Latest news with #Sandworm
Yahoo
02-06-2025
- Politics
- Yahoo
Every Cyber Attack Facing America
Coordinated attacks on electrical grids. Quantum computers making encryption technology useless. Deepfakes that are nearly impossible to discern from reality, or an army of AI agents hacking networks with once unthinkable-speed and efficiency. These are only a few of the threats that could be facing the United States in the very near future—if we aren't already. Today WIRED takes a deep dive into how vulnerable our current systems and networks are to the future of cyber threats. - Everybody knows how technology can make our lives better or a little easier, but it can go the other way too. - Soon, it will actually be impossible for a human being to tell if the face that they're looking at is real. And that's a very scary new reality. - Today, we're talking about future tech threats, including AI deepfakes, cyber attacks on electrical grids, quantum computers, and a lot more. This is "Incognito Mode." [gentle music] [keyboard clanking] One of the doomsday scenarios that experts have worried about for decades is a major cyber attack on the US electrical grid. Now, Andy, you've written a literal book about cyber attacks on electrical grids and the hackers behind them. Tell us about that. - As with so many of these different kind of future threats, we've already seen it play out in Ukraine, which is so often the canary in the coal mine because it is so targeted by Russian hackers. And in fact, we've seen one specific group of Russian hackers called Sandworm cause blackouts three times in Ukraine, the only hacker-induced blackouts in history. The first one of these was in 2015. These Russian state-sponsored hackers broke into a collection of electrical utilities in Western Ukraine and turned off the power for a quarter million Ukrainian civilians. Then they did it again the next year in the capital this time, in Kyiv. In that case, they used this kind of automated tool known as Crash Override, or Industroyer. It was essentially kind of blackout-inducing bots that could open circuit breakers with kind of automated speed. Now, in both of those first two blackouts in Ukraine, the power outage only lasted a few hours. But in the second of those two attacks, we did also see this troubling tactic, which was that the Sandworm hackers actually tried to disable a piece of safety equipment called the protective relay. They intended it that when the Ukrainian engineers tried to turn the power back on, they might have overloaded lines to cause them to burn or exploded the transformer, and that would've been a kind of physical destruction of grid equipment that could have led to outages of weeks or a month. And that only actually failed because of a tiny misconfiguration in the hacker's malware. And in the midst of Russia's full-scale invasion of Ukraine starting in 2022, they haven't stopped attacking the Ukrainian power grid both physically and with cyber attacks, and in one case they succeeded in causing a blackout in the midst of an airstrike, in the midst of missiles raining down on the city that was blacked out. - So, the US grid, as I understand it, it's not just one centralized local grid. The United States is enormous, so we've got the East, we've got the West, and we've got Texas, which is its own thing for some reason. And then within those we have all these utility companies that connect to these grids. So, we're talking about a bunch of different entities. How complicated would it be to kind of target even one of these regions in the United States? - Well, I think that causing like a massive blackout across the whole region in the US would be quite difficult. The cyber attacks we've seen so far in Ukraine are relatively localized. You know, the idea of like this kind of nightmare scenario of blacking out the entire eastern seaboard for a month, I don't think we've ever seen a hacker group capable of doing that. Not to say that it's not technically possible somehow, but what we have seen that's very worrying is this one group of Chinese state-sponsored hackers called Volt Typhoon gaining access to electric utility networks in the US across the entire country. And it seems that they're trying to pre-position to be ready for some date in the future when they might choose to pull the trigger and cause blackouts perhaps in many simultaneous cyber attacks. And of course, the date that we have to guess that they're preparing to do that would be on the eve of the invasion of Taiwan that Xi Jinping, the Chinese head of state, has said he wants the Chinese military to be ready for by 2027. That could be a kind of tactic in the Chinese playbook to delay an American response to that invasion, or perhaps more specifically, to cut power to US military bases that would hamper our military response to that actual invasion of Taiwan. I have sometimes thought like the threat of a power grid attack has become overblown because it's kind of like the quintessential cyber nightmare. So, at one point I even did ask an NSA official, "Are you actually scared of a cyber attack on the grid?" And he said that he absolutely was because of this notion that the electric grid underlies every system that we have come to rely on, GPS, internet, water, all of it depends on electricity. It is in some ways like the fundamental lowest layer of the tech stack of America, - And this is one of the reasons why cyber attacks on electrical grids kind of loom large in the cybersecurity mind, is that this is a hack that can potentially cause physical damage in the real world that then makes the attack much more consequential. - Right. If the power turns off for a few hours, I think we have backup systems, we have natural disasters that cause that. We're ready to bounce back. If transformers are destroyed, however, these are custom pieces of equipment that are hard to replace. We may not be ready for a long timescale of outage against an actual malicious adversary that's still there in the network, still trying to cause more damage. We