At midnight on a December night in the year 2015, the power in the city of Kiev went out abruptly. A strange thing about the power outage was that the clock had struck precisely midnight at the time of the power cut. The time read 00:00. The timing of the black out implied that it could not be a normal blackout..mostly a planned cyber attack!
It was not a new incident as a cyber-attack in the previous year had left nearly a quarter million Ukrainians without electricity.
In the months leading to that black out night, Security researchers in Kiev had been witnessing an increasing number of cyber attacks that were being conducted with no mercy on Ukrainian companies, and even on government agencies.
For decades, there had been incessant warning that cyber crimes would reach a certain level when the harms caused by hackers will cross the digital boundary and go on to cause tangible harm. This was one of such times when physical and infrastructural damage were being seen from digital attack..
“The potential for the next Pearl Harbor could very well be a Cyber-Attack!”
Leon Panetta
What Actually Happened..
It was found that the black out was indeed a cyber attack. It was found linked to a series of other attacks and also hacking and black out in the previous years.The blackout lasted for about an hour to six hours at different locations. According to Ukrenergo, the National energy company of Ukraine, about a fifth of Kiev’s power consumption for the night was lost due to the black out. The attack was later blamed on the Russian Security Services.
The attacks were seen to be conducted from computers with IP addresses allocated to the Russian Federation. The Ukrainian power grid had been built when Ukraine was still a part of the Soviet Union, and had been upgraded with Russian parts. It had been a familiar territory in terms of technology for the Russian hackers.
Methodology used:
The attack had been carried out methodically with the following steps:
- Corporate network compromise using spear-phishing emails loaded with BlackEnergy malware.
- Command and control of SCADA systems and switching off of substation remotely.
- Denial-of-Service (DoS) attacks on call-centers so that consumers won’t be able to get updated information on the blackout.
- Destruction of IT infrastructures, such as Remote Terminal Units (RTUs), commutators, Uninterruptible Power Supplies (UPS), modems.
- Destruction of files in workstations and servers using KillDisk malware.
- Switching off of the emergency power at the operations center of the Utility Company.