Criminals broke into computers belonging to US nuclear power plant operator

Criminals have managed to break into the computers of at least a dozen US power plants, including a nuclear power plant in Kansas. This is reported by the US Department of Homeland Security and the FBI.

One of the targets of the attackers was the privately-owned Wolf Creek Nuclear Operating Corporation in Kansas, which operates the state’s Wolf Creek Generating Station nuclear power plant. Company spokespersons tell The New York Times that the computers are within the company and that control systems for the exchange are not affected. These systems run on an independent network.

The Department of Homeland Security and FBI warn of the attacks in a document the NYT and Bloomberg have seen. In a response, government services say there is no indication that public safety has been compromised and that the impact appears to be limited to administrative and business networks. The attackers would have wanted to map the networks for possible future attacks, the FBI investigation concluded.

It is not clear whether the ultimate goal is industrial espionage or sabotage of the energy supply. Nor is it known who is behind the attacks. The FBI speaks of attackers as posing a sophisticated, persistent threat, suggesting that the agency is considering state hackers. The attackers tried to penetrate the networks with targeted e-mail, among other things. In doing so, they targeted people with elevated rights within the networks and systems for the power plants with malware.

Although these are attacks on computer networks, experts have been warning for years about the vulnerability of so-called scada systems. This is the name for industrial management systems for critical infrastructure in some cases. In the development of these mostly old systems, internet security was not always a high priority.