In December, the computers at a power station in western Ukraine took on a life of their own. Operators watched in complete bemusement as cursors began to operate seemingly of their own free will and took offline a substation – meaning thousands of people were left without heat or light. The hackers continued with their attack and eventually around 30 substations were taken offline that evening, plus back-up services. Investigators subsequently discovered that this hack attack on the national power grid had been months in the planning, as was evident by the skilled and sophisticated execution of the assault.
Inevitably, considering the current climate, the blame was quickly levelled at Russia – though it could have been any group with the requisite level of knowledge and expertise, seeking to rattle the already fraught relationship between the two states. There are many lessons to be learned from this incident, not least the importance of updating security measures. Fact is, remote access to the network did not employ two-factor authentication and other outdated cyber safety measures meant hackers were able to use quite archaic methods to overwrite firmware. Months after the initial breach, critical devices in many of the substations still do not respond to remote commands. Luckily for investigators, an extensive collection of firewall and system logs has meant they are able to reconstruct many of the breach events.
Read the full story at http://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/