Seven minutes before midnight last Dec. 17, a bomb of sorts went off in a high-voltage substation north of Kiev.But if you were standing outside the 20 acres of gleaming metal transformers and coils, you wouldn’t have heard a bang or seen a flash. It wasn’t that kind of bomb. It was a piece of malicious software that had been hiding in a control-room computer miles away, waiting for the right time to reveal itself. At 11:53 p.m., the logic bomb transmitted a staccato burst of pre-programmed commands to the substation, popping one circuit breaker after another until a strip of houses in and around western Kiev were plunged into darkness.Technicians responded to the Pivnichna substation and took the circuit breakers off computer control, restoring power a little after 1 a.m. It was only the second confirmed case of a computer attack triggering an electrical blackout, and compared to the first, 12 months earlier—also in Ukraine—it was a fizzle, affecting far fewer customers and for a fraction of the time. In the six months since the Kiev attack, security researchers have wondered why the hackers even bothered with such a fleeting disruption and speculated that someone was using Ukraine as a testing ground for a more serious attack.
U.S. Power Companies Warned ‘Nightmare’ Cyber Weapon Already Causing Blackouts