Data Backup Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

How Hackers Used Software and Brute Force to Hack Ukrainian Power Companies

Hackers can use all sorts of sophisticated hacking tools, including software and hardware, to gain entry to any of their targets. Whereas viruses and backdoors were once popular methods for carrying out the initial intrusion, today's hackers primarily use malware. But there's another method as well: the brute force attack. It's been tried in the past and, as recent efforts show, it remains a viable means of causing havoc and damage in our highly advanced IT system.

Using Malware to Gain Entry

A cyberattack launched in late 2015 in the Ukraine is still being used to highlight the dangers posed by motivated hackers. The attack targeted two major power companies in the country and ultimately resulted in 30 substations going offline and 200,000 customers being left in the dark - literally and figuratively.

Following a complete investigation, multiple independent security agencies have confirmed malware known as Black Energy 3 and KillDisk were both used in the attacks. However, the software was only a small portion of the entire act.

Robert M. Lee, who played a critical role in the investigation, noted the complex nature of the cyberattack. He was quoted as saying: "In terms of sophistication, most people always malware. To me what makes sophistication is logistics and planning and operations and what’s going on during the length of it. And this was highly sophisticated."

Brute Force Comes Into Play

Once the malware was installed onto targeted systems, it was just a matter of time before the hackers were ready to go. At this point, they were able to access the internal networks of the two popular service providers and manually trigger a series of circuit breakers. It was this final act of brute force that resulted in the loss of power for hundreds of thousands of customers.

Although it was technology that initially helped the hackers gain entry, it was their subsequent control over human-controlled equipment at various physical locations that gave them the ability to affect the general population. While it might not have been brute force in the traditional sense, the attack is far different than your standard denial-of-service campaign.

Coincidentally, another part of the hackers' strategy did involve a denial-of-service attack. Once the initial blow had been dealt, the hackers immediately followed up by initiating denial-of-service attacks on the phone systems themselves. This move severely impeded the companies' ability to receive phone calls from affected customers.

Yet another part of the attack involved overwriting firmware on some of the components installed on the targeted substations. This left them unable to accept remote commands from field operators.

The actually power outage didn't last long. In fact, nearly every customer had their power restored within six hours. However, it took months for investigators to complete their reports and an equal amount of time for the targeted companies to restore complete functional to their control centers.

A Warning Sign of Things to Come

While this was the first cyberattack to ever successfully take down a nation's power grid, there have been numerous attempts - with varied success - since then. If nothing else, this event should serve as a warning to companies and consumers alike.


No comments yet. Sign in to add the first!