[ISN] Ex-Employee Fingered in Texas Power Company Hack

From: InfoSec News <alerts_at_private>
Date: Mon, 1 Jun 2009 03:05:25 -0500 (CDT)
http://www.wired.com/threatlevel/2009/05/efh/

By Kevin Poulsen
Threat Level
Wired.com
May 29, 2009 

The FBI is investigating a computer intrusion at a large Texas power 
company that crippled the firm’s energy forecast system for a day in 
March, costing it over $26,000.

Early Thursday morning FBI agents raided the home of a former employee 
of Dallas-based Energy Future Holdings — the corporate parent of three 
large Texas electric companies, including Luminent, which has over 
18,300 megawatts of generation in Texas, and operates the Comanche Peak 
nuclear power plant.

The ex-employee, Dong Chul Shin, was fired from the company March 3 for 
performance reasons, and escorted off the premises, according to court 
records. But the company failed to immediately shut off his VPN access. 
That afternoon, someone using Shin’s account began logging onto the 
corporate network, e-mailing out proprietary data to a personal Yahoo 
account linked to Shin, and modifying and deleting files, according to a 
search warrant affidavit by Dallas FBI agent Robert Smith. 
comanche-peak1

Company logs showed that the VPN connection originated at Shin’s home IP 
address, Smith writes.

While logged into the VPN, the intruder sent an e-mail to the 
engineering group operating the Comanche Peak nuclear reactor. The 
message asked questions about the safety of the reactor, in particular 
wondering what would happen if the load were to be “increased to 99.7 
percent of capacity.” While at EFH, Smith notes, “Shin was responsible 
for programming the models which controlled the management of EFH power 
generation facilities, including Comanche Peak.”

[...]


_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 
Received on Mon Jun 01 2009 - 01:05:25 PDT

This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 01:16:22 PDT