saw how difficult it was, for instance, for Spain and Portugal to turn the power back on across an entire country. Well, imagine if you're trying to perform that recovery while an active adversary is also trying to sabotage every step you take to recover. - Terrifying. [gentle music] Hey, it's me. Don't recognize me? How about now? AI-generated deepfakes are everywhere on the internet. You've probably laughed at ones of politicians or celebrities, but did you know these tools can be used for nefarious purposes against you? What in your reporting have you seen deepfakes being used for? - Well, we've already seen deepfakes being used for two of the most lucrative form of cyber crime that we know about. One is what people call business email compromise, where a hacker is kind of impersonate someone inside a company and trick the executives into sending money where they shouldn't. We've seen one company tricked into sending $25 million to a hacker who impersonated an employee. The other is romance scams, or other kinds of what people call pig butchering, where a victim is tricked into sending sometimes millions of dollars to a fake crypto investment. I've seen listings on black markets where crypto scammers are selling each other deepfake tools to be able to impersonate someone's face, and both of these are already making tens of billions of dollars in revenue a year, truly two of the biggest categories of cyber crime in existence, and both of them are going to be absolutely supercharged by deepfakes. - Most of the nefarious uses of deepfakes involve scams, people trying to steal people's money. Deepfakes used by scammers can be put together quickly and they don't have a lot of resources to put into them sometimes, but they can also be used in geopolitical settings, fake news on steroids. [speaking in foreign language] The producers of fake news are able to put a lot of resources into making sure something looks reliable and it makes it really hard to detect when something's actually fake. Unless you're a digital forensics expert, detecting fake news can be really difficult. The technology is just rapidly improving. It's becoming pretty commonplace to be able to get access to these tools. You don't have to be a specialized hacker or anything to get them. You can just kind of download these tools and use them for whatever means you want to. - Definitely, and I think the real time deepfake video tools that I've seen are not seamless, they're quite detectable for like a not super gullible human being today, but I think what we're talking about is a very near future where these tools are only going to improve and soon it will actually be impossible for a human being to tell if the face that they're looking at is real, and that's a very scary new reality. - You know, one of the ways people protect themselves from traditional scams, even before deepfakes, is you're just familiar with what a phishing email looks like and you learn to look out for it, but at some point the fakes become so good, you can't tell what's real and what's fake. - I think we're used to telling people too as a safeguard, "Yeah, if you can't tell if this text is fraudulent, then get somebody on a call. If that doesn't work, you get somebody on a video." When none of that works, then we have to come up with new protocols, like, you know, do you have some sort of secret code word? Do you check if somebody can remember your last conversation? You know, all of these things, we'll have to kind of figure them out in this new deepfake future. - AI has really taken all the headlines as this big emerging technology and all the potential threats around it. Another emerging technology is quantum computing that's continuing to evolve. One of the things that security experts kind of worry about with regards to quantum computing is that it could just break all encryption. What have you seen about this? - Right, well, this is what some people call Q Day, like, this perhaps near future doomsday scenario where quantum computing becomes powerful enough to break these crypto systems that we have built an entire society on. It turns out that there are some kind of post-quantum crypto systems that can't be broken even by quantum computers. So, Google, for instance, has been very vocal about switching to post-quantum crypto. Signal, the encrypted messaging app, has also switched to post-quantum crypto, and that ought to be reassuring. But the troubling thing is just how many systems out there may not be using post-quantum crypto, and when quantum computing suddenly appears, they can just all be broken and all of our secrets will be accessible and it'll be like that moment in "Sneakers" when like suddenly the entire internet is decryptable. - Anybody wanna shut down the Federal Reserve? - For instance, Bitcoin we know doesn't use post-quantum crypto. If a quantum computer arrived today, it seems like somebody would be able to steal hundreds of billions of dollars. Bitcoin would probably go to zero immediately, and that's only gonna be fixed when the entire Bitcoin community decides to adopt new crypto technologies and implement them across the network, which is a really big undertaking and may not happen in time. - The issue with quantum computers is that they're just much faster at breaking encryption than a traditional computer. While a traditional computer can take over a hundred million years to break certain types of strong encryption, a quantum computer can do it in just a few hours. WIRED's Amit Katwala recently interviewed several experts about the coming quantum apocalypse. According to one survey, experts believe Q Day is gonna arrive by 2035, if not sooner, and some think there's a 15% chance it's already happened. Now, if Q Day does actually arrive, that means everything from military intelligence secrets to access to critical infrastructure to your own private data and messages could all be exposed. It's not just the end of privacy as we know it, it's the end of any control over all the systems that we use every day. Experts