Researcher: Power grid hackers likely got inside by attacking PCs

'Plenty of PCs have been compromised' in different industries, critical or not, says Roger Thompson

The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said Wednesday.

"Any computer connected to the Internet is potentially vulnerable," said Roger Thompson, the chief research officer of AVG Technologies. "Getting to the actual infrastructure devices directly, that's always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised."

According to a report earlier Wednesday in The Wall Street Journal, unnamed national security sources say that hackers from China, Russia and elsewhere have penetrated the U.S. power grid, extensively mapped it and installed malicious tools that could be used to further attack not only the electrical infrastructure, but others as well, including water and sewage systems.

The discoveries were made by U.S. intelligence agencies, not the utilities' security teams, The Wall Street Journal said.

"I'm a bit bothered by all the anonymous sources [in the The Wall Street Journal story], one unnamed source here and another unnamed source there," said Thompson. "But I think there's a high likelihood that it has a strong basis in fact. Any infrastructure device that's connected to the Net is potentially hackable."

It's more likely, he added, that the power grid hackers exploited the same kinds of vulnerabilities -- but not the exact same bugs -- that have plagued consumers and businesses who run Microsoft Corp.'s Windows and its Office application suite.

"I have no doubt that there's been this kind of attack, or attempt to attack, for quite some time," said Thompson, "perhaps using the same kind of Office zero-days that have been coming out." In security parlance, a "zero-day" exploit is one that leverages an unpatched vulnerability Vulnerabilities in Microsoft's Office -- typically file format flaws that let attackers hijack a PC by duping users into opening a malformed Word, Excel or PowerPoint document -- are often used in targeted attacks that focus on just one company or organization, or even on only a few top-level executives in that company. The hackers' rationale: Get control of a senior official's machine because that's where the most important, and salable, information is located.

Microsoft has released two security advisories in the last six weeks for unpatched Office vulnerabilities that are already being exploited in similar targeted attacks. Neither the Excel bug, which was revealed in late February, or the more recent PowerPoint vulnerability, have been patched by Microsoft.

"[The general anti-virus industry] never ever get to see the best zero-days," Thompson continued. Although the community is well-known for sharing samples, there are always cases where a victimized organization -- a government agency, for example -- refuses to share the attack code with others for analysis. "You'll ask for a sample, and he'll say, 'Well ... no, I'm not allowed'," said Thompson.

Although information about Conficker, the 2008 worm that infected millions of PCs in 2009, was shared in the security community, Thompson cited it as an example of the kind of malware that poses a threat to any Windows machine, no matter whether it's in a home or running on the network of a major power utility. "Conficker, for example, was primarily a business problem, not a consumer problem, because it spread so easily across network shares," he said.

But there is a silver lining to the The Wall Street Journal report, Thompson argued. "I doubt that the problem is that serious," he said. "Because the worst hack is the one you don't discover. But even if it's exaggerated, it behooves us all to be careful and thoughtful about our critical devices."

Join the PC World newsletter!

Error: Please check your email address.

Tags hackersUS electricity gridmalwarecybercrime

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?