back to article Malware 'clearly' behind Ukraine power outage, SANS utility expert says

It is 'clear' the power outages experienced in the Ukraine last December were caused by a series of network-centric attacks against multiple utilities, says SANS industrial control system expert Michael J. Assante. The former chief security officer of the North American Electric Reliability Corporation, who previously oversaw …

  1. Anonymous Coward
    Anonymous Coward

    And over here in the UK

    "Smart Meters! Yeah, let's do that!"

    Basically the concept coming from various fuckwits in the UK with no clue to the risk they're introducing. Good one guys. :( /s

    1. Captain Badmouth
      Coat

      Re: And over here in the UK

      To add insult to injury the various meter designs appear to be incompatible, so if you want to change energy supplier you may have to change your meter! Wonderful govt. clusterf*ck in the making.

      Mines the one with the power factor correction cap. in the pocket, they probably think they save money as well.

  2. Anonymous Coward
    Anonymous Coward

    If you do not want to fight with missiles...

    Electricity and gas a weapons. Used by both sides too (Ukraine threatening transit and Russia threatening supplies on a daily basis).

    Where Ukraine did not have the capacity to use computer attacks it has used dynamite: http://www.bbc.co.uk/news/world-europe-35204304.

    They also did it first and pretended to "investigate" so this looks like a tit-for-tat retaliation.

    1. Ossi

      Re: If you do not want to fight with missiles...

      In the words of Ben Goldacre, I think you'll find it's a bit more complicated than that. You talk about the sides as if they're monoliths ("Ukraine" used dynamite). Both the Russian hackers and the Crimean activists might have been acting under government orders, but equally might have been acting independently or under the direction of one arm of the state without the knowledge of the rest of the government. If you don't know which it is, best to just leave it at 'I don't know'.

      Sweeping statements are used by one side to blame the other side and justify their actions. But if you actually hope to understand what's going on, best to be more nuanced.

      1. DougS Silver badge

        Re: If you do not want to fight with missiles...

        I think when one is not familiar with another country/culture it is easy to mentally homogenize them into one entity. I live in the US so I'm familiar with the various groups and their leaning/motives. Thus I would know that if an abortion clinic was bombed it is probably white evangelical conservatives, not ISIS. Likewise if a black church was bombed it was probably the KKK or similar racist group.

        But while I know about the Sunni/Shia conflict I don't pretend to understand it well enough to grasp the nuances when something happens over there that a resident of Iran or Iraq or Saudi Arabia would easily see. In this case, Ukrainian utilities were attacked so it is easy to assume it was "Russia" that did it.

        But as pointed out it could be officially sponsored by Russia, sponsored by some branch (like when the CIA does things the rest of the US government isn't kept in the loop on) or Russian nationalist hackers. It could be some Ukrainian hackers who don't support their current government (i.e. the pro-Russia side, which is usually ignored in western media) It could even be a wildcard like the Chinese or North Koreans wanting to stir up trouble for their own reasons, or the US or other western power wanting to make Russia look bad to weaken Putin.

        Unfortunately that homogenization is why you see extremists in the west equating Islam to terrorism. If you aren't familiar enough with the players, it is easy to paint them all with the same brush, so it easy for people to believe - especially in the US where a lot of conservatives seem to pride themselves on thinking America is the only country that matters and remaining ignorant of the rest of the world as a point of honor. ISIS of course does exactly the same thing, telling their followers that the entire western world is waging war on not on Al Qaeda or ISIS, but Islam.

  3. walter.bishop Silver badge
    Linux

    Yet more cyber-hacker-terror-bullshit ..

    "BlackEnergy is the handiwork of the Russian-based Sandworm Team which in October 2014 was reported to have compromised industrial control systems in the US for up to three years."

    Let me see if I understand correctly. For up to three years a US power company has allowed insecure SCADA units to be connected to the Internet. If this is so and not yet more cyber-hacker-terror-bullshit, I wonder at the level of incompetence of the people in charge.

    1. DougS Silver badge

      Re: Yet more cyber-hacker-terror-bullshit ..

      We need someone to hack the US power grid and cause some havoc before it will be taken seriously. Politicians occasionally mention it, but they aren't forcing change. The power companies won't because the cost to correct the issues cuts into their bottom line. They probably figure when it becomes a national priority the government will be providing money to secure things - and unfortunately they are probably right.

    2. Anonymous Coward
      Anonymous Coward

      Re: Yet more cyber-hacker-terror-bullshit ..

      There are more than a few SCADA entries showing up in Shodan right this very minute too. That's not good...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019