Despite signing a nuclear deal forced through the US Congress by President Barack Obama, the Iranian government has continually pushed the limits.
Now a new report says the Islamic country may have access to dangerous amounts of data and passwords — and they could use it to shut down power for millions of Americans at any time.
Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States power grid.
Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.
Experts say that so many attackers have stowed away in the systems that run the U.S. electric grid that analysts believe they likely have the capability to strike at will.
And that’s what worries Wallace and other cybersecurity experts most.
This attack is particularly disturbing because the cyber spies grabbed so much, according to interviews and previously unreported documents reported by the Associated Press.
In their attack, hackers grabbed user names and passwords that could be used to connect remotely to Calpine’s networks, which were being maintained by a data security company. Even if some of the information was outdated, experts say skilled hackers could have found a way to update the passwords and slip past firewalls to get into the operations network. Eventually, they say, the intruders could shut down generating stations, foul communications networks and possibly cause a blackout near the plants.
They also grabbed detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.
Finally, there were additional diagrams showing how those local plants transmit information back to the company’s virtual cloud, knowledge attackers could use to mask their activity. For example, one map shows how information flows from the Agnews power plant in San Jose, California, near the San Francisco 49ers football stadium, to the company headquarters in Houston.
Wallace first came across the breach while tracking a new strain of noxious software that had been used to steal student housing files at the University of California, Santa Barbara.
“I saw a mention in our logs that the attackers stored their malware in some FTP servers online,” said Wallace, who had recently joined the Irvine, Calif.-based cybersecurity firm Cylance, Inc., fresh out of college. “It wasn’t even my job to look into it, but I just thought there had to be something more there.”
Wallace started digging. Soon, he found the FTP servers, typically used to transfer large numbers of files back and forth across the Internet, and the hackers’ ill-gotten data — a tranche of more than 19,000 stolen files from thousands of computers across the world, including key documents from Calpine.
Before Wallace could dive into the files, his first priority was to track where the hackers would strike next — and try to stop them.
He started staying up nights, often jittery on Red Bull, to reverse-engineer malware. He waited to get pinged that the intruders were at it again.
Months later, Wallace got the alert: From Internet Protocol addresses in Tehran, the hackers had deployed TinyZbot, a Trojan horse-style of software that the attackers used to gain backdoor access to their targets, log their keystrokes and take screen shots of their information. The hacking group, he would find, included members in the Netherlands, Canada, and the United Kingdom.
The more he followed their trail, the more nervous Wallace got.
Then he discovered evidence of the attackers’ most terrifying heist — a folder containing dozens of engineers’ diagrams of the Calpine power plants.
According to multiple sources, the drawings contained user names and passwords that an intruder would need to break through a firewall separating Calpine’s communications and operations networks, then move around in the network where the turbines are controlled. The schematics also displayed the locations of devices inside the plants’ process control networks that receive information from power-generating equipment. With those details, experts say skilled hackers could have penetrated the operations network and eventually shut down generating stations, possibly causing a blackout.
Circumstantial evidence such as snippets of Persian comments in the code helped investigators conclude that Iran was the source of the attacks.
As Deputy Energy Secretary Elizabeth Sherwood Randall said in a speech earlier this year, “If we don’t protect the energy sector, we are putting every other sector of the economy in peril.”
The Associated Press contributed to this article
Marilynn Reeves says
Just remember Muslims are all about peace and love.
Bruce says
I’m sure the Iranians living under the Shah didn’t know much peace and love either.
Jay Bell says
That is an irrelevancy, Bruce. The previous poster was speaking of malevolent Islam. Under the Shah, Iran was Muslim–as it is today. Most Iranian Shiites are “twelvers”–that is, they believe that the twelfth Imam, the Imam Mahdi will bring world war and will reign over the whole earth for seven years. The Imam Mahdi bears a striking resemblance to the Antichrist, who is sketched out in the Bible. The Shiites even believe that he will ultimately be killed after the seven years (the length of time that Antichrist is supposed to rule). In addition, they believe that “Isa (Jesus), son of Mary” will be present at the end of the world that is brought on by the Imam Mahdi. Twelvers believe that it is their responsibility to bring this conflict, in any way that they can, so that the Imam Mahdi will rise from his place in the earth, to rule the world.
Islam itself is the problem–ISIS is radical Sunni Islam, but radical Shiite Islam is no better. It is because the closer any Muslim comes to the Quran, the more radicalized, malevolent and violent he/she becomes. The only antidote is the gospel of Jesus Christ. The Quran was brought to Middle Easterners in the 7th century A.D. by Mohammed, a violent man of war. The true revelation of God is complete in Jesus Christ, the “Prince of Peace”. Even Mohammed was unsure that the “revelation” he had received from an “angel” was from God–and speculated that he had received it from a possible demon. His Roman Catholic wife persuaded him that he had received it from God. But then, Roman Catholics have always seemed to have difficulty discerning the truly angelic from the demonic. It is because they do not know the Bible. That is where true spiritual discernment is formed.
