A secret 2007 American experiment proved that hackers can break equipment on a power grid so that it can no longer be repaired. And this will require a file the size of a typical gif
Control room in the Idaho National Laboratories Building
In late October, the US Department of Justice declassified an indictment file against a group of hackers known as the Sandworm [sandworm]. In the document, the US accused six hackers working for the GRU of computer crimes that have taken place around the world in the past five years - from sabotaging the 2018 Winter Olympics in South Korea to launching the most destructive malware in Ukraine. Among these accusations is the unprecedented attack on the Ukrainian power grid in 2016, which was designed to not only turn off the power supply, but alsodamage grid equipment . When one of the cybersecurity researchers, Mike Assante, delved into the details of this attack, he found that the idea of ββhacking power grids was not invented by Russian hackers, but by the US government - it was invented and tested ten years ago [ no evidence of the accusation is traditionally provided; enthusiasts, using a neural network, searched for people using photographs given in the documents, and one of them turned out to be very similar to a trombonist from Barnaul / approx. transl. ].
Here is a translation of an excerpt from the book Sandworm: A New Age of Cyberwar and the Hunt for the Most Dangerous Kremlin Hackers, published a week ago, which details the very early experiment on hacking the power grid. The project was led by the late Assante, a legendary pioneer in industrial systems security. The experiment was later named "Testing the Aurora Generator". Today, it serves as a reminder of how cyberattacks can affect the physical world. He became an eerie prediction of the subsequent Sandworm attacks.
On a chilly and windy morning in March 2007, Mike Assante arrived at the Idaho National Laboratories building, located 50 kilometers west of Idaho Falls. This building rises above a desert landscape, covered with snow and overgrown in some places with wormwood. He walked into a large room in the visitor center where a small group of people had already gathered. It included officials from the US Department of Homeland Security, the US Department of Energy, the North American Electric Reliability Corporation [NERC], directors of several utilities around the country. There were other researchers and engineers, such as Assante, who were tasked by the National Laboratory to come up with various disastrous scenarios that threaten critical American infrastructures.
At the front of the room were rows of video monitors and datasheets facing the semicircular seats in the room, which looked like a flight control room in a space center. Live screens showed a massive diesel generator from multiple angles. The mint-colored car was the size of a bus - a huge mass of steel weighing 27 tons, almost like a modern tank. It was located one and a half kilometers from the auditorium, in an electrical substation, humming continuously. The electricity it produced would be enough to power a hospital, or a warship. The video showed how the horizon vibrates in the waves of hot air rising from the generator.
Assante and his fellow lab researchers bought the generator for $ 300,000 from oil producers in Alaska. They transported him thousands of miles to a landfill in Idaho, an area of ββ2,300 sq. km., where the national laboratory had an entire power grid for testing, along with hundreds of kilometers of power lines and several electrical substations.
If Assante has coped with the task, the generator will be destroyed. At the same time, the assembled researchers planned to destroy this expensive and reliable machine not with some physical tool or weapon. This should have been done by a 140kb file - no more than an average Twitter GIF of kittens.
Three years earlier, Assante served as director of security for American Electric Power, which supplied utilities to millions of consumers in 11 states, from Texas to Kentucky. Assant once served in the navy and then became a cyber security engineer, and has long understood the possibility of a hacker attack on the power grid. However, he was shocked at how poorly his colleagues at other energy supply companies understood this threat, however theoretical and remote. Back then, it was generally accepted that if hackers got into a provider's network deep enough to start flipping switches, then employees would simply have to kick them out of the network and turn on the electricity again. βWe will be able to cope with this as with the consequences of an ordinary storm,β recalls Assante of the words of colleagues. - It was believedthat it would be like a power outage and that we would just recover and that's it - those were the limits of the risk model. β
However, Assante, who possessed a unique combination of knowledge of power grid architecture and computer security, was pestered by more sophisticated thoughts. What if attackers didn't just take control of systems by flipping switches to cause momentary power outages? What if they instead reprogram the automatic elements of the networks, making decisions without human intervention to perform various operations?
Electrical substation at Idaho National Laboratories, on a 2,300 sq km test site.
In particular, Assante thought about equipment such as a protective relay. The relays are supposed to work as a safety mechanism, protecting the power grid from hazardous physical conditions. If the power lines overheat, or the generator loses synchronization, it is these protective relays that detect this anomaly and break the circuit, shutting down the problem area, saving valuable equipment and even preventing fires. The protective relay works as a lifesaver for the grid.
