
Hackers lie in wait after penetrating US and Europe power grid networks - chha
https://arstechnica.com/information-technology/2017/09/hackers-lie-in-wait-after-penetrating-us-and-europe-power-grid-networks/
======
kens
Physical attacks on the power grid are also a big concern. In 2013, there was
a sophisticated, multi-person attack on a large Bay Area electrical
substation. The attackers cut fibre optic cables and shot transformers,
causing $15 million of damage. It's unknown who did this or why.

[https://en.wikipedia.org/wiki/Metcalf_sniper_attack](https://en.wikipedia.org/wiki/Metcalf_sniper_attack)

~~~
tosser350
A practice run based on this most likely

[http://imgur.com/a/RdPTK](http://imgur.com/a/RdPTK)

------
SomeStupidPoint
Chickens. Roost. Etc.

I guess the thing to say is this: our technical, electrical, and other modern
infrastructure seems to be in similar state to our roads and bridges -- it was
once very good, but after a generation of cheaping out on investments and not
managing or maintaining it appropriately, it's full of problems and cracks.

So whatever your opinion about roads, it's probably appropriate here too --
and for much of modern infrastructure.

~~~
Chaebixi
I don't think that's entirely accurate. It's not like the assets decayed due
to lack of maintenance; they're more or less the same as they always were.
It's just that they were never built to handle security requirements that are
now required.

~~~
lightedman
Half of those security requirements wouldn't even be requirements if they'd
stop being lazy and quit relying upon the internet for everything. Actual
human presence at sufficient levels to ensure operation and security, at all
times. Voice verification up the chain, airgapped. Sure it's slow but it works
and doesn't leave your critical infrastructure open to easy attack.

------
basicplus2
This sort of communication should not be on the internet. Power companies
already have infrastructure to run their own dedicated comms. This is just
plain stupid.

------
akeck
Stories like these remind me of the pilot of the "new" Battlestar Galactica
(2004), in which the modern info systems have been compromised prior to the
initial attack and everything except the oldest fighters goes dark
immediately.

------
csense
The US blackout of 2003 caused a fair amount of economic losses (mostly
spoiled food due to dead refrigeration) and ~12 deaths (about 0.00003% of the
affected people). It was a minor annoyance and life goes on. I'm hoping that's
the most these hackers would be able to do.

The question is, at what point does the hacker threat turn from a minor
annoyance like this, where for most people life is back to normal in a few
hours - days, to a serious threat to our civilization -- can they keep the
network down long enough that food and fuel production / distribution is
affected to the point that 1%, 10%, 50% of the affected population dies? Can
they permanently destroy so many generators / wires / transformers so that
available repair crews and equipment stockpiles are exhausted and entire towns
are without power for months? Can they send massive over-voltages over power
lines to destroy all plugged-in electronic devices in every home and business,
and create widespread explosions and fires at the push of a button?

[1]
[https://en.wikipedia.org/wiki/Northeast_blackout_of_2003](https://en.wikipedia.org/wiki/Northeast_blackout_of_2003)

~~~
Caveman_Coder
> "Can they send massive over-voltages over power lines to destroy all
> plugged-in electronic devices in every home and business, and create
> widespread explosions and fires at the push of a button?"

No, that's isn't how it works.

------
lithos
I don't get why they would bother actually using a controlled website to
actually distribute malware. It seems more valuable to just sit on it to
collect user information. Eventually on of those websites will also do
something unsound like storing passwords as plain text, or a vulnerability
that can get you the passwords will come up.

