home Software Applications Cyber: hackers attack German steel mill causing physical damage

Cyber: hackers attack German steel mill causing physical damage

Jan 13, 2015

This post is also available in: עברית (Hebrew)

According to a report issued by Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI), hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive” – though unspecified – damage.

This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel – according to widely publicized media reports throughout the world – launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant.

That attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur. Industrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals and financial networks. A destructive attack on systems like these could cause even more harm than at a steel plant.

According to a report in wired, which quotes the findings of the German report, the attackers gained access to the steel mill through the plant’s business network, and then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack – sending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network.

The report doesn’t name the plant or indicate when the breach first occurred or how long the hackers were in the network before the destruction occurred. It’s also unclear if the attackers intended to cause the physical destruction or if this was simply collateral damage. The report also illustrates the need for strict separation between business and production networks to keep hackers from leaping from one network to another and remotely accessing critical systems over the internet. Although a network can only be considered truly air-gapped if it’s not connected to the internet and is not connected to other systems that are connected to the internet, many companies believe that a software firewall separating the business and production network is sufficient to stop hackers from making that leap. But experts warn that a software firewall can be misconfigured or contain security holes that allow hackers to break through or bypass them nonetheless.