Cyber security expert talks spearphising, recent breach

Local cyber security expert says spearphishing is a common hacking technique, but the players are becoming more sophisticated.

BUFFALO, N.Y. (WIVB)- Federal authorities say Iranian hackers targeted a dam about 20 miles outside New York City in Rye.

Officials reported the hackers were able to breach the software and take control of the flood gates. It happened back in 2013 but limited details are just now being released.

“Obviously it’s fairly scary to us as a nation to imagine somebody sitting on the other side of the world could hit a keystroke and all of a sudden water could start flooding through a dam,” said Michael Decesare, CEO of Forescout Technologies.

The Department of Homeland Security released a statement saying it’s working with the federal and private sector to improve the country’s cyber security.

Prof. Arun Vishwanath is an Adjunct Associate Professor in the Management Science & Systems Department at UB.

He told News 4 the breach was achieved via spearphishing, one of the most simple hacking methods. Essentially, it uses email links to gain access to credentials.

While the game is rather simple, Vishwanath told News 4 the players are becoming more sophisticated. We used to think of email phishing as the “Nigerian princess scam,” he said.

But hackers are no longer a group of shady criminals operating out of cafes across the world; these are legitimate governments doing this.

He cited last year’s Sony hack as an example.

While these attackers in Rye, N.Y. weren’t able to get into the full system, they did take control of the flood gates.

Prof. Vishwanath told News 4 given other important landmarks in the state., that’s enough to put everyone on alert.

“This is one of the biggest concerns we have: infrastructure protection. I mean, New York state alone has about 50 odd power plants with everything from hydro to nuclear. I think 4 to 5 nuclear facilities,” he said.

“Now all of these use people, individuals are using the internet in all of these organizations and all of these entities. And the access; the phisher, the bad guys have access to any and all of them,” he said.

Details of the incident in Rye remain classified, however officials reported it happened around the same time Iranian hackers were trying to breach U.S. financial institutions.

WIVB.com provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Note: Comments containing links are not allowed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s