Homepage / Technology / Hackers are targeting nuclear facilities, Homeland Security and FBI say
Business Online Solutions What Is a Board Analysis? The Importance of Planning and Programs Development How Board Governance Software Improves Meetings and Governance How to Craft a Successful Board Meeting Reminder Benefits of a Virtual Data Room for Bankruptcy VDR Example for Business Hong Kong ユースカジノの登録方法を初心者にも分かりやすく図解入りで解説 チェリカジ 5 Как быстро пополнить счет в Казино Х в любой валюте Официальный сайт Up X казино и мгновенные игры Paşa Casino Mobil Uygulama 2025 Giriş Üyelik Bonusu Freespin No Deposit Bonus Casino Free Spins In New Zealand What Are The Best Online Casinos For Real Money Pokies And Bonuses In Australia Дэдди Казино официальный сайт Джойказино: информация про официальный сайт Glory Casino giriş için buraya tıkla ve Türkiyede en popüler casino kullanıcısı ol Les Gambling establishments en Ligne en France 2024 200% Reward + 300 Free Rotates LevelUp Internet casino Melbourne En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi Le meilleur casino en ligne franзais Extra Casino avec le dйpфt minimal le in addition bas Yeni Casino Siteleri ᐈ Çevrimiçi Kumarhaneler Mart 2024 Les gambling establishments en ligne proposent une grande variйtй de jeux de internet casino gratuits. Türkiye’deki Resmi Web Sitesi Google Play, Türkiye’de kumar oyunlarına izin verecek Her Gün Tatil Olsa ORDU’DA PAZARTESİ GÜNÜ FINDIK FİYATI NASIL? كازينو اون لاين الكازينوهات الممتازة على الإنترنت ألعاب الكازينو المباشرة مينا كازينو العر Google Play, Türkiye’de kumar oyunlarına izin verecek Domain Sorgulama & Domain Fýrsatlarý Canlı Casino Siteleri: 2024 Güvenilir Siteler Seçilmiştir Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın 1xbet Türkiye Giriş Empieza Kayıt 202 Kumar Ve Kumarhaneler Hakkında Pek İlginç 21 Bilgi Kumarhane Doğru Yazımı Nedir? Tdk Ile Kumarhane Kelimesinin Doğru Yazılışı! Mobilbahiste En İyi Kumar Bonusları Ve Kazançlar Mobilbahis Giriş Sayfası On Line Casino Siteleri En Iyi Casino Siteleri 2024 Mostbet: Türkiye’de Internet Casino Mostbet Online Slotlar Ve Canlı-casin Pin Up Casino Oyna Türkiye, Pinup’un Sah Web Sites Ifade Haberleri Son Dakika Ifade Hakkında Güncel Haber Ve Bilgiler “önceliğimiz Transferin Önünü Açmak, Görüştüğümüz Yerler Var” On Line Casino Nuh’un Gemisi Deluxe Resort & Spa, Kıbrıs The Benefits of Document Management Bonus Veren Siteler 3 000 Den Fazla Online Oyunu Ücretsiz Oyna En Tehlikeli Kumar Oyunu Ekşi Sözlük Deneme Bonusu Veren Siteler Deneme Bonusu 2024 Explore the Magic of WildCardCity Güvenilir Bahis Siteleri En İyi Kumar Siteleri Balıkesir Triatlonuna Avrupadan Ödül Tricks of the Aviator gambling establishment game by Spribe Çevrim Içi Kumar Siteleri “bonus” Yalanıyla Kandırıyor En Güvenilir Canlı On Line Casino Siteleri Xbetting-tips Com Uncovering the Abundant Tapestry of Ozwin Gambling establishment Evaluating Board Portal Providers Uncovering the Wealthy Tapestry of Ozwin On line casino Electronic Data Area Providers Evaluation Cobra Internet casino: Raising the Australian On the internet Video gaming Practical experience 4 Things to Search for in Safeguarded Cloud Safe-keeping Fastpay On line casino Australia – Simple and No-Taxation Wagering Web page officielle franзaise de Joka Gambling establishment The Software Development Universe Game Woo Internet casino – Enjoy Slot machine games around australia Ostdeutsche Biersorten What Are Virtual Data Rooms? Vitamin D Receptor Polymorphisms Revue du Casino BlackLabel Faktory, kterй ovlivnujн hodnocenн ceskэch online kasin How to Make the Most of Your Web Development Organization and Advertising Efforts L’essor des casinos en ligne en France Boost Meeting Efficiency With Boardroom Technology Developments WildJoker Casino WildCardCity On line casino – Guaranteed Australian Gambling Portal WildCardCity Casino – The Ideal On the internet Gambling establishment within australia Modern Technologies Produce Sharing Documents Online Faster and More Protect Free Virtual Info Room pertaining to Speedy Due Diligence A Review of Data Area Software For people who do buiness Five Board Bedroom Features Which will help You Acquire a More Productive Boardroom Electronic Systems To your Business Understanding Legal Terms and Laws in Today’s World The Laws and Contracts of Hollywood: A Sunset Blvd. Tale Legal Discussion Between Johnny Cash and Antonin Scalia Legal Insights: What Teens Should Know Legal Issues and Exceptions: What You Need to Know Legal Insights and Expert Analysis Celebrity Dialogue: Legal Matters in the 21st Century Famous Personalities Discuss Legal Issues The Boys in the Boat: Legal Advisors and The Quest for Legal Knowledge Understanding Legal Matters: Q&A on Criminal Law, Joint Ventures, and More Enticing Title The Departed: Understanding Basic Work Requirements and Legal Rights Youth Slang Blog Article Legal Insights: A Journey into the World of Law The Ins and Outs of Legal Matters: Everything You Need to Know Legal Insights and Trends: A Rap Guide Mysterious Legal Matters Unveiled Insights and Information: Understanding Various Laws and Regulations Famous People of the 21st Century