kind of compare this to Y2K when, if you don't remember, Y2K is when the computer systems use two digits to denote the date zero zero, and everybody was worried that everything would break because the computers would think it's 1900 instead of the year 2000. Now, Y2K has kind of become a joke because everybody pitched in and fixed the problem before it was actually a catastrophic issue. - Midnight has come in Russia, there's no Y2K problem at all. - And in this case, it's the same kind of situation where we need a bunch of different systems, many thousands I'm sure is an understatement. - Well, exactly. I think talking about it like Y2K is part of why I've always kind of dismissed this, like, "Oh, it's some problem for the nerds. They'll deal with it in time." But the thing about Y2K was that we knew exactly when it was gonna happen. This doomsday, we don't know when the deadline is, and in fact, there's some adversary out there building a quantum computer. They know perhaps when they're gonna have one, and we don't. And we also don't know if somebody may have actually even now built a quantum computer in secret and have the ability to crack all of these crypto systems and access secrets that we can't even imagine. - There's basically two categories when we're talking about quantum computers breaking encryption, it's keeping of secrets and managing access to systems. If the encryption is broken, then you can't keep anything secret and you can't keep anyone out of any system. - And to your point, they would also be able to mess with things, take control of all of the digital systems that control the power grid or air traffic control. It's really hard to imagine the level of actual havoc that they could wreak. And really, like, some other countries could be storing all of this encrypted data that's traveling across the internet and just keeping it and waiting for the day when Q Day arrives and they have this computer capable of cracking all of that. - Yeah, absolutely. You make a great point that the data that's already been stolen is not gonna be updated alongside those systems, and so all of those secrets could still be cracked. - We really can't move to post-quantum crypto systems fast enough. - One of the systems we don't really think about, because it's just everywhere and we take it for granted, is GPS. If it goes down, things get bad really quickly. And it's not just the navigation app on your phone. It's trains, airplanes, boats, all types of systems that people rely on, and it could really cause major disruptions. GPS is just one of several global navigation satellite systems, or GNSS, that are used around the world. Europe has Galileo, Russia has GLONASS, China has BeiDou, but the US is really reliant on GPS alone. The US' reliance on GPS makes it particularly vulnerable because the government hasn't created any backup systems like they have in other countries. It's used by transportation systems, emergency services, financial institutions. Basically everything runs on GPS and you might not even know it. - We've seen, for instance, in the war in Ukraine that Russian and Ukrainian soldiers have been using GPS jamming and spoofing to try to disrupt each other's drones and prevent drone attacks. But in those cases, we've also seen collateral damage. Those jamming devices are like very blunt instruments. They send out their radio jamming in all directions in a wide range. We've seen them affect civilian aircraft even, and I believe our colleague Matt Burgess has written about how civilian aircraft have had to be rerouted, sent back to the airport of their origin because of GPS jamming in the Ukraine war. - Yeah, so this is something that's already happening on a small scale, but there's the potential, if there's a major war between the US and China, where these systems could be disrupted on a much bigger scale. It's not just spoofing and jamming attacks that we have to worry about. There's also attacks on the actual satellites themselves. We know some countries have developed satellite technology to take out or disrupt satellites in orbit. The fact that countries are carrying out these kinds of attacks shows just how valuable GPS is and how vulnerable it can be. - Yeah, I remember in this science fiction book from 10 years ago now called "Ghost Fleet," they posit this future war with China where the first shot of that war would be China destroying all of the US' satellites. That is plausible. We've seen China and Russia demonstrate the ability to destroy satellites. China has shown that it can use a satellite to grapple onto another one and pull it out of orbit. These sound like science fictional threats, but they are practical. And we've never really thought about what our country would look like if all of GPS were suddenly disrupted. - If you've used generative AI tools like ChatGPT, you know how powerful they are. They give you the ability to write an essay in seconds, or create a business plan on something you might not even know anything about. The same for writing code. Programmers everywhere are already using generative AI to write code that they're deploying in the world. But the same goes for hackers. - AI for so many people is a kind of glorified productivity tool, and it seems like it is that for now for hackers too. Chinese hackers are using generative AI to write better phishing emails in perfect English now. They are almost certainly writing malicious code with AI too, because all software developers are using AI to write code, but that's not like truly autonomous hacking bots out there somewhere on the internet, which is the scary future thing we're talking about. But I think that's coming. At some point, we will see fully autonomous hacking agents, and I think we may even see a future where AI is able to automatically find zero-day secret vulnerabilities in code and exploit it immediately, and that's quite scary. - These tools can be used by hackers in a couple of different ways. One, they can write code that somebody who isn't really skilled wouldn't have any