Actual cyber attacks

[ There are too many cyber attacks to keep track of so I’ve stopped putting them in here.  If you do an internet search on “list of cyber attacks” you’ll get many hits (i.e. the Wiki list, hackmageddon, etc).

Not all cyber attacks are reported for many reasons, especially because companies often don’t realize they were attacked — and will continue to be, since some corporations have  lobbied congress to block a bill that would require them to add more cyber security to their systems.

Alice Friedemann  author of “When Trucks Stop Running: Energy and the Future of Transportation”, 2015, Springer and “Crunch! Whole Grain Artisan Chips and Crackers”. Podcasts: Practical Prepping, KunstlerCast 253, KunstlerCast278, Peak Prosperity , XX2 report ]

Perlroth, N. July 1, 2014. Russian Hackers Targeting Oil and Gas Companies. New York Times.

Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.  The motive behind the attacks appears to be industrial espionage and also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.

The Russian attacks on over 1,000 organizations in over 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.

The Russian hackers have been breaking into the networks of industrial control software, or I.C.S., makers, inserting so-called Trojans into the software used by many oil and energy firms to allow employees to remotely get access to industrial control systems. So when oil and gas companies downloaded the latest version of the software, they inadvertently downloaded the hackers’ malware as well.

Security researchers estimate that more than 250 companies downloaded the infected software updates.

“These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected I.C.S. computers,” Symantec wrote in its report Monday.

More recently, Energetic Bear has been targeting companies in the financial sector, said Adam Meyers, CrowdStrike’s head of threat intelligence. In particular, the group has been attacking some websites frequented by firms that invest in the energy sector.


In February 2011, media reports stated that computer hackers had broken into and stolen proprietary information worth millions of dollars from the networks of six U.S. and European energy companies.

In August 2006, two circulation pumps at Unit 3 of the Browns Ferry, Alabama, nuclear power plant failed, forcing the unit to be shut down manually. The failure of the pumps was traced to excessive traffic on the control system network, possibly caused by the failure of another control system device.

In March 2012, it was reported that a security breach at Global Payments, a firm that processed payments for Visa and Mastercard, could compromise the credit- and debit-card information of millions of Americans. Subsequent to the reported breach, the company’s stock fell more than 9 percent before trading in its stock was halted. Visa also removed the company from its list of approved processors.

In June 2011, a major bank reported that hackers had broken into its systems and gained access to the personal information of hundreds of thousands of customers. Through the bank’s on-line banking system, the attackers were able to view certain private customer information.

Citi reissued over 200,000 cards after a May 2011 website breach. About 360,000 of its approximately 23.5 million North American card accounts were affected, resulting in the potential for misuse of cardholder personal information.

In April 2012, hackers breached a server at the Utah Department of Health to access thousands of Medicaid records. Included in the breach were Medicaid recipients and clients of the Children’s Health Insurance Plan. About 280,000 people had their Social Security numbers exposed. In addition, another 350,000 people listed in the eligibility inquiries may have had other sensitive data stolen, including names, birth dates, and addresses.

In March 2012, it was reported that Blue Cross Blue Shield of Tennessee paid out a settlement of $1.5 million to the U.S. Department of Health and Human Services arising from potential violations stemming from the theft of 57 unencrypted computer hard drives that contained protected health information of over 1 million individuals.

November 2011. A foreign cyberattack on the computer control systems of an Illinois water utility system burned out a water pump. The attack may be the first known attempt to successfully destroy a piece of critical US infrastructure, say industrial control-system experts. Hackers may have also stolen passwords and other information needed to gain access to many more water utility control systems across the United States. An analysis of the Illinois water utility company’s computer logs indicates the attack came from the Internet address of a computer in Russia(Clayton 2011).

March 2011. Canadian researchers identified 1,295 computers in 103 countries infected by spyware and operated by someone as a “GhostNet” or cyberspy network. In each case, a Trojan program was downloaded that allowed the attackers control of the computers traceable, the report said, to “commercial Internet accounts on the island of Hainan,” which is the home of the Chinese Army’s intelligence facility (Clayton 2011).

2011: Hackers, possibly operating from China, stole access data from RSA Security Solutions, which provides secure remote computer access to defense contractors and government agencies. Some companies that used RSA devices were later hacked using the stolen information (Clayton 2011).

