Computer hackers have managed to shut down power to entire cities by breaking into the systems of electricity companies and then demanding money, a senior CIA analyst has claimed.
Tom Donahue told a utilities security conference in New Orleans that all the successful hackings occurred outside America.
He did not specify what countries were affected, when the power cuts happened or how long they lasted.
Mr Donahue, who was speaking at the Process Control
Security Summit, later said in a statement: "We have information, from
multiple regions outside the United States, of cyber intrusions into
utilities, followed by extortion demands."
He said the CIA suspected some of the cyber-attackers "had the benefit of inside knowledge".
He added: "In at least one case, the disruption caused a power outage
affecting multiple cities. We do not know who executed these attacks or
why, but all involved intrusions through the Internet."
CIA spokesman declined to provide additional details, saying: "The
information that could be shared in a public setting was shared. These
comments were simply designed to highlight to the audience the
challenges posed by potential cyber intrusions."
Bush administration is increasingly worried about the little-understood
risks from hackers to the specialised electronic equipment that
operates power, water and chemical plants, known as Supervisory Control
And Data Acquisition (SCADA) systems. These are increasingly connected
to the Internet.
Hackers first launched such a
pattern of cyber attacks followed by subsequent blackmail attempts
against the online gambling industry six or seven years ago.
In a test last year, the Homeland Security Department produced a video
showing commands quietly triggered by simulated hackers having such a
violent reaction that an enormous generator shudders as it flies apart
and belches black-and-white smoke.
demonstration, called the "Aurora Generator Test", was conducted in
March by government researchers investigating a dangerous vulnerability
in SCADA systems.
The programming flaw was fixed, and equipment makers urged utilities to take protective measures.
some members of the security community are treating the threat of such
attacks seriously, sceptics say the CIA’s refusal to give any details
about its new claims suggest the fears are nothing more than an urban
There are a few recorded cases of
successful Internet attacks on utilities’ computers. In 2000, a
disgruntled former employee of an Australian computer company hacked
into a sewage control system and flooded parks, rivers and a hotel with
a million gallons of raw sewage.
In 2003, a
computer virus called the Slammer worm disabled a safety monitoring
system at an inactive Ohio nuclear plant for nearly five hours.
Via The Telegraph