Mainland hacks uncovered in U.S.

SACRAMENTO, California., Los Angeles Times

For at least 17 days at the height of the energy crisis, hackers mounted an attack on a computer system that is integral to the movement of electricity throughout California, a confidential report obtained by the Los Angeles Times shows.

The hackers’ success, although apparently limited, brought to light lapses in computer security at the target of the cyber-attack, the California Independent System Operator, which oversees most of the state’s massive electricity transmission grid.

Officials at the Independent System Operator say that the lapses have been corrected and that there was no threat to the grid. But others familiar with the attack say hackers came close to gaining access to key parts of the system — and seriously could have disrupted the movement of electrons across the state.

Lawmakers were angered by the security breach at an entity that is such a basic part of the state’s electricity system, given its fragility during the state’s continuing energy crisis.

A report stamped “restricted” shows that the attack began as early as Apr. 25 and was not detected until May 11. The report says the main attack was routed through China Telecom, from someone located in Guangdong province in mainland China.

In addition to using China Telecom, hackers entered the system by using Internet servers based in Santa Clara in Northern California and Tulsa, Oklahoma, the report said. James Sample, the computer security specialist at the ISO who wrote the report, said he could not tell for certain where the attackers were located.

“You don’t know where people are really from,” Sample said. “The only reason China stuck out is because of the recent political agenda China had with the U.S. … An ambitious U.S. hacker could have posed as a Chinese hacker.”

The breach occurred amid heightened Sino American tensions after the collision between a PRC military jet and a U.S. spy plane. In early May, there were hundreds of publicly reported attacks apparently originating from the PRC. Most of those incidents involved mischief; anti-American slogans were scrawled on government Web sites.

The attack on the ISO’s computer system apparently had the potential for more serious consequences, given that the hackers managed to worm into their computers at the agency’s headquarters in Folsom, east of Sacramento, that were linked to a system that controls the flow of electricity across California. The state system is tied into the transmission grid for the Western United States.

“This was very close to being a catastrophic breach,” said a source familiar with the attack and the ISO’s internal investigation of the incident.

On May 7 and 8, as the infiltration was occurring, California suffered widespread rolling blackouts — although ISO officials said Friday that there was no connection between the hacking and the outages, which affected more than 400,000 utility customers.