Wired: SAO PAULO — Despite widespread speculation at the time, a massive power outage that left 18 out of the 26 Brazilian states in the dark for up to six hours last year was not the result of a cyber attack, according to a classified diplomatic cable published by WikiLeaks last week.
The Nov. 10, 2009, blackout came just two days after the CBS News magazine 60 Minutes reported that an earlier outage in the Brazilian state of Espirito Santo in 2007 was the work of hackers. And it came just one day after Threat Level reported that, no, it wasn’t.
The suspicious timing of the outage triggered widespread speculation that hackers — even if they weren’t responsible for the 2007 blackout — may have caused the newer one. With Rio set to host the 2016 summer Olympics, the incident prompted U.S. diplomats to meet with top officials at ONS, Brazil’s power authority, to find out what had happened.
The leaked cable, dated Dec. 1, 2009 and classified Secret, describes the “strikingly open” conversations that followed.
[ONS president Plinio de] Oliveira and [ONS statistical director Wilkens] Geraldes further ruled out the possibility of hackers because, following some acknowledged interferences in past years, GOB has closed the system to only a small group of authorized operators, separated the transmission control system from other systems, and installed filters. [Energy ministry chief of staff José] Coimbra confirmed that the ONS system is a CLAN network using its own wires carried above the electricity wires. Oliveira pointed out that even if someone had managed to gain access to the system, a voice command is required to disrupt transmission.
Coimbra said that while sabotage could have caused the outages, this type of disruption would have been deadly, and investigators would have found physical evidence, including the body of the perpetrator. He also noted that any internal attempts by system employees to disrupt the system would have been easily traceable, a fact known to anyone with access to the system.
The blackout was caused by short circuits on high-voltage lines leading from the Itaburi substation near Sao Paulo, and was exacerbated by a number of factors, according to the cable, which appears to confirm the public reports of the blackout.
But what of the “acknowledged interferences in past years”?
Raphael Mandarino Jr., Brazil’s director of Homeland Security Information and Communication, says it refers to a cyber-extortion attack launched by Eastern European hackers around 2005 or 2006. The attackers penetrated an administrative machine at a government agency after the system administrator left the computer with a default password.
The intruders, Mandarino says, downloaded and deleted files on the machine, and then left a message demanding ransom money for the data’s return. The person responsible for the system’s maintenance arrived to work at 8:00 a.m., and initially thought the ransom note was a joke. It took one hour to take the threat seriously.
No money was paid, says Mandarino, and most of the destroyed files were recovered from a backup.
“That was the first serious attack, which resulted in the issue being discussed in all the public administration”, he said.
Among the measures suggested to avoid a repeat occurrence was the creation of stronger passwords — the one they created right after the incident was cracked in a penetration test after just one week — and the recommendation that no outsourced workers have access to the passwords. Those measures were distributed to all the government’s branches and affiliates, including energy suppliers.
ONS’ Wilkens Geraldes, mentioned in the cable, referred inquiries to the agency’s PR team, which responded by saying that ONS has always had two different networks: The corporate network has suffered attacks, they say. But the utility operation network is isolated, and has yet to be breached from the outside.
In a broadcast Nov. 8, 2009, 60 Minutes cited unnamed sources in making the claim that a massive 2007 blackout that affected 3 million people was triggered by hackers targeting a utility company’s control systems.
In truth, a utility company’s negligent maintenance of high-voltage insulators on two transmission lines is what caused the outage, according to government regulators and others who investigated the incident for more than a year.
“I looked at the case as the top systems officer within the government, and I found nothing”, Mandarino reiterated this week, adding that he gave a taped interview to 60 Minutes rebutting the anonymous cyberwar claims, but CBS didn’t air it.
“There are indeed attacks against the energy websites. There was a defacement attack in 2008. There have been attempts at denial of service. Nothing that affected public utilities,” he says. “It’s still very difficult, because the system is not online. We have some [facilities] like thermoelectric plants that are remotely controlled, but they’ve suffered no attacks.”
Top image: Sao Paolo endures a power outage in 1999.
Dario Lopez-Mills/AP