Skip to main content

See also:

Homeland Security confirms: US utility system hacked

US threatened by "brute force" hacking
US threatened by "brute force" hacking
Photo by Joshua Roberts/Getty Images

Reuters and many other notable online news sites are reporting on May 20, 2014 that the US utility control system has been hacked by brute force. Homeland Security is confirming but says that there is no evidence that operations were negatively affected in any way.

The DHS suspects that the security breach took place by means of an Internet portal that is currently in place for utility control systems workers to gain access to important information and intradepartmental processes. The term “brute force” refers to a process in which hackers force their way into a specific website by trying thousands of individual passwords until the proper one is finally found. This is believed to be the method for how these hackers gained access to a US government controlled website.

The news has made the headlines in Europe as well, appearing this morning, May 21, 2014 on the website TechWeek Europe. This website goes on to say that even more alarming cyber security issues are of greater concern. TechWeek alleges that the US utilities sites was not even protected by a simple firewall of any kind, nor through standard practices of authentication access controls.

"In most cases, systems that are so antiquated to be susceptible to such brute (force) technologies would not have the detailed logging required to aid in an investigation like this," says Justin Clarke, an expert consultant in the field of cyber security from Cylance, Inc.

It will be interesting to see if this news story is picked up by the media elite. Oddly, Homeland Security rarely admits to such cyber-attacks in order to keep the details of their investigations secret and to avoid negative publicity.

Further statements by the DHS also admit that the utilities site has probably been compromised and hacked several times in the recent past, although the previous occurrences likely went undetected. This supports a recent article by CGMA Magazine “Nine ways to bolster data security”. Sensitive data for both corporations and private individuals is very often breached without ever being detected.