But what if this same protective relay turns out to be paralyzed - or even worse, spoiled so that it becomes an attacker weapon?
It was with this question that Assante, who worked for an electricity provider, came to Idaho National Laboratories. And now in the visitor center at the proving ground, he and his colleagues were going to put this creepy idea into practice. The secret experiment was given a codename, which would then become synonymous with possible digital attacks with physical consequences: "Aurora."
The test director announced the time: 11:33. He asked the security engineer that there were no onlookers in the area near the diesel generator. He then instructed one of the researchers in the Idaho Falls office to launch the attack. Like any real digital sabotage, this attack was carried out from a long distance and via the Internet. An employee playing the role of a hacker sent a thirty-line program of code from his car to a safety relay connected to a bus-sized diesel generator.
Before the attack, the internals of the generator performed an invisible and perfectly balanced dance with the power grid to which it was connected. Diesel fuel was sprayed in the chambers and detonated at an inhuman speed. It moved pistons that rotated a steel shaft in the bowels of the engine at a speed of about 600 rpm. This rotation was transmitted through a vibration-damping rubber bushing to another component that directly generates the current. It was a copper-wound, branched shaft rotating between two massive magnets. Each revolution excited an electric current in the wires. If you spin this pile of copper fast enough, you can get 60 Hz alternating current that can be transferred to a much larger grid.
A protective relay connected to the generator should have prevented it from connecting to the rest of the grid without being precisely synchronized with this 60 Hz rhythm. However, Idaho Falls "hacker" Assante has just reprogrammed this rescue device, turning all its logic upside down.
At 11:33:23 the protective relay received information about the perfect synchronization of the generator with the mains. But then his tainted brain did the opposite of its original purpose: to break the chain, disconnecting the machine.
When the generator was disconnected from the larger power grid and stopped sharing its energy with this vast system, it immediately began to accelerate, like a horse loosening itself from a cart. As soon as the protective relay detected that the generator speed increased so much that it was completely out of sync with the mains, its malicious logic immediately connected the generator back to the mains.
As soon as the diesel generator was reconnected to the mains, all the power of all the other generators connected to the grid fell upon it. All this equipment forcibly slowed down a relatively small mass of rotating components, bringing it back to the frequency of its neighbors.
On the screens, the audience watched as the giant machine began to shake with incredible force, emitting a sound like the click of a giant whip. The entire process, from the moment the malicious code was launched to the first push, took only a split second.
The researchers left the panel that gave access to the inside of the generator open so that they could observe what was happening inside. And now black debris began to fly out of it. This began to tear apart the black rubber bushing that connected the two halves of the generator shaft.
A few seconds later, the car started shaking again - the safety relay code entered its sabotage cycle again, disconnecting the machine, and later reconnecting it after desynchronization. This time, gray smoke began to flow from the generator, possibly from the burning of pieces of rubber.
Despite the fact that several months and several million dollars from the budget were spent on the attack, which was followed by the audience, Assante even had some sympathy for the car, which at that moment was torn apart from the inside. βYou suddenly realize that you are rooting for him, as for the engine that could ,β recalled Assante. "I thought: come on, you can handle it!"
But the car failed. After the third blow, she emitted a large cloud of gray smoke. "The engine is kirdyk," said the engineer who was standing next to Assante. After the fourth blow, a cloud of black smoke escaped from the car, rising a dozen meters up when the generator was shaken by the last death spasm.
The test director finished the experiment and unplugged the damaged generator, which was completely motionless, from the mains one last time. During the subsequent analysis of the incident, the researchers from the laboratory discovered that the motor shaft collided with its inner wall, leaving deep dents, and sprinkled all the insides with metal shavings. On the other side of the generator, the winding and insulation melted and burned. The car was completely ruined.
Silence hung over the visitor center. βIt was a sobering moment,β recalls Assante. Engineers have proven incontestably that hackers attacking an electrical provider can do more than just temporarily interfere with the victim's work. They can damage critical equipment so that it cannot be recovered later. βIt was very visual. You could imagine how this happens with a car in a real power plant, and it was terrible, - says Assante. "In the end, it turns out that just a few lines of code can create conditions that are physically dangerous to the machines we rely on to run smoothly."
However, Assante recalls that he realized something even more important immediately after the end of the Aurora experiment. Like Robert Oppenheimer watching the first atomic bomb test in another American laboratory six decades earlier, he was witnessing the birth of something both historic and incredibly powerful.
βI felt a huge heaviness in my stomach,β says Assante. "It was as if I looked into the future."