secure than reality.

Same in Pearl Harbour and 2002 - bullshit baffles brains (and politicians). Send in the drones.

4
0
Devil

Buckle up kids

We are gonna start shooting the 1's and 0's at the PRC next.

0
0
Silver badge
FAIL

Re: Buckle up kids

We already are. APNIC recieved the 1.0.0.0/8 block and we've all read about the amount of traffic directed at 1.1.1.1. Hell, they probably have a zSeries IBM running Wireshark. Hell, it's probably aready been paid for.

0
0
Anonymous Coward

My Smart meter is suddenly reading something like

现在我们已经为你

and the lights are flickering

10
0
Silver badge
Meh

That's Odd

Mine is now reading:

Send $100,000 to &%^*$%* if you want your power back on. Tell the cops and you'll never have elecricity again. Mmmhhaaaa

3
0
Bronze badge

Damn you! That's what was going to post.

1
0
Silver badge

and then a skeleton pops out

0
0
Bronze badge

"They've locked on to my TRIcorder...

SpPHISHticated in their methods.... "

Cue the slow leadup and fight audio music of the episode "Arena", and keep repeating, "IF he has the TIME. If he has the TIME, Doctor."

0
1
Coat

Huh

Just checked mine. It says "All your erectrons are berong to us."

Mine's the one with the VHS of Peter Sellers as Dr. Fu Manchu.

0
0
Anonymous Coward

What is...

... a "hydrocarbon movement"? (genuine question)

A cousin of the "bowel movement" perhaps, only with methane?

4
0
Anonymous Coward

Re: What is...

I don't know about you, but most of my bowel movements already involve methane.

1
0
Boffin

"[Our systems...] control transmission and distribution of over 140,000 GWh ..." - shouldn't this be "GW", not "GWh"?

0
0
Anonymous Coward

@Alex71

Don't worry, GWh is just fine.

0
0
Trollface

Given the already apparently fragile state of US power grids, I'd wager that the Chinese would rather go for a target that isn't already prone to falling over en masse by itself on occasion.

However, it does go to show that industry still seems to be lagging somewhat on security implementation, even if the resources are out there to do so. Maybe the US could divert more of its grotesquely huge war budget to securing it's online presence? Cyberpace could be the new Wild West, give em a chance to feel all pioneering and brave again! ;O)

1
0
Anonymous Coward

Or maybe ...

... they think the grid in the UK is managed better and want to copy it. I mean, good grid management saves a lot of {energy and money|energy|money}.

1
0

2 months down the line this will turn out to have been a viral marketing campaign for Die Hard 5.

2
0
Bronze badge

Blocking the Chinese windfarm bid?

Is this in any way connected to Barack Obama's block on Chinese wind turbines?

www.telegraph.co.uk/finance/china-business/9575539/Barack-Obama-blocks-Chinese-bid-for-US-windfarm-on-national-security-grounds.html

1
0
Anonymous Coward

Re: Blocking the Chinese windfarm bid?

Or it could be connected to Britain's growing use of windfarms. China wants to increase the use of wind. Good wind is relatively cheap, and even cheaper when a country both make the turbines and can use it to displace imports, coal and gas in China's case.

It could just be _industrial_ espionage.

1
0
Silver badge

Re: Blocking the Chinese windfarm bid?

Little or nothing to do with the UK. Schneider Electric are a French company, Telvent is its Spanish subsidiary (see laughable press release about security at botton, BTW), and offices in the US and Canada were hacked.

It's nigh on certain that some UK power companies have Telvent and Schneider kit installed, but the Chinese won't be hacking Telvent for any UK angle. At the moment the Chinese and Russians are most welcome by the British government because they are the only people who look likely to invest in the proposed nuclear programme. Why hack when you can just wave a bunch of used fivers and be invited in?

Now laugh at this:

http://www.telvent.com/en/business_areas/environment/news_center/2012/Telvent-Partners-with-Industrial-Defender-on-Cybersecurity-for-SCADA-and-ADMS-Solutions.cfm

0
0
Anonymous Coward

Time...

...to change that password 'password' to something else.

0
0
Bronze badge

Re: Time...

Password1 is used at work

0
0
Bronze badge
Mushroom

The Green Party will buy the plans,disabling all non eco-freindly sources thus making you go back to cycling,washing by hand,having wood burning stoves and using candles for light.

1
1
WTF?

Smart, very smart!

I dont know, but i think critical infrastructure like the power grid for example should under no circumstances have its command and control systems connected to the damn internet.

Sure it's convenient and connectivity is cheap but the power grid is far to important to trust to anything less than a dedcated, encrypted, access controlled network that is completely isolated by firewalls and an airgap from the open internet.

That way you could *give* the hackers all the tech details they want, without the appropriate access control hardware and connection details the infornation is worth nothing

2
0
Stop

Bad Analysis

You are essentially calling for an "energy gird control intranet". It suffers the weakness of all intranets - a single "accidential" connection to the outside world will compromise it.

Sneaking into a (say) foreign transformer station and plugging in a mobile phone plus a flat-rate data SIM card is within the capabilities of at least 50 nations. Then mess with the "secure intranet" for the next five weeks, until the losers stumble upon the phone while investigating a short circuit caused by a rodent.

