Energy-Grid Company Hit by Apparent Chinese Hackers
A company that provides industrial automation technology to agencies overseeing the energy industry said its systems have been the target of an elaborate cyberattack, affecting its operations in North America and Spain.
Experts have linked clues left by the hackers to a Chinese group with a history of spying on and hacking into important Western infrastructure systems and databases.
Telvent Canada sent letters to its customers to inform them that hackers had installed malware and taken proprietary files related to key supervisory control and data acquisition (SCADA) systems used in "smart grid" technology, security journalist Brian Krebs reported.
"We do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system," the letter said.
The company added that, as a safety measure, it had "indefinitely terminated any customer system access by Telvent."
SCADA systems are large-scale industrial control systems that let human operators control entire physical systems, often spread across several sites, from a single control room. Early multi-site SCADA systems used closed networks to reach remote sites, but it's become more convenient and more cost-effective to simply hook them up to the Internet.
However, Internet connections to SCADA systems build in new vulnerabilities, which can become matters of national security if those systems are power plants, water-treatment facilities, traffic lights or other pieces of "critical infrastructure."
As Krebs points out, this incident is just the latest in a long list of examples of what can happen "when corporate computer systems at critical networks are connected to sensitive control systems that were never designed with security in mind."
A Senate bill forcing critical-infrastructure operators to beef up their SCADA security was defeated by Republicans earlier this year. President Barack Obama is said to be considering an executive order that would achieve the same goal without Congressional input.
Even SCADA systems isolated from the Internet can be attacked, as Iran found out in 2010 when the American-Israeli Stuxnet sabotage worm snuck into the Natanz uranium-processing facility aboard a USB stick and set back Iran's nuclear program by several months.
After looking over reports of the ongoing attack against Telvent, Dell SecureWorks malware researcher Joe Stewart told Krebs that a band of Chinese hackers called the Comment Group seem to be behind the attack. Based on the Comment Group's abilities and preferred targets, many security experts believe the group is backed by the Chinese government.
The Comment Group uses highly sophisticated methods to break into the computer networks of high-profile organizations with data and secrets that "could give China an edge as it strives to become the world's largest economy," a July 2012 Bloomberg article asserted.
Among the targets mentioned in the Bloomberg piece was a law firm going after Chinese exporters and an energy company with plans to drill in disputed waters that China lays claim to.
Follow Ben on Twitter @benkwx.