ability to do. More and more people could become hackers. So, you have these script kiddies writing tools in large language models and deploying that code with unknown consequences. Then we get to the professional level where both the good guys and the bad guys are using these tools. You have white hat hackers using them to find zero-days, or secret vulnerabilities in code nobody's been able to patch. AI can be really useful for protecting these systems, but you also have black hat hackers. They can use it to write malicious code that they might not otherwise be able to create and deploy that code in more sophisticated ways. - We've talked for a long time about the problem of zero-days, this idea of a secret vulnerability in a piece of software where the company that makes that software has had essentially zero days to fix it. AI is going to be able to find those zero-days in an autonomous way at some point. - As these technologies advance, you can imagine a future where there is an AI that you can point it at a certain system and say, "Go hack that system and it'll go in," and it'll analyze the code that it's seeing, find vulnerabilities in real time, write malicious code in real time, and then gain further access into those systems, be able to exfiltrate data and just kind of cause all the havoc that hackers can already, but much more efficiently, much quicker, and maybe on a much bigger scale. - I think the real issue though is that defenders definitely need to be using AI or they're gonna be left behind. - Things aren't necessarily gonna become instantly more secure or less secure one way or the other. We report on systems getting hacked almost every day here at WIRED, and so that reality is gonna still be there, it's just the question of will the teams defending against this stuff be adopting it effectively as well as the malicious hackers? And we just don't know how that's all gonna play out. If you've ever been in a natural disaster and the cell networks go down, you know just how helpless and stranded you feel. Now, imagine that's happening to everybody everywhere. We're just not ready for our cell networks to go down. In addition to natural disasters, there've been several cyber attacks on cell phone networks in various countries around the world. There's also been repressive regimes that have taken the cell phone networks down on purpose to quell protests. - We've seen a cyber attack launched against Ukraine's cellular provider Kyivstar in December of 2023, turn off cellular service to millions of Ukrainians. This was the Russian hacker group Sandworm trying to disrupt the communication systems for the whole populace of the country. And we've also seen governments purposefully turn off cellular access in Myanmar and India and Iran, sometimes for a week at a time, just as a way to quell descent. We've never seen this happen in the US, but I think we can easily imagine that it's possible, either with insider access or from an external threat. And we've also seen it just happen because of natural disasters and terrorist attacks in the US where there's a crisis and everyone overwhelms the network, just trying to reach loved ones or emergency service providers. And one of the solutions that people have been talking about is like a kind of peer-to-peer mesh radio, like, I think you've been looking into this. - Yeah, we've been looking into this type of technology that's called Meshtastic. So, actually I have one of the devices here, and it looks like a little pager, if you remember those, but it's basically just a radio, a circuit board, and an antenna. These devices come in a bunch of different forms. Some of them look like the old Blackberry devices. They have actual keyboards, some of them have touch screens. Some of them are really simple with just like a 3D printed case like this one. Basically, all the devices work the same. Meshtastic is a radio-based mesh network that uses long range radio to send encrypted messages between devices across distances of up to 200 miles. Meshtastic is an open source software project. It's not maintained by any one company, and pretty much anybody can get involved with the Meshtastic community. Unlike cell phones that connect to a tower to communicate, Meshtastic is a peer-to-peer network, meaning that each device communicates with other devices in the area. You're able to use this without cellular service, without wifi. You can connect it to your phone, so you can text straight from there. And the device itself is what's sending the message, and it's really low bandwidth, so you can't really send much information, but the good thing is that it's really not reliant on any centralized system like a cell network. - And the cool thing about it is that you don't have to be within line of sight of the recipient of the message, you just have to be in line of sight of some other Meshtastic radio so that you can connect to the whole mesh, and then that message gets passed around among all these peers until it reaches the intended recipients. That's the cool thing about it, I guess, is that like the more of these radios connect to the network, the more powerful it becomes. - It's still really early days for this. There's not that many people who have a Meshtastic device compared to, say, a cell phone, of course, but if you live in a city, there's a good chance you're gonna have some type of Meshtastic network already set up and you're gonna be able to communicate with each other. - It does seem like this is maybe the first step in creating a system that would survive a larger disruption of centralized cellular service. - Meshtastic is real useful during, say, natural disasters when the phone lines are down, but can also be useful if you're just an area with poor cell coverage, like out for a hike. Meshtastic can't replace your cell phone altogether, but it's gonna work when a cell phone isn't. This has been "Incognito Mode." [futuristic musical tones]
Techday NZ
29-04-2025
- Techday NZ
Iberian blackout raises fears of growing cyber-attack risks