Mary says
That was very well done/explained!
Sierra says
Preach!
Juan TwoThree says
Marilynn: What, are you fuking nuts???????????
Joseph Falzone says
What is even more important is what we do from here. How does are country now protect are selves from this happening. Finding this information is just the first step. Now we need to fix this problem as quickly as we can.
Annette says
You must be Muslim if not your crazy!
Jc says
There’s nothing to see here, people. It was all part of the deal the NOTUS struck up with them.
Robert Hagedorn says
Marilynn, I suspect you are being sarcastic, but some people, including the Salon troll, didn’t pick up on the sarcasm.
Annette says
Since you can’t read emotions with words unless you are typing in all Caps maybe but if she was joking at least a smiley face behind her comment would have given it away if she was joking, has she responded?
If not she’s just another sympathizer or is like all the others being supportive because they fear them.
FREEDOM says
If you read and study the Quran as I have done recently…It becomes very clear that Islam is NOT even a Religion….It is a Political Ideology that has been a False Form of Religion…So as to disguise what it really is…
Cheryl says
I hope this problem can be fixed ASAP! This info can be used to prevent this happening in the future. Good for this employee who went the extra mile. God bless him.
john says
Will Fox, Hannity,lou,megan,O Reilly put your notices up?
KC says
It’s time to turn the sand to glass over in Iran. Why does your so-called leadership tolerate this type of threat to our nation? It is because they want to put American in the dark, and turn America into a third world nation so we are equal with the rest of the world. Obama and his criminal organization believe it is not fair that we in America have it so good, and have been far more advanced than the middle eastern nations, except for Israel of course. I think a pre-emptive strike w/EMP’s to knock out their power first would be in order. Then our intelligence community should hunt down any hackers trying to down our power grid, and terminate them. Problem Solved!
Bruce says
Wow. Brilliant. You should be president!
Donald says
Mohammedans have never been secretive about their plans. As they proceed with their killings and destructions it will all be consistent with their publicized goals.
Andrew Martinez says
Our president likes to claim the Republican right wing conservatives cling to our God and guns. What does he say about the terrorists who do so with evil intent? Crickets! Obama, a true POS!
DixieBelle says
These are the same “good” people Obama just gave millions to.
William says
DixieBelle it not Millions it is 100Billions to as much as 150,000,000,000 (150Biilion Dollars).They have violated the terms of this treaty a number of times. With the money we let loose they bought missles from Russia and are testing them a violation of this deal.
Patricia Ray says
Well, what can you expect? A simple analysis of our president’s full name: Baraq (the Q by itself….no “U” after it….very Muslim) Hussein (as in Sadam Hussein……get it stupid Liberal Democrats???) Obama…..well that last name is suspect enough! Always hard for me to believe that just 7 short years after 9/11, Liberal America puts into power a president whose middle name is HUSSEIN!!!
Lorraine E says
Ah, another country under the spell of their religion of peace. They call our country “The great satan” and yet this administration is hell bent on their never ending kissy kissy bending over to appease Persia.
Rudy Sauter says
How stupid do you think we are to believe this crappy report? What good are drawings to a cyber attack? You are hate mongers trying to maneuver an attack on Iran made popular for the U.S. Public keep it up and You might get fried too in WW III
Jay Bell says
Rudy–no one said that they were only going to do cyber-attacks from Iran. Iran undoubtedly has its agents on the ground here and they may be planning a physical attack in combination with a cyber-attack. They would likely use the cyber-attack to disable alarm systems and then physically attack and destroy the power plant. And then blame it on Isis.
Diane says
12/21/15 = Good morning this was bound to happen, with the people running our government, that make so many foolish decisions. Some of the people say that our America is now, not a Christian Based Nation. I guess that means that they desire a non-Christian nation. = If this foolishness continues, they might be able to get their desire, to see what happens, when our CHRISTIAN GOD is taken out of this country. GOD HELP THE TRUE AMERICANS.
Jv says
What do you expect! We have idiots in Washington that are allowing these people into the country. There will be only one person in the future to blame for attacks in the country, guess who that will be?
Justin W says
Everyone who has access to mission-critical operations at power plants should be expected to change user names and passwords on a regular basis. There should be multiple levels of authentication on these accounts such as logging of MAC addresses and possibly some sort of an encrypted key on the machine’s hard drive.
Regardless of what Obama the Gullible may think, Iran has no desire for peace, unless it comes after destroying us and Israel.
Gary says
I believe that the Iranians see Obama for what he is, a weak leader that believes that he can achieve peace by appeasing. History has shown that appeasement never works. Hopefully the country before it is too late and realize that our emperor (Obama) has no clothes.
Mollyg says
America, under a new president, should do what it does best, Kill the enemy without remorse, and finally win the war on terrorism by any means! Get rid of the obstacles preventing a win! Do right by its citizens!
Pam says
What would you do if an armed intruder entered your home to kill you and your family? Would you kill them? Or make them breakfast before you all die?
The intruder is in our home….the USA…and they intend to kill us…. We the people are not going to make them breakfast!
