In the past few years, the amount of damage that hackers can do by just accessing data has become painfully clear. Between the Target hack that exposed millions of credit card numbers to the Anthem insurance hack that affected over 70 million people, to the savage hacks that brutalized Sony, a lot of private data has leaked. But the targets are evolving, and after a recent malware-caused power outage in Ukraine, the days of infrastructure hacking are now here. 

First reported by Ukrainian news agency TSN (surfaced by Ars TechnicaArs Technica), the December 23rd malware-based attack disconnected a handful of electrical substations, leaving hundreds of thousands of homes in a particular region of the country without power. If officially confirmed, it will be the first known case of a mass power outage caused by hackers. 

According to security researchers for iSIGHT Partners, the malware lead to "destructive events" that in turn caused the blackout. Details beyond that are a little unclear, but it sounds vaguely like Stuxnet, the cyberweapon used to destroy Iranian nuclear enrichment plans by making centrifuges go berserk. Meanwhile, researchers from antivirus provider ESET, a malware package that infected the affected power plants (but may not necessarily be the one responsible for the disruption) got in by way of macro functions built into Microsoft Word documents. 

This kind of attack has been a fear for years now, and a very credible one at that. A Popular Mechanics report in 2009 found that United States infrastructure was definitely vulnerable to cyberattack, and that hackers could take down things like natural gas pipelines. It's a terrifying possibility on its own, only amplified by the fact that the United States really is not adequately prepared for the possibility of wide-scale blackouts in general, much less malicious ones that could potentially coincide with other, more conventional attacks. That said, the fear of such attacks have proven to be a pretty great way to justify borderline Orwellian laws that would expose the personal information of millions of Americans to the federal government in the name of cybersecurity.

It's a complicated problem to solve, but with the first recorded case of a real hacker-caused power outage it's a problem that needs a solution more badly than ever. In the meantime, maybe go make sure you've got a few candles and a box of matches. 

You can read more about the technical features of the malware over at Ars Technica.

Source: TSNESET via Ars Technica