The CIA says hackers have compromised foreign utility companies

WASHINGTON — In a rare public warning to the power and utility industry, a CIA analyst last week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities.

“We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Tom Donahue, the CIA’s top cybersecurity analyst, said Wednesday at a trade conference in New Orleans.

The audience was made up of 300 U.S. and international security officials from the government and from electric, water, oil and gas companies, including BP, Chevron and the Southern Co.

“We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge,” Donahue said. He did not specify where or when the attacks took place, their duration or the amount of money demanded. Little said the agency would not comment further.

The remarks come as cyber attackers have made increasingly sophisticated intrusions into corporate computer systems, costing companies worldwide more than $20 billion each year, according to some estimates.

Cyber extortion is a growing threat in the United States, and attackers have radically increased their take from online gambling sites, e-commerce sites and banks, which pay the money to prevent sites from being shut down and to keep the public from knowing their sites have been penetrated, said Alan Paller, research director at the SANS Institute, the cybersecurity education group that sponsored the meeting.

“The CIA wouldn’t have changed its policy on disclosure if it wasn’t important,” Paller said. “Donahue wouldn’t have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now.”

Over the past year to 18 months, there has been “a huge increase in focused attacks on our national infrastructure networks, … and they have been coming from outside the United States,” said Ralph Logan, principal of the Logan Group, a cybersecurity firm.

It is difficult to track the sources of such attacks, because they are usually made by people who have disguised themselves by worming into three or four other computer networks, Logan said. He said he thinks the attacks were launched from computers belonging to foreign governments or militaries, not terrorist groups.

Over the past 10 years, electric utilities, pipelines, railroads and oil companies have used remotely controlled and monitored valves, switches and other mechanisms. This has resulted in substantial savings in man power and other costs.

But to do that, the companies have installed wireless Internet connections to link the devices to central offices.

“In the past, if they wanted to go out and read a gauge on a gas well, for example, they would have to send a technician in his vehicle; he would drive 100 miles and physically read the gauge and get back in his truck,” Logan said. “Now they can read it from headquarters. But it allows attackers a gateway into the system.”

Talk to us

More in Local News

This photo provided by OceanGate Expeditions shows a submersible vessel named Titan used to visit the wreckage site of the Titanic. In a race against the clock on the high seas, an expanding international armada of ships and airplanes searched Tuesday, June 20, 2023, for the submersible that vanished in the North Atlantic while taking five people down to the wreck of the Titanic. (OceanGate Expeditions via AP)
A new movie based on OceanGate’s Titan submersible tragedy is in the works: ‘Salvaged’

MindRiot announced the film, a fictional project titled “Salvaged,” on Friday.

Craig Hess (Snohomish County Sheriff’s Office)
Sultan’s new police chief has 22 years in law enforcement

Craig Hess was sworn in Sep. 14. The Long Island-born cop was a first-responder on 9/11. He also served as Gold Bar police chief.

Cars move across Edgewater Bridge toward Everett on Tuesday, Sept. 26, 2023, in Washington. (Olivia Vanni / The Herald)
Edgewater Bridge redo linking Everett, Mukilteo delayed until mid-2024

The project, now with an estimated cost of $27 million, will detour West Mukilteo Boulevard foot and car traffic for a year.

Lynn Deeken, the Dean of Arts, Learning Resources & Pathways at EvCC, addresses a large gathering during the ribbon cutting ceremony of the new Cascade Learning Center on Thursday, Sept. 28, 2023, at Everett Community College in Everett, Washington. (Ryan Berry / The Herald)
New EvCC learning resource center opens to students, public

Planners of the Everett Community College building hope it will encourage students to use on-campus tutoring resources.

Everett Police Chief Dan Templeman announces his retirement after 31 years of service at the Everett City Council meeting on Wednesday, Sept. 27, 2023 in Everett, Washington. (Olivia Vanni / The Herald)
Everett police chief to retire at the end of October

Chief Dan Templeman announced his retirement at Wednesday’s City Council meeting. He has been chief for nine years.

Boeing employees watch the KC-46 Pegasus delivery event  from the air stairs at Boeing on Thursday, Jan. 24, 2019 in Everett, Wa. (Andy Bronson / The Herald)
Boeing’s iconic Everett factory tour to resume in October

After a three-year hiatus, tours of the Boeing Company’s enormous jet assembly plant are back at Paine Field.

A memorial for a 15-year-old shot and killed last week is set up at a bus stop along Harrison Road on Wednesday, Sept. 13, 2023, in Everett, Washington. (Ryan Berry / The Herald)
Teen boy identified in fatal shooting at Everett bus stop

Bryan Tamayo-Franco, 15, was shot at a Hardeson Road bus stop earlier this month. Police arrested two suspects.

Representative Rick Larsen speaks at the March For Our Lives rally on Saturday, June 11, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Larsen: ‘Fractured caucus’ of House Republicans is ‘unable to lead’

Following removal of the House speaker, a shutdown still looms. Congress has until Nov. 17 to devise a spending plan.

Spada Lake is seen from Culmback Dam on Sunday, Oct. 1, 2023, near Sultan, Washington. (Ryan Berry / The Herald)
Helicopter crash in Copper Lake sparks environmental, health concerns

Rangers hadn’t heard of fly-in tourism in the area — which can harm the wilderness and people downstream, advocates say.

Arlington
Man charged with dealing fentanyl pills that led to Arlington overdose

Prosecutors charged Robin Clariday with controlled substance homicide. He allegedly handed Bradley Herron the pills outside a hotel.

Lynnwood
Seattle woman identified in fatal Highway 99 crash

Elena Mroczek, 74, was killed Sunday in a crash involving a 19-year-old.

A memorial for a 15-year-old shot and killed last week is set up at a bus stop along Harrison Road on Wednesday, Sept. 13, 2023, in Everett, Washington. (Ryan Berry / The Herald)
Rival gang members charged with killing Everett boy, 15, at bus stop

The two suspects are accused of premeditated first-degree murder in the death of Bryan Tamayo-Franco, 15.