Cyber Attack on German Nuclear Power Plant

Source: http://www.securityweek.com/german-nuke-plant-hit-disruptive-cyber-attack-report, http://www.bbc.com/news/technology-36158606(SecurityWeek, BBC News)

PCs were infected with several viruses, these computers were used at a German nuclear power plant known as Rheinisch-Westfälisches Elektrizitätswerk(RWE).  The attack was marked as disruptive rather than destructive, the Director of National Intelligence James Clapper said it wasn’t an attack “since it was entirely passive and it didn’t result in the destruction or any of those kinds of effects. There was no destruction of data or manipulation of data. It was simply stolen.” Disruptive is a term used to distinguish attacks that are not destructive like the attack on Sony Corp in 2014, while the Stuxnet attack on Iran’s nuclear program would be considered destructive.  This being said the attack on the German nuclear plant can more likely be seen as an act of cyber espionage rather than an act of cyber war.

Viruses were found on the fuel modeling system and on 18 USB sticks that were used as removable storage on office computers. Employees at RWE found the viruses as they were preparing to upgrade the computerized control system on the plant’s Block B, currently the system is not producing power while it undergoes scheduled maintenance. According to RWE no system that was directly involved with the control of nuclear reactors was infected, and the there was no danger to the public as a result of the infection. There were two well-known viruses among the malicious programs “W32.Ramnit” and “Conficker”. The infected systems were isolated from the internet and neither of the viruses we’re able to activate , update, and steal data. Ramnit was discovered back in 2010 and it is a remote access tool that attackers use to steal data, while the Conficker virus dates back to 2008 and is designed to grab login names and financial data.

International Atomic Energy Agency (IAEA) Director Yukiya Amano stressed that event shouldn’t be taken lightly, he mentions that this is not an imaginary risk and the issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. A spokesman for RWE said that more than 1,000 computers have now been checked for infection and cleaned up.