Computer security experts at the Central Intelligence Agency, the National Security Agency, and the Homeland Security Department are examining samples of malicious software recovered from the networks of a power company in western Ukraine, which said on December 23 that a large area of the country had been left without electricity due to "interference" in its systems. Approximately 700,000 homes were without power for several hours, The Daily Beast wrote.
If the blackout is positively attributed to the work of hackers, it will be the first documented case of a cyber attack on an electrical power facility that led to a loss of electricity. While hackers are suspected of having caused a blackout at least once in the past, there has never been a publicly confirmed case with technical data to back it up.
"It is a milestone," John Hultquist, the director of cyber espionage analysis at computer security company iSIGHT Partners, which is analyzing hacking tools used in the intrusion, told The Daily Beast.
A confirmed cyber attack that caused a power outage would put pressure on President Obama to speak publicly about the event and say whether Russia was to blame. In 2014, Obama publicly identified North Korea as the culprit in a cyber attack on Sony Pictures Entertainment that destroyed company property and exposed private communications of executives. Obama ordered sanctions on North Korea, and U.S. government hackers attacked key portions of North Korea's fragile Internet in response.
Spokespersons for the CIA and the Homeland Security Department declined to comment for this article. A spokesperson for the National Security Agency didn't respond to a request for comment. The Ukrainian government has publicly blamed Russia for the attack.
The attack in Ukraine could be a bad omen for the U.S. power grid. Malicious software that was found on the networks of the company, Prykarpattyaoblenergo, was also used in a campaign targeting power facilities in the U.S. in 2014. It caused no damage but it set off alarms across the security and intelligence agencies.
At the time, the Homeland Security Department warned companies about the malware, known as BlackEnergy, which it said had been used in a hacking campaign that "comprised numerous industrial control systems environments…"
Industrial control systems are used to regulate the flow of electricity and to remotely control critical systems at power facilities. Security experts have warned for years that they could be commandeered via the Internet and give a hacker the ability to turn off electricity to whole cities.
Among the questions the U.S. government analysts want to answer in the Ukrainian case is how exactly the hackers were able to penetrate the company's systems and whether they were acting on behalf of the government in Moscow or with its implied consent.
There is no doubt, multiple experts said, that the BlackEnergy malware that has been linked to intrusions into power facilities in the U.S. was found in the Ukrainian company's systems.
But U.S. and corporate analysts are proceeding cautiously given the momentousness of the event and the geopolitical implications of the Russian government's involvement or complicity in a historic act of aggression. They're also aware of the fact that most power outages in the U.S. ultimately attributed to natural causes, such as storms and overgrown tree limbs, and that for all the hand-wringing about cyber attacks on the grid there has never been a proven instance. An outage in Brazil that was attributed to hackers was later said to be caused by dirty equipment.
Experts in government and at at least three security companies are still compiling technical data that would show conclusively that the blackout was the result of a malicious cyber attack and not some other factor, such as human error or a mechanical failure.
