When Cyberattacks Are No Longer Benign – Hackers Took Over Petrochemical Facility with an Intention to Cause Deadly Explosion
In a world where we are reading about stories of cyberattacks multiple times a day, it's become easy to lose focus on how seriously devastating they could be. While most of these attacks are launched by criminals to siphon off user data, others like WannaCry end up costing millions and even billions.
But, there is another type of cyberattack that could prove to be even deadlier.
When a petrochemical operation was breached in Saudi Arabia, attackers didn't want to steal data or shut it down. Investigators believe that the malware found in the facility was designed to damage the equipment and result in an explosion that could have destroyed the entire plant and killed everyone on site and nearby.
The only reason that prevented this explosion was an error in attackers' code.
Security experts at Mandiant (of the security firm FireEye), Schneider Electric that made the Triconex industrial systems that were targeted, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), and the Pentagon’s Defense Advanced Research Projects Agency are all investigating or supporting the investigation of this hack that occurred in August.
While the investigation is still going on, all of the investigators believe that the attack was intended to cause an explosion that would have killed people.
"In the last few years, explosions at petrochemical plants in China and Mexico - though not triggered by hackers - have killed several employees, injured hundreds and forced evacuations of surrounding communities," the NYT reports. "What worries investigators and intelligence analysts the most is that the attackers compromised Schneider’s Triconex controllers, which keep equipment operating safely by performing tasks like regulating voltage, pressure and temperatures."
These controllers are used around the world in about 18,000 plants, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants. If compromised, an extremist group or an enemy state could use them to take control of critical switches and cause devastating explosions without leaving a trace behind.
A nation state appears to be behind these well-funded cyberattacks
The involvement of a nation state is almost certain because "there was no obvious profit motive" and that the attack itself needed significant financial resources.
"Every hacking tool had been custom built."
To make this attack work, hackers would have also required the same version of the Triconex safety system to figure out its design. According to the NYT, those components go for nearly $40,000 on eBay.
As for which nation state could be behind this attack, the obvious countries with enough resources, time and the technical expertise include Israel, China, Russia, Iran, and the United States.
Whoever launched this attack could not only replicate similar cyberattacks in other countries but may have also motivated other aggressor nations to work on a similar campaign that ends up causing major explosions and doesn't require physical presence - and that's what is now worrying the governments and cybersecurity researchers.