The recent widespread blackout affecting Spain and Portugal has sparked discussion over whether a cyber-attack could have been responsible, despite initial reports pointing to a technical fault. Large areas of both countries were left without electricity, disrupting transportation, communications, and daily routines. The power failure started when a key international power line was disconnected, causing cascading disturbances across regional energy grids. This blackout, which persisted for hours in certain regions, was traced to a fault in the high-voltage transmission network managed by Spain's Red Eléctrica de España (REE). Speculation about the possibility of a cyberattack arose swiftly after the incident, driven in part by recent high-profile cyber incidents globally. Early reports cited a 'rare atmospheric phenomenon' as a likely cause, but suspicions of malicious activity persisted, underscoring the heightened concern surrounding cyber threats to critical infrastructure. Comparisons were drawn with previous cyberattacks, such as the Colonial Pipelines ransomware incident in the United States in 2021. Nevertheless, both REE and Portugal's grid operator Redes Energéticas Nacionais (REN) ruled out signs of unauthorised access after reviewing SCADA (Supervisory Control and Data Acquisition) logs, telemetry, and firewall data. Despite these assertions, the cause remains under investigation by Spain's National Cybersecurity Institute, and a cyberattack has yet to be definitively discounted by all parties. Certain factors led to the initial suspicion of a cyber-attack. These included simultaneous failures at multiple points, which was reminiscent of coordinated cyber-induced grid events observed in Ukraine in 2015 and 2016. Moreover, the collapse of mobile and internet services, coinciding with the blackout—and the failure of some backup systems—encouraged further speculation. The situation unfolded during a period of elevated cybersecurity alertness in Europe, amid ongoing geopolitical tension. The absence of immediate, clear communication from grid operators allowed conjecture to fill the resulting information gap. Specops Software explored these questions, highlighting the broader context in which such concerns arise. Their analysis stated, "The suspicion around malicious activity shows how wary people around the globe are of cyber-attacks and the devastating impacts they could have." "Nation-state actors often probe or attack energy grids to gain leverage in broader conflicts. Disabling power generation or transmission can undermine civilian morale, disrupt military logistics, and signal coercive intent without immediate kinetic engagement." n the Russo-Ukrainian context, the 2015–16 attacks on Ukraine's grid by the Sandworm group demonstrated how precision outages (tripping substations via malware like BlackEnergy) can be used as a tool of statecraft." the analysis also outlined the motivations that hackers may have for targeting a national energy grid, noting. Financial motives are also a consideration, as highlighted in the analysis: "Financially motivated cybercriminals view energy companies (often large, highly automated, and reliant on digital controls) as lucrative ransomware targets. Encrypting SCADA backups or operator workstations can halt operations swiftly, pressuring victims to pay ransoms to restore power. Groups like BlackCat/ALPHV and LockBit 3.0 have increasingly targeted energy and critical-infrastructure firms." Beyond immediate disruptions, adversaries may use access to grid networks to understand the control system's architecture, harvest valuable data, or develop custom malware. The blog noted, "The Chinese group RedEcho have been accused of infiltrating India's power grids in recent years." Security specialists look for several indicators to determine if a power grid outage may be the work of cyber attackers. According to Specops Software, these include unexplained network reconnaissance, unauthorised access attempts, anomalous commands within control systems, discrepancies between physical measurements and logged data, the discovery of malware, and disruptions in monitoring and alerting systems. They noted, "Coordinated multi-vector anomalies—simultaneous disruptions in power and ICT (telecom networks, NMS servers) that outpace what one physical fault could explain," are a particular cause for concern. Passwords and credential management routinely contribute to the vulnerability of both IT and operational networks. Specops Software highlighted, "Weak or default passwords are one of the simplest and most common footholds an attacker can use to break into both IT and OT (SCADA/ICS) environments in a power-grid operator." They explained how remote access points protected by weak credentials, reused passwords, or insufficient multi-factor authentication can provide an entry route for attackers. The risk is multiplied if such vulnerabilities exist across both office and control-system environments, as happened during Ukraine's blackout in 2015. The incident in the Iberian Peninsula is still being examined, but the debate it triggered reflects a growing awareness of the risks facing critical infrastructure operators worldwide. Specops Software commented, "Ultimately, the Iberian blackout served as a powerful reminder of the potential risks of infrastructure being targeted by a cyber-attack. In the midst of a sudden grid collapse, it was all too easy to leap to the cyber-attack hypothesis, fueled by recent headlines and geopolitical anxiety. Even if the true cause was natural phenomena as the current evidence points to, the very real threat of a targeted intrusion demands vigilance." The analysis concluded, "Operators must treat every incident as an opportunity to harden their defenses, from enforcing airtight password policies and multifactor authentication to rigorous network segmentation and 24/7 anomaly monitoring. If nothing else, this episode underscores that preparation (not panic) is the best antidote to both technical failures and malicious assaults."
