Hackers were most likely behind a power outage that affected 700,000 people in western Ukraine in December 2015. What actually happened?
► Technologist spoke to Erik de Jong, head of Security Incident Response at Fox-IT, a cybersecurity firm in the Netherlands.
TECHNOLOGIST Was this really a cyberattack?
ERIK DE JONG Yes, it looks like it was a targeted attack, in which someone deliberately caused multiple power outages. Sources indicate it was a combination of malware [malicious software] used to enter the network, a denial-of-service attack to prevent customers from reporting power outages and malware designed to wipe out systems. The systems were no longer able to produce the right amount of power, causing the outage. There’s a 90 per cent chance that the attack made use of an unsuspecting bystander: an employee who clicked on an infected attachment or who was lured to a website that damaged the system.
TECHNOLOGIST What are the weaknesses of the Ukrainian electricity- supply network?
ERIK DE JONG We’re talking about an infrastructure made up of hundreds or thousands of machines that need to communicate with each other, so that is a weakness in itself. If you manage to compromise the office network, it’s usually not that difficult to jump into the production network. This is not particular to the Ukrainian situation – it’s a generic weakness.
TECHNOLOGIST Could such an attack occur anywhere in Europe?
ERIK DE JONG If a determined attacker has enough time and resources, he can do this anywhere in the world. Even if different software is involved, and electricity systems are newer, it’s very hard to secure infrastructures well enough to keep out a determined attacker.
TECHNOLOGIST How difficult is it to trace the origins of such an attack?
ERIK DE JONG It’s hard because there are many ways on the Internet to hide your tracks. You could look at which malware is being used or when the attacker is active, but a hacker could mislead you with false clues. Having said that, the malware thought to have been used in this attack is called Black Energy, and a number of experts believe it is of Russian origin.
Interview by Joe Dodgshun @