Iranian hackers penetrated the computers controlling a dam near New York, reveals the Wall Street Journal.
The
2013 attack did no damage but revealed information about how computers
running the flood control system worked, said the paper.
Hackers working for nation states regularly hit national infrastructure targets, said a separate AP report.
About 12 times in the last decade hackers have won high-level access to power networks, it said.
Detailed plans
Extensive
information about the Bowman Avenue dam in Rye, New York state was
taken by the hackers, experts familiar with the incident told the
newspaper.
An investigation pointed to Iran as the likely source
of the attack and alerted US authorities to the significant cyber
warfare capabilities of that nation, said the report The same group of
hackers that attacked Bowman Avenue was also implicated in separate
attacks on three US financial firms, it added.
The US power network has also come under regular attack by "sophisticated foreign hackers" said AP in an extensive investigation.
Many
times security researchers had found evidence that hackers had won
access to these sensitive systems. So far, all the attacks seemed intent
on gathering detailed information, including engineering drawings,
about networks and facilities.
One
extensive campaign gave hackers access to 82 separate plants spread
across the US and Canada. Comments in the code found when the attacks
were detected suggested Iranian hackers were behind this attack.
Information about this series of attacks led the FBI to issue a warning
to power industry that it was being targeted.
The knowledge
accumulated by the attackers has not been used to shut down the power
plants or change the way they work, wrote AP reporters Garance Burke and
Jonathan Fahey.
However, the knowledge could be used to cause
damage if diplomatic relations between Iran and the US changed for the
worse, former US Air Force cyber security expert Robert Lee told the
agency.
Hackers could get at the power plants and other parts of
national infrastructure because many of the systems were set up long
before the need to protect them against remote attacks became apparent.