Compromised Hydro One computer shows difficulty of tracking hackers
Published Tuesday, January 3, 2017 8:07PM EST
Last Updated Tuesday, January 3, 2017 9:17PM EST
The discovery that Ontario’s main electricity distributor allegedly had an IP address compromised by Russian hackers is “a wake-up call” and should put Canadians on high alert for their personal cyber security, according to a technology analyst.
U.S. Homeland Security and the FBI found an IP address from Hydro One during an investigation into malicious cyber-activity allegedly linked to the hacking of the Democratic National Committee. Six other Canadian computer addresses were swept up in the digital search – including an IP address from an Alberta-based internet provider.
Hydro One told CTV News that the IP address was not connected to Ontario’s electricity grid and is “not an active IP address at Hydro One.” The company added that it takes cyber security seriously and that there are no concerns that the province’s power system was compromised.
CTV technology analyst Carmi Levy says the finding is still a major cause for concern.
“This is very significant because it means whatever security processes are being used to secure that particular IP address … they are absolutely inadequate if they can be breached by a hacker and then compromised in some way,” Levy told CTV News.
Last week, U.S. officials found a malware code known as “Grizzly Steppe” on a laptop belonging to one of Vermont’s two main electric utility companies. Homeland Security and the FBI later released a list of hundreds of IP addresses said to be targeted by malicious cyber activity.
Russia has denied any responsibility in the cyberattacks, and President-elect Donald Trump has cast doubt on the reports.
The alleged “Grizzly Steppe” hack follows the pattern of a “zombie attack” in which a hacker remotely scours the internet for vulnerable computers, laptops, servers or networks anywhere in the world.
“And then they use malware to infiltrate them, and then they launch attacks from there,” Levy explained.
Since a zombie attack can be carried out remotely, it can be difficult to pinpoint a particular country or hacker involved.
“It also makes it more difficult to trace the attack back to the actual perpetrator,” Levy explained.
IT security expert Jean-Francois Sauriol said it’s “unsettling” to learn that a Hydro One IP address was named in the U.S. investigation, but he cast doubt on fears of an attack on Ontario’s electric grid and suggested that any major threats would’ve been caught fairly quickly.
“They’re a critical infrastructure organization. I suspect their protection mechanisms are quite robust,” said Sauriol.
The Canadian links connected to the largescale U.S. investigation highlight the importance of securing all digital properties – even personal computers, Levy said.
“If a large utility can be compromised, then basically it means that anyone or anything can be compromised. Even if you are an individual with one laptop working out of your home, anyone is potentially targetable in this way. We should all be concerned. This touches all of us.”
Ukraine’s power grid was hit by a sophisticated cyberattack in Dec. 2015 after three electric power companies were hit, causing a blackout for more than 225,000 customers.