Researcher: Power grid hackers likely got inside by attacking PCs

'Plenty of PCs have been compromised' in different industries, critical or not, says Roger Thompson

The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said Wednesday.

"Any computer connected to the Internet is potentially vulnerable," said Roger Thompson, the chief research officer of AVG Technologies. "Getting to the actual infrastructure devices directly, that's always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised."

According to a report earlier Wednesday in The Wall Street Journal, unnamed national security sources say that hackers from China, Russia and elsewhere have penetrated the U.S. power grid, extensively mapped it and installed malicious tools that could be used to further attack not only the electrical infrastructure, but others as well, including water and sewage systems.

The discoveries were made by U.S. intelligence agencies, not the utilities' security teams, The Wall Street Journal said.

"I'm a bit bothered by all the anonymous sources [in the The Wall Street Journal story], one unnamed source here and another unnamed source there," said Thompson. "But I think there's a high likelihood that it has a strong basis in fact. Any infrastructure device that's connected to the Net is potentially hackable."

It's more likely, he added, that the power grid hackers exploited the same kinds of vulnerabilities -- but not the exact same bugs -- that have plagued consumers and businesses who run Microsoft Corp.'s Windows and its Office application suite.

"I have no doubt that there's been this kind of attack, or attempt to attack, for quite some time," said Thompson, "perhaps using the same kind of Office zero-days that have been coming out." In security parlance, a "zero-day" exploit is one that leverages an unpatched vulnerability Vulnerabilities in Microsoft's Office -- typically file format flaws that let attackers hijack a PC by duping users into opening a malformed Word, Excel or PowerPoint document -- are often used in targeted attacks that focus on just one company or organization, or even on only a few top-level executives in that company. The hackers' rationale: Get control of a senior official's machine because that's where the most important, and salable, information is located.

Microsoft has released two security advisories in the last six weeks for unpatched Office vulnerabilities that are already being exploited in similar targeted attacks. Neither the Excel bug, which was revealed in late February, or the more recent PowerPoint vulnerability, have been patched by Microsoft.

"[The general anti-virus industry] never ever get to see the best zero-days," Thompson continued. Although the community is well-known for sharing samples, there are always cases where a victimized organization -- a government agency, for example -- refuses to share the attack code with others for analysis. "You'll ask for a sample, and he'll say, 'Well ... no, I'm not allowed'," said Thompson.

Although information about Conficker, the 2008 worm that infected millions of PCs in 2009, was shared in the security community, Thompson cited it as an example of the kind of malware that poses a threat to any Windows machine, no matter whether it's in a home or running on the network of a major power utility. "Conficker, for example, was primarily a business problem, not a consumer problem, because it spread so easily across network shares," he said.

But there is a silver lining to the The Wall Street Journal report, Thompson argued. "I doubt that the problem is that serious," he said. "Because the worst hack is the one you don't discover. But even if it's exaggerated, it behooves us all to be careful and thoughtful about our critical devices."

Tags hackersUS electricity gridcybercrimemalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?