McAfee, a security software company, and the Center for Strategic and International Studies in Washington, recently surveyed 600 executives and technology managers from infrastructure operators in 14 countries and came up with a report that will shock the public. In the wake of the recent explosion at a power plant in Middletown, Connecticut, for which the cause has yet to be determined, this news is especially unsettling. The survey shows that 54% of vital institutions such as power grids, water and sewage systems and oil and gas companies admitted to being hacked, and in most cases, foreign governments are the main suspects.
This isn’t the type of hacking where the hackers can only see what the companies are doing or check up on worker’s email, this is where they can cause disasters such as power outages, floods, sewage spills and oil leaks. And this is not only something we should be getting ready for in the near future, but it is already happening. Last year, Brazil experienced several power outages, and after having them investigated, it was determined that these outages were caused by hackers, yet this conclusion comes from a report that Brazilian officials have down played.
This kind of hacking has also happened in the U.S. as well. Last April, U.S. government officials said that spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems, which means that they are not 100% sure who planted them in there.
The same percent of companies also said they experienced large-scale “denial-of-service” attacks. A “denial-of-service” attack is when a computer network is knocked out of service because it is flooded with bogus Internet traffic such as spam. These attacks often caused problems such as minor service interruptions to sustained damage and critical breakdowns.
The infrastructure operators frequently said they believed foreign governments were involved in the attacks due to the sophistication of the attacks, but identifying them can be next to impossible, since computer attacks are typically routed through multiple layers of infected computers to disguise the source. Even though we can’t yet see exactly who launched the attack, we can get some clues about the attacker’s country of origin by studying the language and other signs in the malicious software’s programming.