WASHINGTON – Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.
All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages.
Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."
"In at least one case, the disruption caused a power outage affecting multiple cities," Donahue said in a statement. "We do not know who executed these attacks or why, but all involved intrusions through the Internet."
A CIA spokesman Friday declined to provide additional details.
"The information that could be shared in a public setting was shared," said spokesman George Little. "These comments were simply designed to highlight to the audience the challenges posed by potential cyber intrusions."
Donahue spoke earlier this week at the Process Control Security Summit in New Orleans, a gathering of engineers and security managers for energy and water utilities.
[There has been "a huge increase in focused attacks on our national infrastructure networks"in the past year and a half, "and they have been coming from outside the United States," cybersecurity expert Ralph Logan told the Washington Post in commenting on the CIA assessment.
Logan told the Post that the coordinated attacks came from foreign governments or militaries, not terrorist groups.
In late November, the security firm McAfee singled out China for risking a "cyber Cold War" by probing other countries' Internet security, including a Pentagon network and other Western government agencies.
A few days later, the British government warned major banks and other financial institutions that Chinese military hackers had targeted their networks.
Russian hackers have been blamed for shutting down neighboring Estonia's Internet access for several days last spring, but those efforts, while possibly green-lit by the Russian government, were considered the work of disorganized volunteers.
By contrast, experts believe Chinese cyberattacks have been orchestrated by the People's Liberation Army.]
The Bush administration is increasingly worried about the little-understood risks from hackers to the specialized electronic equipment that operates power, water and chemical plants.
In a test last year, the Homeland Security Department produced a video showing commands quietly triggered by simulated hackers having such a violent reaction that an enormous generator shudders as it flies apart and belches black-and-white smoke.
The recorded demonstration, called the "Aurora Generator Test," was conducted in March by government researchers investigating a dangerous vulnerability in computers at U.S. utility companies known as supervisory control and data acquisition systems.
The programming flaw was fixed, and equipment makers urged utilities to take protective measures.