July 2009. Denial of service (DDoS) attacks against 20 government and business internet sites, including, Yahoo!, the White House, Departments of state, justice, defense, and the White house

January 2008. Senior CIA analyst Tom Donahue told U.S. and European power-company engineers that extortionists had hacked into utilities in multiple regions outside the United States and disrupted power equipment. “In at least one case the disruption caused a power outage affecting multiple cities.” The CIA has been highly secretive about the incident, and Donahue would not discuss where the blackouts occurred or what companies were affected. But he admitted that the CIA had no idea who had perpetrated the attacks. Hackers had shaken down a public utility, it seems, and had gotten away with it (Derene).

2008. At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.  The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations. Experts say the new cyberburglary tools pose a serious threat to corporate America and the long-term competitiveness of the nation. “You can’t get rid of this attacker very easily. It doesn’t work like a normal virus. We’ve never seen anything this clever, this tenacious.” (Clayton 2010)

2008. An estimated $1 trillion in intellectual property was stolen worldwide through cyberspace in 2008, according to a study last year by the antivirus company McAfee (Clayton 2011).

2008. Hackers lifted customer files from the Royal Bank of Scotland and used them to withdraw $9 million in half an hour from ATMs in the United States, Britain, and Canada.

In 2007, a senior Central Intelligence Agency official, Tom Donahue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said (Gorman).

In 2007 a video leaked out of the Department of Homeland Security that showed an experiment where a massive diesel generator shakes violently and belches smoke as it goes into total meltdown to demonstrate how a cyber attack could cripple big, essential machines. When the video hit CNN, it alarmed many in the utilities industry. How it was done is a secret, but basically it was done by intercepting all traffic between two other computers, controlling the line of communication between them.  This is a vulnerability common to many conntrol systems that support critical infrastructure (Derene).

In August 2006, a glitch shut down the Browns Ferry nuclear power plant in northern Alabama. Plant administrators lost control of recirculation pumps on one of the plant’s reactors because of excessive data traffic on the control-system network. The plant was forced to go offline temporarily.  Nuclear plants are designed to shut down in the event of major malfunctions to prevent a Chernobyl-style catastrophe. But they also generate almost 20 percent of U.S. power. What if a hacker exploited a coding error in a cooling system to shut down a sizable piece of the nation’s power supply? (Derene)

In a 2006 U.S. government experiment, hackers were able to remotely destroy a 27-ton, $1-million electric generator similar to the kind commonly used on the nation’s power grid. A video shows it spinning out of control until it shuts down.

In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel (Gorman)

In June 1999, in Bellingham, Wash., shortly before a routine delivery of gasoline by the Olympic Pipe Line Co., a worker updated a database for the company’s pipeline computer-control system. According to a report by the National Transportation Safety Board, a simple typo in the database caused the system to fail, disabling remote control for the pipeline’s operators, 98 miles away in Renton, Wash. Pressure began to build in the line, so the operator issued a command to open a secondary pump to relieve it, but the system was unresponsive. A weak point in the pipeline ruptured, releasing 237,000 gal of gasoline into nearby Whatcom Creek. An hour and a half later, the gasoline ignited. The ensuing fireball scorched more than a mile of riverbank, killing three people, including two 10-year-old boys, and damaged the city’s water-treatment facility (Derene).

Andreasson, Kim.  2011. Cybersecurity: Public Sector Threats and Responses

Clarke, Richard. 2012. Cyber War: The Next Threat to National Security and What to Do About It

Clayton, Mark. 25 Jan 2010. US oil industry hit by cyberattacks: Was China involved? Breaches show how sophisticated industrial espionage is becoming. Christian Science Monitor.

Clayton, Mark. 18 Nov 2011. Cyberattack on Illinois water utility may confirm Stuxnet warnings. A state report claims that a foreign cyberattack disabled a water pump at an Illinois water utility. After discovery of the Stuxnet cyberweapon a year ago, many experts predicted that cyberattacks on US infrastructure were imminent. Christian Science Monitor.

Derene, Glenn. 1 Oct 2009. How Vulnerable is U.S. Infrastructure to a Major Cyber Attack? Popular Mechanics.

Gorman, Siobhan. 8 Apr 2009. Electricity Grid in U.S. Penetrated By Spies. Wall Street Journal.

Kramer, Franklin. 2009.  Cyberpower and National Security (National Defense University)

Related articles

Electric Grid



This entry was posted in CyberAttacks, Infrastructure Attacks and tagged , . Bookmark the permalink.

Comments are closed.