Cyber security expert talks spearphising, recent breach

News
Image_217670

BUFFALO, N.Y. (WIVB)- Federal authorities say Iranian hackers targeted a dam about 20 miles outside New York City in Rye.

Officials reported the hackers were able to breach the software and take control of the flood gates. It happened back in 2013 but limited details are just now being released.

“Obviously it’s fairly scary to us as a nation to imagine somebody sitting on the other side of the world could hit a keystroke and all of a sudden water could start flooding through a dam,” said Michael Decesare, CEO of Forescout Technologies.

The Department of Homeland Security released a statement saying it’s working with the federal and private sector to improve the country’s cyber security.

Prof. Arun Vishwanath is an Adjunct Associate Professor in the Management Science & Systems Department at UB.

He told News 4 the breach was achieved via spearphishing, one of the most simple hacking methods. Essentially, it uses email links to gain access to credentials.

While the game is rather simple, Vishwanath told News 4 the players are becoming more sophisticated. We used to think of email phishing as the “Nigerian princess scam,” he said.

But hackers are no longer a group of shady criminals operating out of cafes across the world; these are legitimate governments doing this.

He cited last year’s Sony hack as an example.

While these attackers in Rye, N.Y. weren’t able to get into the full system, they did take control of the flood gates.

Prof. Vishwanath told News 4 given other important landmarks in the state., that’s enough to put everyone on alert.

“This is one of the biggest concerns we have: infrastructure protection. I mean, New York state alone has about 50 odd power plants with everything from hydro to nuclear. I think 4 to 5 nuclear facilities,” he said.

“Now all of these use people, individuals are using the internet in all of these organizations and all of these entities. And the access; the phisher, the bad guys have access to any and all of them,” he said.

Details of the incident in Rye remain classified, however officials reported it happened around the same time Iranian hackers were trying to breach U.S. financial institutions.

Copyright 2019 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Trending Stories

Don't Miss