An analyst at the US Central Intelligence Agency (CIA) has said that criminals have been successful in hacking into computer systems via the Internet. In doing so, these criminals have been able to cut the electric supply of several cities in the US.
It was CIA analyst Tom Donahue who disclosed this at a conference of security professional last week. He also offered a few specifics on what exactly went wrong. It appears that criminals had launched online attacks that had disrupted power equipment in a number of regions outside the US. However, he did not mention that exact countries that were affected.
The goal of the attacks was extortion, concluded Donahue.
“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. In at least one case, the disruption caused a power outage affecting multiple cities. We do not known who executed these attacks or why, but all involved intrusions were through the Internet,” he said.
“According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure,” SANS Institute said in a statement.
One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. “It appeared that there were a lot of people who didn’t know this already,” said the attendee, who asked not to be identified because he is not authorized to speak with the press.
He confirmed SANS’ report of the talk. “There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack,” he said.
Last Thursday, the Federal Energy Regulatory (FERC) approved new standards that were designed to improve cyber security. However, the US is also taking steps to lock down the computers that manage its power systems.