April 8, 2009
The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country’s power infrastructure, most likely gained access like any other cybercriminal — by exploiting a bug in software such as Windows or Office, a security researcher said today.
[efoods]“Any computer connected to the Internet is potentially vulnerable,” said Roger Thompson, chief research officer at AVG Technologies USA Inc. “Getting to the actual infrastructure devices directly — that’s always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.”
According to a report earlier today in The Wall Street Journal, unnamed national security sources said that hackers from China, Russia and elsewhere have penetrated the U.S. power grid, extensively mapped it, and installed malicious tools that could be used to further attack not only the electrical infrastructure, but others as well, including water and sewage systems.
The discoveries were made by U.S. intelligence agencies, not the utilities’ security teams, the Journal said.