Yahoo
28-04-2025
- Politics
- Yahoo
What could be behind Europe's power outage
The cause of the collapse in Spain and Portugal's national grids remains uncertain. But experts are already suggesting reasons for the widespread power outages, including equipment fault, a cyber attack, the role of renewables and the weather. Here are some of the key theories as to what may have gone wrong. The cyber security wing of the European Union (EU) has suggested a technical or cable fault could be responsible for the mass power outage across Spain and parts of France and Portugal. Preliminary findings from the the European Union Agency for Cybersecurity (ENISA) have veered away from a cyber security attack. A spokesman said: 'For the moment the investigation seems to point to a technical/cable issue.' The ENISA said it is 'closely monitoring' the situation and remains 'in contact with the relevant authorities at national and EU level'. Early speculation centred on whether power could have been knocked offline by a cyber attack. Spain's INCIBE cybersecurity agency initially said it was investigating the possibility of the blackout being triggered by a cyber attack. Juan Manuel Moreno, the president of the regional government of the Spanish region of Andalucia, said: 'Everything points to a blackout of this magnitude only being due to a cyberattack.' Spanish officials initially said they had not ruled out a cyber attack as the cause of the dramatic outage, with one government source telling Politico: 'A cyberattack has not been ruled out and investigations are ongoing.' However, the Portuguese National Cybersecurity Centre said there was no sign that the outage was caused by a cyberattack. Past cyber attacks on grid infrastructure have been used to cause mass blackouts for hundreds of thousands of people. In December 2015, Russian hackers knocked out the systems of three energy companies in Ukraine, causing blackouts for 230,000 people. The attacks were believed to have been ordered by Russia's intelligence agency and carried out by the Sandworm hacking group. Spy chiefs have long warned that hostile states are targeting Britain's electricity grid and other critical national infrastructure. In April, Peter Kyle, the Technology Secretary, told The Telegraph that briefings from the country's intelligence agencies had left him with a 'deep concern about our ability to keep our country and critical services ... safe'. 'I was really quite shocked at some of the vulnerabilities that we knew existed and yet nothing had been done,' Mr Kyle said. In November, Pat McFadden, the Chancellor of the Duchy of Lancaster, warned that Russian cyber attacks had the capability to 'turn off the lights for millions of people'. Spain is the third-most targeted country by Russian cyber criminals known as 'hacktivists', according to a council report. ZIUR, a cybersecurity centre in the Basque province of Gipuzkoa, said that Spain's government, maritime and financial infrastructures had been regularly compromised by pro-Russian groups. A lack of wind and Spain's reliance on turbines for power could also be a factor in the blackouts. Spain has one of Europe's highest proportions of renewable energy, providing about 56pc of the nation's electricity. More than half of its renewables comes from wind with the rest from solar and other sources. That means Spain's electricity supplies are increasingly reliant on the weather delivering enough wind to balance its grid. For much of the last 24 hours, that wind has been largely missing. The website for example, shows wind speeds of 2-3mph, leaving the country reliant on solar energy and old gas-fired power stations. The weather system that has left Spain bereft of wind is also having similar effects across the rest of Western Europe with the UK, Germany, the Netherlands and others all seeking extra sources of electricity as their wind turbines fall still. France, for example, has been calling on Spain for extra electricity. The UK, which is also increasingly reliant on wind, was on Monday morning struggling to get any turbine power. Instead, it was relying on imports from Europe – with the London and South East receiving 58pc of its power from imports, according to the National Energy System Operator (Neso). The sheer scale of the demands being transmitted between countries and across interconnector cables – especially at a time when wind and other renewable output plummets – may be enough to disrupt grids and power transmission. The large amount of solar power on the Spanish and Portuguese grids may have also left the Iberian power grid more vulnerable to faults or cyber attacks, according to one expert. Generators that have spinning parts, such as those running on gas, coal or hydropower, create what is known as 'inertia', which helps to balance the frequency of power on the grid to prevent faults. Solar panels do not generate inertia on the system, however, and there are known issues with low inertia on the Iberian grid. At about 10am on Monday, roughly two hours before the power cuts, almost 60pc of Spain's power was being generated by solar farms, according to transparency data. Ms Porter said: 'If you have a grid fault, it can cause a frequency imbalance and in a low-inertia environment the frequency can change much faster. 'If you have had a significant grid fault in one area, or a cyber attack, or whatever it may be, the grid operators therefore have less time to react. That can lead to cascading failures if you cannot get it under control quickly enough. 'The growing reliance on solar has pushed inertia on the grid to the point where it does become more difficult to respond to disruptions such as significant transmission faults.' However, she added, if the blackouts were caused by cyber attacks on multiple parts of the grid, more inertia would not have helped. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Telegraph