No, the whole control net needs resilience, lots of independent zones which are each strongly firewalled. And it does not hurt to route the control traffic over the internet if it is strongly encrypted and the tunneling software properly done.

The problem lies with the cavalier attitude of the leadership. Security does not bring higher quarterly results.

2
0
Facepalm

Re: Bad Analysis

If someone can sneak into your facility and connect random gear to your network then you fail at security on several levels.

First the lack of security at a site, even a simple microswitch on a cabinet door alerting the control center of an unauthorised opening of an electrical cabinet is all it takes to thawte this type of attack. The controllers would know of any impending maintainance on a cabinet and could dispatch security and a technician to check the site as soon as the alarm goes off.

Secondly the lack of network access control. If your ultra secure and critical network allows random gear to be connected and have it just work with full access to everything then you have issues. I have wifi access to my home lan and i have a list of MAC addresses that are whitelisted, its not hard to configure. Being able to just plug in a piece of gear and have it work is just poor security.

Then the firewalls and vpn routing over the public internet. The only way to stop a Zero-Day exploit attack on critical infrastructre is an air gap. State sponsored actors will have the means to exploit unknown vulnerabilities on hardware and software. If they cant physically connect to it then they cant atrack it.

0
0
Silver badge

Re: Bad Analysis

"If someone can sneak into your facility and connect random gear to your network then you fail at security on several levels."

As the OP suggested, you just need any point of access. Your assumption that you can successfully monitor every remote site shows a disregard for the costs and practicality (speaking as a former employee of a grid operator). If somebody has the will to do it, then you'll find that they won't be thwarted by a bit of common or garden car-alarm technology. Maybe you'd want to up the defensive stakes, but the point remains that you can't guard all of a public infrastructure, as metal thieves regularly demonstrate, despite remote monitoring by a 24 hr control centre.

0
0
Bronze badge
FAIL

Ignoramuses

Everything connected to a power distribution control system should be by wire, preferably with extra shielding - absolutely no WiFi or similar - and fully disconnected from the normal office network and the internet. Any connected system or workstation not within a secured and guarded room should have its CD and floppy disk drives removed and any serial, parallel, or USB ports plugged with epoxy. Even better, the internal disk drive should be removed and the storage be supplied by NFS or iSCSI from servers within the above mentioned secured and guarded room. Measures need to be in place to ensure physical network security and integrity as well. Engineers and technicians who don't want to have to come to the installation to work need to find other employment. Have we learned nothing from the Iranians' atomic energy "misfortune?"

0
0
Go

Re: Ignoramuses

having seen parts of a power control network, I think they have a few tricks up their sleeves that you haven't considered, although in other areas you take it to the logical extreme that they aren't willing to do.

but shielding is not required when you use fibre for everything, and they use that for electrical isolation as well for security.

actually maybe their designs could be considered shielding, as site to site fibre comms has the fibre embedded in the high voltage wire, effectively shielding the fibre optics from miscreants with 115kV.

still nothing is perfect and they still run around with laptops to deal with the control grid and these devices still connect to the main corporate intranet and the internet i'm sure. still don't think it'd be trivial to attack remotely though.

0
0
Silver badge

Re: Ignoramuses

And what about miscreants with a power-grinder? 115kv hitting the floor will fry the fibre optics anyway.

0
1
Anonymous Coward

So much for all those naysayers who don't believe in cyber terrorism

It won't be long before serious cyber terrorism is common and painful for most of society. Being naive will get you killed.

0
0

This post has been deleted by its author

Bronze badge

Re: but people at the top need to be...

Hung by the balls from a 230kV line, close enough to the ground to draw a nasty spark on a humid day.

0
0

A bit of wisdom that was given to me years ago...

If your product is only considered secure with the confidentiality of the source code, plans, diagrams, etc... It wasn't secure to begin with.

Granted, developing an exploit may be easier if you have access to design materials, but the hole/bug/vulnerability itself was already present.

1
0
Anonymous Coward

Re: A bit of wisdom that was given to me years ago...

Perhaps it's obvious to everybody else, but why does a machine with confidential plans on it need to be connected to the rest of the world via the internet? Can they only afford *one* PC for the entire company?

0
0
Mushroom

options

Even Chinas leaders acknowledge that their current course is unsustainable, hence purchasing huge swathes of agricultural land in Europe, South America and Africa. It is therefore likely there will be some type of conflict as they try to protect their interests, hence the stealth jets, aircraft carriers etc. They are looking to widen their reach. A few years ago a college suggested several options in regards to the increasing military use of cyber attacks and espionage by the Chinese, all of which points to a conflict in the next 150 years.

To avoid this there are several options that should be taken now.

Completely excluding them from the world wide web. whether physically or shutting them out via firewalls and excusion of chinese characters in operating systems and browsers.

Blockade all trade and technology transfer to China.

Imposition of a political ban on the Communist party and their little Princlings who like living in the west, fake or bought degrees from Harvard and Ferraris paid for by graft.

A population cull

and his most extreme suggestion being the "Nuclear option"

0
0
This topic is closed for new posts.