Technology

Hackers are targeting nuclear facilities, Homeland Security and FBI say

Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.

Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., according to security consultants and an urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation last week.

The joint report was obtained by The New York Times and confirmed by security specialists who have been responding to the attacks. It carried an urgent amber warning, the second-highest rating for the sensitivity of the threat.

The report did not indicate whether the cyberattacks were an attempt at espionage — such as stealing industrial secrets — or part of a plan to cause destruction. There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached.

Wolf Creek officials said that while they could not comment on cyberattacks or security issues, no “operations systems” had been affected and that their corporate network and the internet were separate from the network that runs the plant.

In a joint statement with the F.B.I., a spokesman for the Department of Homeland Security said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”

The hackers appeared determined to map out computer networks for future attacks, the report concluded. But investigators have not been able to analyze the malicious “payload” of the hackers’ code, which would offer more detail into what they were after.

John Keeley, a spokesman for the Nuclear Energy Institute, which works with all 99 electric utilities that operate nuclear plants in the United States, said nuclear facilities are required to report cyberattacks that relate to their “safety, security and operations.” None have reported that the security of their operations was affected by the latest attacks, Mr. Keeley said.

More from the New York Times:
Hacker who aided Russian intelligence is sentenced to 2 years
Private not state hackers likely to have targeted UK parliament: Sources
Hacks raise fear over NSA’s hold on cyberweapons

In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.

The origins of the hackers are not known. But the report indicated that an “advanced persistent threat” actor was responsible, which is the language security specialists often use to describe hackers backed by governments.

The two people familiar with the investigation say that, while it is still in its early stages, the hackers’ techniques mimicked those of the organization known to cybersecurity specialists as “Energetic Bear,” the Russian hacking group that researchers have tied to attacks on the energy sector since at least 2012.

Hackers wrote highly targeted email messages containing fake résumés for control engineering jobs and sent them to the senior industrial control engineers who maintain broad access to critical industrial control systems, the government report said.

The fake résumés were Microsoft Word documents that were laced with malicious code. Once the recipients clicked on those documents, attackers could steal their credentials and proceed to other machines on a network.

In some cases, the hackers also compromised legitimate websites that they knew their victims frequented — something security specialists call a watering hole attack. And in others, they deployed what are known as man-in-the-middle attacks in which they redirected their victims’ internet traffic through their own machines.

Energy, nuclear and critical manufacturing organizations have frequently been targets for sophisticated cyberattacks. The Department of Homeland Security has called cyberattacks on critical infrastructure “one of the most serious national security challenges we must confront.”

On May 11, during the attacks, President Trump signed an executive order to strengthen the cybersecurity defenses of federal networks and critical infrastructure. The order required government agencies to work with public companies to mitigate risks and help defend critical infrastructure organizations “at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”

The order specifically addressed the threats from “electricity disruptions and prolonged power outages resulting from cybersecurity incidents.”

Jon Wellinghoff, the former chairman of the Federal Energy Regulatory Commission, said in an interview last week that while the security of United States’ critical infrastructure systems had improved in recent years, they were still vulnerable to advanced hacking attacks, particularly those that use tools stolen from the National Security Agency.

“We never anticipated that our critical infrastructure control systems would be facing advanced levels of malware,” Mr. Wellinghoff said.

In 2008, an attack called Stuxnet that was designed by the United States and Israel to hit Iran’s main nuclear enrichment facility, demonstrated how computer attacks could disrupt and destroy physical infrastructure.

The government hackers infiltrated the systems that controlled Iran’s nuclear centrifuges and spun them wildly out of control, or stopped them from spinning entirely, destroying a fifth of Iran’s centrifuges.

In retrospect, Mr. Wellinghoff said that attack should have foreshadowed the threats the United States would face on its own infrastructure.

Critical infrastructure is increasingly controlled by Scada, or supervisory control and data acquisition systems. They are used by manufacturers, nuclear plant operators and pipeline operators to monitor variables like pressure and flow rates through pipelines. The software also allows operators to monitor and diagnose unexpected problems.

But like any software, Scada systems are susceptible to hacking and computer viruses. And for years, security specialists have warned that hackers could use remote access to these systems to cause physical destruction.

Source: Tech CNBC
Hackers are targeting nuclear facilities, Homeland Security and FBI say

Comments are closed.