Security

Hackers Infiltrate Power Grid

April 22, 2008

Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to hack into and take over a power grid. The results were somewhat disturbing.

Ira and his team hacked the power grid in a matter of hours by using browser exploits and old-fashioned social engineering.

In order to get the power company employees to reveal sensitive access details, the hackers sent employees a fictitious email explaining that the power company was planning to cut their benefits. The email contained a link to an exploited website where employees could get “more information” – which they naturally did. After clicking the link, they were hacked.

Thereafter, the hackers had all necessary access to do whatever they wanted, including the self-destruction of power generators. According to Winkler, many of these software exploits were successful because the companies had not applied software upgrades and patches because doing so would result in system downtime.

So, should companies schedule downtime on their own schedule or wait until they are hacked and let the bad guys schedule the downtime for them? Hmm… According to Winkler, he stopped the hack within a few hours because it was painfully obvious that it was completely successful.

In June of 1998, Wired published an article called Hacking the Power Grid and here is an excerpt:

With deregulation, there is an increasing interest in energy futures trades at the commodities exchange on Wall Street. [IBM senior consultant Nick] Simicich said hackers might use social engineering techniques to obtain passwords to computers with access to the networks containing sensitive information from these sources.

It looks like little has changed… Social Engineering works because there is no patch for human stupidity.

designer

CCT

Are You Ready?

When you are ready to get more specific information about your project, click here and fill out our handy online form for a free web design quote.

Get My Free Quote

you need a website?
we can help

    order a project

    arrow

    Recent Posts

    In Web Design

    Domain Name Services fake letter.

    Security

    Domain Name Services Scam - Kind of

    Apr 22, 2008

    Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to...

    Captivating Website Design - Morehead City NC

    Security

    Web Design Basics

    Apr 22, 2008

    Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to...

    Dynamic Web Design in Morehead City NC

    Security

    Three Common Web Design Mistakes

    Apr 22, 2008

    Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to...

    arrow

    Go to our blog