28-04-2025
- Politics
- Telegraph
What could be behind Europe's power outage
The cause of the collapse in Spain and Portugal's national grids remains uncertain. But experts are already suggesting reasons for the widespread power outages, including equipment fault, a cyber attack, the role of renewables and the weather. Here are some of the key theories as to what may have gone wrong. Cable fault The cyber security wing of the European Union (EU) has suggested a technical or cable fault could be responsible for the mass power outage across Spain and parts of France and Portugal. Preliminary findings from the the European Union Agency for Cybersecurity (ENISA) have veered away from a cyber security attack. A spokesman said: 'For the moment the investigation seems to point to a technical/cable issue.' The ENISA said it is 'closely monitoring' the situation and remains 'in contact with the relevant authorities at national and EU level'. Cyber attack Early speculation centred on whether power could have been knocked offline by a cyber attack. Spain's INCIBE cybersecurity agency initially said it was investigating the possibility of the blackout being triggered by a cyber attack. Juan Manuel Moreno, the president of the regional government of the Spanish region of Andalucia, said: 'Everything points to a blackout of this magnitude only being due to a cyberattack.' Spanish officials initially said they had not ruled out a cyber attack as the cause of the dramatic outage, with one government source telling Politico: 'A cyberattack has not been ruled out and investigations are ongoing.' However, the Portuguese National Cybersecurity Centre said there was no sign that the outage was caused by a cyberattack. Past cyber attacks on grid infrastructure have been used to cause mass blackouts for hundreds of thousands of people. In December 2015, Russian hackers knocked out the systems of three energy companies in Ukraine, causing blackouts for 230,000 people. The attacks were believed to have been ordered by Russia's intelligence agency and carried out by the Sandworm hacking group. Spy chiefs have long warned that hostile states are targeting Britain's electricity grid and other critical national infrastructure. In April, Peter Kyle, the Technology Secretary, told The Telegraph that briefings from the country's intelligence agencies had left him with a 'deep concern about our ability to keep our country and critical services ... safe'. 'I was really quite shocked at some of the vulnerabilities that we knew existed and yet nothing had been done,' Mr Kyle said. In November, Pat McFadden, the Chancellor of the Duchy of Lancaster, warned that Russian cyber attacks had the capability to 'turn off the lights for millions of people'. Spain is the third-most targeted country by Russian cyber criminals known as 'hacktivists', according to a council report. ZIUR, a cybersecurity centre in the Basque province of Gipuzkoa, said that Spain's government, maritime and financial infrastructures had been regularly compromised by pro-Russian groups. Problems with green energy A lack of wind and Spain's reliance on turbines for power could also be a factor in the blackouts. Spain has one of Europe's highest proportions of renewable energy, providing about 56pc of the nation's electricity. More than half of its renewables comes from wind with the rest from solar and other sources. That means Spain's electricity supplies are increasingly reliant on the weather delivering enough wind to balance its grid. For much of the last 24 hours, that wind has been largely missing. The website for example, shows wind speeds of 2-3mph, leaving the country reliant on solar energy and old gas-fired power stations. The weather system that has left Spain bereft of wind is also having similar effects across the rest of Western Europe with the UK, Germany, the Netherlands and others all seeking extra sources of electricity as their wind turbines fall still. France, for example, has been calling on Spain for extra electricity. The UK, which is also increasingly reliant on wind, was on Monday morning struggling to get any turbine power. Instead, it was relying on imports from Europe – with the London and South East receiving 58pc of its power from imports, according to the National Energy System Operator (Neso). The sheer scale of the demands being transmitted between countries and across interconnector cables – especially at a time when wind and other renewable output plummets – may be enough to disrupt grids and power transmission. The large amount of solar power on the Spanish and Portuguese grids may have also left the Iberian power grid more vulnerable to faults or cyber attacks, according to one expert. Generators that have spinning parts, such as those running on gas, coal or hydropower, create what is known as 'inertia', which helps to balance the frequency of power on the grid to prevent faults. Solar panels do not generate inertia on the system, however, and there are known issues with low inertia on the Iberian grid. At about 10am on Monday, roughly two hours before the power cuts, almost 60pc of Spain's power was being generated by solar farms, according to transparency data. Ms Porter said: 'If you have a grid fault, it can cause a frequency imbalance and in a low-inertia environment the frequency can change much faster. 'If you have had a significant grid fault in one area, or a cyber attack, or whatever it may be, the grid operators therefore have less time to react. That can lead to cascading failures if you cannot get it under control quickly enough. 'The growing reliance on solar has pushed inertia on the grid to the point where it does become more difficult to respond to disruptions such as significant transmission faults.' However, she added, if the blackouts were caused by cyber attacks on multiple parts of the grid, more inertia would not have helped.
