Not Even Nuclear Plants Are Safe from Hackers

Ubisoft’s “Watch Dogs” video game series is about a hacker who can cut off electricity, blow up pipes, make cars stop and traffic lights go wild just by using his smartphone. The game’s developers did their research about what might be possible in the next 5-10 years in order to give a sense of authenticity to the game. And now just 3 years past from its release, its vision of everything being connected, and thus hackable, is a threat that looms ever and ever closer. From WiFi-capable smart home devices to factories and nuclear plants, nothing is safe from cyber criminals.

Nuclear Power Plants Under Attack

Recently, there was news of hackers attempting to infiltrate the systems of U.S. nuclear power plants. The FBI and the Department of Homeland Security suspect Russian-backed hackers behind the attacks, but there is no identifying evidence so far on the hackers.

“But what if they can make power plants go BOOM from half a world away?” You might think. There is no such danger because the U.S. power plants are intentionally separated from any online network. There are serious security measures inside the plants - no outside thumb drives, laptops, and phones are allowed inside. The equipment used inside the plants cannot be accessed from the outside in any way. By using special data diodes, data is allowed to go outside from the plant, but nothing is permitted to go inside. Outbound information includes security and monitoring-related data.

The currently ongoing hacking series which are being committed since May were targeting companies related to operating nuclear power plants, including Wolf Creek. Such companies have an obligation of reporting cyber-attacks targeting their infrastructure to the Nuclear Energy Institute, and none of the currently operating plants reported such incidents recently.

Methods used by hackers

So what were the hackers after? We don’t know yet. It seems they were trying to target specific industrial engineers with access to critical systems. If those were compromised, the virus could manipulate them to cause explosions, spilling of dangerous chemicals and other severe consequences. The hackers were clever - they crafted highly specialized fake résumés targeted to specific senior engineers, with the hopes of these files being viewed. The files were Word documents loaded with malicious VBA codes and macro, which could compromise their systems and spread on their networks in the hopes of somehow being carried over to internal systems. Such attacks already happened in 2008 and 2009, when Stuxnet was used to destroy or disrupt Iran’s nuclear centrifuges, resulting in the dropdown of energy produced.

Other attack methods used with the U.S. plants included “man in the middle” attacks, redirecting their victims’ internet traffic between the source and destination, and in other cases, they used “watering hole” attacks to hijack websites frequented by the victims. None of these were hugely successful. Because of this, the investigators working on the case suspect that the intention of the ongoing attempts is to explore the computer infrastructures for possible vulnerabilities.

Consequences of Cyberattacks

Since some of the NSA’s own cyber weapons were stolen in similar attacks, every power plant and municipal service provider has to take computer security very seriously. President Trump is aware of this serious issue and on May 11, 2017, signed a cybersecurity executive order, with the goal of bringing every department and important facility to work together on updating systems, protecting their networks and preventing data breaches. The latter is especially important in the wake of the recent, huge data breach where the important personal details of 200 million U.S. voters were published online.

The hugely increasing amount of smart home devices is also a concern - most of those are insecure, use outdated firmware or send sensitive data to third parties. These companies are often hacked or their data is stolen, thus hackers gain access to most of their stored data - a recent such example is when a CloudPets teddy bear’s more than 800,000 e-mail addresses and 2 million messages were leaked. Such devices are also often hijacked and used to create botnets which in turn attack important services and websites, making those unreachable due to overloads.

As we can see from all of the above, the near future predicted by Watch Dogs isn’t that improbable - in fact, it is even closer than we might think.

BeepWee