[Infowarrior] - CIA: Hackers to Blame for Power Outages

Richard Forno rforno at infowarrior.org
Sat Jan 19 00:02:58 UTC 2008 

CIA: Hackers to Blame for Power Outages

http://ap.google.com/article/ALeqM5jSw3W7MyNAF7rq8RTxcvoz76WIiwD8U8GN7O0

WASHINGTON (AP) - Hackers literally turned out the lights in multiple
cities after breaking into electrical utilities and demanding extortion
payments before disrupting the power, a senior CIA analyst told utility
engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA
analyst Tom Donahue. The U.S. government believes some of the hackers
had inside knowledge to cause the outages. Donahue did not specify what
countries were affected, when the outages occurred or how long the
outages lasted. He said they happened in "several regions outside the
United States."

"In at least one case, the disruption caused a power outage affecting
multiple cities," Donahue said in a statement. "We do not know who
executed these attacks or why, but all involved intrusions through the
Internet."

A CIA spokesman Friday declined to provide further details.

"The information that could be shared in a public setting was shared,"
said spokesman George Little. "These comments were simply designed to
highlight to the audience the challenges posed by potential cyber
intrusions."

Donahue spoke earlier this week at the Process Control Security Summit
in New Orleans, a gathering of engineers and security managers for
energy and water utilities.

The Bush administration is increasingly worried about the
little-understood risks from hackers to the specialized electronic
equipment that operates power, water and chemical plants.

In a test last year, the Homeland Security Department produced a video
showing commands quietly triggered by simulated hackers having such a
violent reaction that an enormous generator shudders as it flies apart
and belches black-and-white smoke.

The recorded demonstration, called the "Aurora Generator Test," was
conducted in March by government researchers investigating a dangerous
vulnerability in computers at U.S. utility companies known as
supervisory control and data acquisition systems. The programming flaw
was fixed, and equipment makers urged utilities to take protective
measures.

More information about the Infowarrior mailing list