Allegedly, power companies have been under attack and blackmailed by hackers who are able to and have threatened power outages by manipulating the grid via the Internet.
In recent months, security researchers have emphasized long-standing security vulnerabilities in the Supervisory Control and Data Acquisition (SCADA) systems that control U.S. critical infrastructure systems ranging from power plants to dams to public transit (See " America's Hackable Backbone").While this is more than a little unsettling, having been on a few boards of directors, I have to wonder: How do you hide that type and size of extortion payments on your financial reports?
At the DefCon hacker conference in August, researcher Ganesh Devarajan of the security firm Tipping Point gave a presentation showing techniques that hackers can use to find points in SCADA systems that are vulnerable to hijacking and sabotage. The next month, the Associated Press obtained a U.S. Department of Homeland Security video, known as the "Aurora Generator Test," demonstrating how a cyber-intrusion could be used to physically destroy a large power generator.
In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. "Hundreds of millions of dollars have been extorted, and possibly more. It's difficult to know, because they pay to keep it a secret," Paller says. "This kind of extortion is the biggest untold story of the cybercrime industry." [More]
And how incompetent/crooked must your auditing company be to sign off on it? Or is that an allowable business practice nowadays?
Kinda explains how nobody on Wall Street knows what their assets are worth lately, doesn't it?