Good luck to you and your ideology!…hopefully your family members are brighter!
Gary says
I believe that the Iranians see Obama for what he is, a weak leader that believes that he can achieve peace by appeasing. History has shown that appeasement never works. Hopefully the country before it is too late will realize that our emperor (Obama) has no clothes.
Craig Matthews says
But, didn’t the president just give them the keys to getting the nukes they want? Why bother with the power grid? /sarc off
John says
The radical Islamic Cult is all about murdering anyone not practicing it. Their numbers are far greater than the liars in our federal government would have you believe.
PATRICIA NEEDHAM says
What planet has Marilyn been living on the last few years? Please, give me a break, we are not all idiots to believe her comment. I am sure there are some good Muslims, but for the most part, I don’t trust them any further than I could sling them. This country’s problem is the administration we have been under the past 8 years. Soon to change for the better, I hope! We need a strong, AMERICAN, who will not take crap from other countries, and who, for the most part, they are afraid of. WE need to take the bull by the horns and cut them off, as a figure of speech. More security, more military, stronger laws when it comes to immigration, the mission is to keep America safe not vulnerable. I hope everyone who voted for the current administration is satisfied with the outcome. I further hope that all those idiots see the light and make the right decision in this next election. It sure won’t be Hilary Clinton or any of her cronies. God forbid we’ll end up really in trouble. Get your guns ready, store your food and be prepared I’ m afraid the worse is yet to come. Oh and I forgot get your generators and gasoline stored as well. AMEN.
PATRICIA NEEDHAM says
What planet has Marilyn been living on the last few years? Please, give me a break, we are not all idiots to believe her comment. I am sure there are some good Muslims, but for the most part, I don’t trust them any further than I could sling them. This country’s problem is the administration we have been under the past 8 years. Soon to change for the better, I hope! We need a strong, AMERICAN, who will not take crap from other countries, and who, for the most part, they are afraid of. WE need to take the bull by the horns and cut them off, as a figure of speech. More security, more military, stronger laws when it comes to immigration, the mission is to keep America safe not vulnerable. I hope everyone who voted for the current administration is satisfied with the outcome. I further hope that all those idiots see the light and make the right decision in this next election. It sure won’t be Hilary Clinton or any of her cronies. God forbid we’ll end up really in trouble. Get your guns ready, store your food and be prepared I’ m afraid the worse is yet to come. Oh and I forgot get your generators and gasoline stored as well. AMEN.
Fernando azcuy says
Obama refuses to mention the words, Radical Islam, because it’s what he represents and encourages. Look at his racist views in America that is fueling hatred between the races and his total disrespect for law and order. The unjustified and murderous destruction of the Libyan govt. and it’s personnel, it was cold blooded murder. He also had our Libyan ambassador and his guards slaughtered at Benghazi by failing to protect them when reguired it do so, prior to the attack and during the assault. He is also directly responsible for the cummalative murder of hundreds of thousands of Syrians, Kurds, Iraqis and yes including American soldiers and others, through his failure to serve and protect as he is obligated to do so. HE NEEDS TO BE ARRESTED AND TRIED FOR MASS MURDER AND TREASON FOR STARTERS!!!
FREEDOM says
And all of this is under the watch of the MUZZIE TERRORIST DC DICTATOR who is the ILLEGAL Squatter in the White House….It would not surprise me if his Regime has directly helped in these Cyber Attacks…
dolly says
Don’t we know where their power grids are at also. If so why don’t we destroy their grids first. Seems like we would have been prepared that this could happen.
Larry says
Obama is a Muslim, it is as plane as the nose on your face. He is the ENEMY!!!
Stephen Russell says
Time to update power grid security, from physical to cyber.
Update & modernize/
CUT utility exec staffing to fund.
Unite utilities into some organz for Utility Security.
Hire ex Vets for guards.
Seal off gates, etc IF warranted.,
Hire more work crews for power grid.
Move A-Z away from NYC power wise that can effect nation
DO More, plan more./
Paul says
We are going to see a lot more threats an hopefully only threats? My opinion their going to have a field day till next election? They laugh at the weakness of our powers to be at present!! They also know, when Trump becomes president, none of this will be tolerated!! An the repercussions if they do try any harm to the USA, WILL BE MET WITH GREAT FORCE!!!:
MIKE C says
Every time Obama does something un american I say he cant do worse . Well guess what ? He does another unamerican thing There is no end to Obama and his unamerican ways . Why are the republicans NOT impeaching him already / They have enough on him to make it easy for them to prevail !!! Obama is the worst president ever put into office and needs to be removed by impeachment before he does any more damage and gets us into world war 3 . This man makes be very ill by all his actions and anyone with half of brain should be able to see he is leading us down the road of no good. My lists of obama faults is long and I cannot understand why his fellow democrats are allowing him to get his way with all he does??? Makes no sense . We impeached Bill Clinton over a BJ for christ sake !!!! What are those up in wash dc drinking or smoking the last 7 years anyway ??? God Bless America .