Teenager Hacks Electrical Substation at PHDays

A contest on hacking industrial equipment was held on May 17 during Positive Hack Days, an information security forum. According to the contest scenario, hackers attacked a model electrical power supply system. The contest model was close to a real-world system both technically and functionally. It was divided into separate parts: generation, transmission, distribution, and power supply management. The outcome of the contest Critical Infrastructure Attack: Blackout is remarkable. A seventeen-year-old student from Moscow managed to bypass industrial protocols’ security systems.

The outcome of the contest Critical Infrastructure Attack: Blackout is remarkable. A seventeen-year-old student from Moscow managed to bypass industrial protocols’ security systems.

Even a school student can hack a substation.

A tenth grade student found specialized engineering software and exploited vulnerabilities he had detected in Siemens SCADA systems. This caused a shortage at a high-voltage substation (500 kV).

The shortage followed by the burning of cables that could lead to transformer outage.

What could happen in real life

Ilya Karpov, an expert at Positive Technologies, notes that the level of protocol security quite low. That is why an intruder is able to cause serious damage if he has physical access to electrical substation equipment (even without a strong qualification).

An outage as such that was caused by a teenage hacker not only leads to a local breakout. It can disrupt normal operation of the whole power sector or even shut down the city.

Critical Infrastructure Attack: Blackout was first held at PHDays V (organized by iGrids. at the time). We provided technical details on our blog.