A classified US government report suggests hackers could have gained widespread control of critical US gas pipelines.

US gas piplines
A fireball seen across Interstate 77 in West Virginia after a natural gas pipeline exploded in flames near Charleston, last December, setting nearby buildings on fire and injuring several people. (Credit: Reuters)

In Die Hard 4.0, Bruce Willis battles a group of sophisticated hackers who take control and blow up the US gas pipeline infrastructure. A classified US government report now suggests someone has hacked into this very infrastructure and has the power to cause widespread devestation.

Back in 1982 a piece of malware was inserted into the system software of the Trans-Siberian gas pipeline causing what one newspaper reported as "the most monumental non-nuclear explosion and fire ever seen from space."

According to the classified report from the Department of Homeland Security (DHS) seen by the Christian Science Monitor, the US gas pipeline infrastructure could witness a similar destructive incident after it was revealed that 23 separate gas pipeline companies were targeted by hackers, believed to be Chinese.

Chinese hackers are currently the default origin of any US-focused cyber-attack, but according to experts who have had sight of the research, the "indicators of compromise" point to the same group which was identified as "APT1" or "Comment Crew" by security firm Mandiant last month.

APT1 were strongly linked to China's People's Liberation Army and were observed infiltrating 141 separate organisation around the globe over a seven year period.

Cyber campaigns

The DHS report is entitled Active Cyber Campaigns Against the US Energy Sector and was compiled by DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

According to the report, between December 2011 and June 2012, the hackers targeted key individuals within 23 gas pipeline companies using spear-phishing attacks.  These types of attacks see highly targeted emails sent to individuals purporting to be from people known to the victim and containing relevant information.

Having clicked on a malicious link or attached document some malicious code is installed on the victim's PC and from there it is easy for the hackers to access highly sensitive date.

"This theft of key information is about hearing the footsteps get closer and closer," William Rush, a retired scientist formerly with the Gas Technology Institute told the Christian Science Monitor. Rush previously chaired the effort to create a cyber-security standard applicable to the gas pipeline industry.

"Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could," he adds. "I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don't have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click."

Echoes

In a case of real life reflecting fiction, this discovery eerily echoes the plot of Die Hard 4.0, which saw Bruce Willis' character try and thwart a group of sophisticated hackers who take control of the US energy infrastructure.

While the Department of Homeland Security may not have a John MaClane to deploy against these real-life hackers, it should soon have increased powers and personnel to tackle the problem, following President Barack Obama's pledge to increase resources for cyber-security.

The report comes at a time when many talk of an imminent cyberwar, though according to most security experts we are yet to see any real cyber-warfare take place. What we have seen instead is a huge increase in cyber-espionage where nation states seek to steal information on each other's critical infrastructure.

In the attacks on gas pipelines sensitive files were stolen that could give a cyberintruder the ability to control, or alter the operation of the pipelines, including usernames, passwords, personnel lists, system manuals, and pipeline control system access credentials, the report says.

Adversary

"The data exfiltrated could provide an adversary with the capability to access US [oil and natural gas industrial-control systems], including performing unauthorized operations," the report concludes. The stolen files were part of a "sophisticated attack shopping list."

The people behind the attacks "are not children or politically motivated hackers upset with someone's rhetorical position on something," an individual not permitted to speak to the press and requesting anonymity, told the Christian Science Monitor.

"These are educated, motivated, well-funded operatives - and they're working toward something specific. If they exfiltrate credentials, they can log back in as system-level users and do whatever they want ... even blow something up."

The Chinese continue to deny all US allegations of cyber espionage, including allegations that they were responsible for infiltrating high-profile organisations like the New York Times and the Wall Street Journal.