California Man Discovers Iranian Hackers in Power Grid

California substation (Matthew Fern / Flickr / CC / Cropped)
Matthew Fern / Flickr / CC / Cropped

The investigation into the hacking of housing files at the University of California, Santa Barbara led security researcher Brian Wallace to the discovery that Iranian hackers were behind the data breach.

That, and a series of other data breaches that have taken place at energy grids and power plants, led the Associated Press to conduct an in-depth investigation.

The findings reveal that the Islamic Republic of Iran could potentially have the ability to attack America internally, using the highly-detailed, sensitive information some Iranians have potentially been able to gather on the U.S. power grid as a result of these hacks.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer told the AP. “It will also help them stay quiet and stealthy inside.”

The AP points out that during the Calpine breach, which experts believe began as far back as August of 2013 and could still be going on today, hackers obtained detailed engineering drawings of 71 networks and power stations from New York to California.

Snippets of comments made in the Persian language in the code reportedly helped investigators conclude that Iran was, in fact, the source of the attacks. The information these hackers had acquired contained usernames and passwords that could shut down generating stations and cause a blackout, possibly nationwide.

A recent report by the Wall Street Journal also reveals that Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City in 2013, sparking concerns that reached all the way to the White House.

An aging and outdated power system exposes the grid to even greater vulnerability.

The AP also found that smart meters, which are used in about 45 percent of U.S. homes to measure electricity usage for conservation purposes, are also prone to hacks as a consequence of their flimsy security. In addition, the decision to hook power plants up to the Internet over the last decade has given hackers new points of access.

Despite continuous efforts by Homeland Security and other cybersecurity entities to curtail this growing and imminent threat, America’s cybersecurity is not quite where it needs to be.

In a speech earlier this year, Deputy Energy Secretary Elizabeth Sherwood Randall reportedly revealed that if America doesn’t “protect the energy sector, we are putting every other sector of the economy in peril.”

The entire in-depth report can be found here.

Follow Adelle Nazarian on Twitter @AdelleNaz and on Facebook.




Please let us know if you're having issues with commenting.