More than half of the operators of US power plants and other “critical infrastructure” say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected. Extortion is a common motivation, with hackers demanding money to end or agree not to carry out an attack. The findings come in a survey being released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks. The survey is based on interviews in September with 600 executives and technology managers from infrastructure operators in 14 countries. It was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data. The respondents aren't named and specifics aren't given about what happened in the attacks. The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure. In November, CBS's “60 Minutes” reported that several Brazilian power outages were caused by hackers - a report that Brazilian officials have played down. Last April, US government officials said that spies hacked into the US electric grid and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems. In the new report, 54 percent of respondents acknowledged that they had been hit by “stealthy infiltration” of their networks. In such break-ins, criminals can plant malicious software to steal files, spy on e-mails and do even scarier things like remotely controlling equipment inside a utility. Utilities are increasingly using mainstream software and connecting parts of their operations to the Internet so technicians can service problems remotely.