WIRED
15-02-2025
- Politics
- WIRED
The Official DOGE Website Launch Was a Security Mess
Matt Burgess Andrew Couts Feb 15, 2025 6:30 AM Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire. Photograph: Kamran Jebreili/AP As the United States reels from the upheaval caused by Elon Musk's so-called Department of Government Efficiency (DOGE), hackers from countries the US considers hostile continue to wreak havoc from afar. New research shows that China's Salt Typhoon hacking group has expanded its targets list to include universities around the world and at least two more telecoms operating in the US. That brings the total number of US telecommunications networks breached by Salt Typhoon to at least 11. Russia's notorious Sandworm hacking unit may be best known for its attacks on Ukraine, including multiple blackouts caused by its cyberattacks and its release of the destructive NotPetya malware. However, a hacking group within Sandworm is now taking aim at targets in Western nations, including Australia, Canada, the UK, and the US, according to research released this week by Microsoft. The group, which Microsoft calls BadPilot, is known as an 'initial access operation,' breaching targets for the purpose of handing over access to those systems to other Sandworm hackers. Meanwhile, we dug into the slimy world of romance scammers who are making ill-gotten fortunes by capitalizing on the loneliness epidemic, and we dipped into the opaqueness of online advertising data that could pose a threat to US national security. Finally, we found that US funding cuts under the new Trump administration are hurting the organizations protecting children from exploitation, abuse, and human trafficking. And there's more. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Elon Musk's DOGE finally started publishing some information about its activities on its threadbare website this week. But it wasn't the only entity publishing on the site. Two web developers, working independently, found that it is possible to push updates to the domain, which claims to be an official US government website. The website uses a database that can be edited by anyone online, the experts told 404Media. To demonstrate the insecurity, they left a couple of messages on the DOGE site: 'This is a joke of a .gov site,' one read, while the other says: 'THESE 'EXPERTS' LEFT THEIR DATABASE OPEN.' The messages stayed on the website for at least 12 hours and remained visible for some time on Friday. The DOGE website was launched in January and until this week was a single landing page containing very little information. The web experts who discovered the vulnerabilities told 404Media that the website appeared to have been 'slapped together.' The website only started being populated this week—with some figures purporting to show the size of the US government—after Musk promised his organization would be 'maximally transparent.' That transparency may have gone a step too far, however, with HuffPost reporting on Friday that the site included classified material. As well as being insecure, the DOGE website heavily leans on X, the social media platform owned by Musk. DOGE's homepage is a feed of its own X posts, but it also uses code that directs search engines to instead of a WIRED review of the site found. 'This isn't usually how things are handled, and it indicates that the X account is taking priority over the actual website itself,' one developer told WIRED. RedNote Security Flaws Come Into Focus Chinese TikTok alternative RedNote gained around 700,000 US users and courted American influencers when the ban on TikTok loomed in January. While many of those people may have only used RedNote for a few days, a new analysis from the University of Toronto's Citizen Lab has highlighted how a lack of encryption could have opened up US users to 'surveillance by any government or ISP [Internet Service Provider], and not just the Chinese government.' The analysis of RedNote found a host of network security issues in both its Android and iOS apps. RedNote fetched images and videos using HTTP connections, not the industry standard and encrypted HTTPS; some versions of the app contained a vulnerability that allows an attacker to have 'read' permissions on a phone; and it 'transmitted insufficiently encrypted device metadata.' The flaws were contained in RedNote's app and several third-party software libraries that it uses. Citizen Lab reported the issues to the companies starting in November 2024 but has not heard back from any of them. The security researchers say that the vulnerabilities could risk surveillance for all users, including those in China. 'As the Chinese government might already have mechanisms to lawfully obtain detailed data from RedNote about their users, the issues that we found also make Chinese users especially vulnerable to surveillance by non-Chinese governments,' the research says. It underscores that within China even widely used apps may not meet the same security standards as those developed outside the country. 'Applications that are popular in China often use no encryption, proprietary encryption protocols, or use TLS without certificate validation to encrypt sensitive data,' the analysis says. Military Spy Planes Increase Surveillance Flights at US-Mexico Border Over the last two weeks, US spy planes have flown at least 18 missions around the Mexico border, analysis from CNN has shown. The flights mark a 'dramatic escalation in activity,' the publication reports, and come as the Trump administration has designated drug cartels as terrorist organizations and has turned the nation's security apparatus toward deporting millions of migrants. According to CNN, various military planes, including Navy P-8s and a U-2 spy plane, were used in the operations and are capable of collecting both imagery and signals intelligence. Also this week, US Immigration and Customs Enforcement has advertised new contracts that would allow it to monitor 'negative' social media posts that people make about it. Backlash Mounts Against UK's Secret Apple Encryption Order Last month, the UK government hit Apple with a secret order demanding the company create a way to access data stored in encrypted iCloud backups. The order, called a Technical Capability Notice and issued under the UK's controversial 2016 surveillance law, was first reported by The Washington Post last week. Since then, there's been a growing backlash against the demands from the UK government, with many highlighting how a change would impact the security of millions around the world. US senator Ron Wyden and representative Andy Biggs have sent a letter to Tulsi Gabbard, the new director of national intelligence, saying the order undermines trust between the US and UK. 'If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK,' the pair said, drawing comparisons to the Chinese-linked Salt Typhoon hacks of US telecom firms that utilized a surveillance 'backdoor.' Since details of the order emerged, Human Rights Watch has called it an 'alarming overreach,' while 109 civil society organizations, companies, and other groups signed an open letter saying the 'demand jeopardizes the security and privacy of millions.'
