Two days before Christmas the lights went out across the Ivano-Frankivsk region of Ukraine. As many as 225,000 customers lost power, the result of coordinated cyberattacks on three power grids.

The hackers tricked utility employees into downloading malware – BlackEnergy – that was linked to Russian spy agencies and that had been used to probe power companies across the world, including those in the U.S. On attack day they remotely shut off current to about 60 substations, inserted new code that blocked staff from reconnecting and even “phone bombed” the companies’ switchboards to discombobulate employees rushing to get power flowing again.

The Ukrainians claimed it was the first time a power grid had been knocked out by hackers and quickly pointed a finger at Russia. Robert M. Lee was skeptical. In the midst of preparing for a Christmas wedding in Alabama, the ex-cyberwarfare Air Force officer needed proof. There had only been two known destructive attacks on critical infrastructure. He and several colleagues in the U.S. cyber community coordinated with contacts inside Ukraine to recover malware from the network. Lee was the first person to report about the malware after reviewing the public information and analyzing the grid’s control systems. It was soon apparent: This was the real deal, though Lee shies away from blaming Russia. “What surprised me is the bold nature of it. … It was so coordinated. All the stuff we’ve seen before looked like intelligence. This looked like military. That’s kind of alarming.”

Read More- Forbes

Image courtesy of Forbes