How Did The NSA Plant Malware In Dams, Hospitals, and Power Grids?

There is limited information on this I’m assuming because greenwald didn’t release it, but there is documentation released by Snowden that revealed the NSA had tapped Japan’s infrastructure without their permission, and even went as far as to install malware in their dams, hospitals, and electrical grids. Apparently we did the same to at least mexico and brazil as well. There is 0 information on how this was done, how many dams/hospitals/grids we’ve infected, or the locations of everywhere we did this.

So does anyone have any relevant information on this? It’s almost as if it’s blacklisted on search engines the same way childporn is blacklisted. By blacklisted I mean google or whoever actually restricts people from seeing this information or their spiders pulling it for users to see. I’m not sure whether the government just cracked down on trying to cover this up as much as possible, or if the documentation on how this was actually executed in reality was just never released.

Some aspects of what you want to know is in the story of the Stuxnet and the effect it had on what are called SCADAsystems used within Iran around 2010.

The story goes that Stuxnet was developed by US/Israel and by spreading itself through Windows computers used to monitor Programmable Logic Controllers (aka PLC - specialist computers used to control industrial processes) was able to damage the equipment being controlled.

Who knows what the truth of all that is, it’s my view that if knowledge of this type is publically available it’s either : released to misled; invented by those who don’t know; or released by those who do know but aren’t meant to release it. Of the three it seems to me that the first two are most common.

I’m more worried about other governments hacking critical infrastructure.

In case nobody has direct knowledge need to answer the GQ, If the OP could share the source of what limited information he has, that might help us do some detective work.

Anybody with the direct knowledge needed to answer the GQ will not be posting that knowledge on an unclassified message board.

Do we know it’s necessarily true? There was a LOT of noise about NSA/CIA/USSOCOM people putting viruses in Iraqi air defenses via printers, and it all turned out to be so much smoke and BS.

Seems to me that periodic references to this sort of capability might be very useful in that world, even if it wasn’t actually true- it would keep their IT people paranoid about printer ROMs and stuff like that, and not necessarily focused where they actually need to be.

security is only as good as the least paid employee.

you often don’t need anything more than some $$$ to crack something.

We know Stuxnet exists and how it works, and there is extremely strong evidence that it was created by a state actor with a beef towards Iran.

To answer the OP, this type of malware uses the same techniques that other Windows-targeted malware uses, plus some very specialized ones, but is designed to target poorly-secured SCADA systems with certain characteristics that matches the infrastructure they wanted to attack. Ordinary computers are used for transmission and network-hopping but are otherwise ignored by this type of malware so as to remain undetected for as long as possible.

Where did you pick up this nonsense? You may have noticed that usually when you look for something on the internet and it’s not there it’s because it doesn’t exist. I can’t comment on your childporn claim because I’ve never tried to look for any.

To try to answer the OP’s question, I recall reading somewhere about Stuxnet and how it was initially deployed: there was an industry conference at an overseas location and (presumably) new, shrink-wrapped USB drives were given away to (or left to be found by) the targeted organizations (Iran). When these “new” USB drives were plugged into networked computers, the bug self-installed and spread to all networked devices, unbeknownst to the user. Being (at the time) that Iran’s infrastructure and nuclear facilities (used only for “peaceful” power generation) were all networked together, it spread to it’s targeted devices. The bug was sophisticated enough to know which devices it was targeting (specific machines and software at the nuclear facilities), so not doing any harm to a vast majority of computers it infected (and also remained undetected until it’s mission was completed).

I don’t think anyone will fall for that one again. How it could be done today I have no idea, other than air gaps such as N Korea has.

As I understand it, Snowden released to Wikileaks. While I have no idea how Wikileaks works, I would presume that they would keep their material up. So if you want to know what Snowden’s documents said, you should just go and look at what Snowden’s documents said. You’re not going to get anything more authoritative than that.


I can get a ton of results searching for what you are asking. Mostly from crazy or whack-a-do sites, which is par for the course. You are asking, essentially, for methods used in a theoretical attack where there is limited or zero actual information. I’m unsure what you think the results will be.

If you are asking general cyber security questions about the various attack vectors that COULD have been used in some theoretical attack, there are plenty of them and I’d be glad to give some. Specifics on this though? It’s unknown, and most likely unknowable, even assuming it’s actually a real thing that actually happened, which I’m frankly skeptical. Not that the NSA couldn’t put ‘malware’ (by which I presume you mean some sort of control virus either to collect data or that could be activated remotely to…do something) on infrastructure devices in Japan (or pretty much anyone else’s infrastructure or critical data or systems), but I’d guess it’s fairly far down the list. China? Yeah, I could see them doing it (I’d bet money that if they can they have in fact). Maybe Russia (again, you get into why expend the energy and possible blow back, not necessarily about technical capabilities). A few others (North Korea would be at the top of the list, followed by China as the next most likely and able).

The US almost certainly has tons of spyware type viruses on foreign assets around the world. As do most other countries. Some countries are particularly egregious at this (namely China, North Korea, Russia). There are plenty of methods you can use, but just to name the biggest one, it’s the wet ware using the systems, i.e. the humans in the target organization, that are mainly the key in any sort of cyber attack. It’s the first thing you learn in cyber security…the problem is almost always with the users of the system doing stupid or ignorant stuff that exposes the whole organization to attack. Mainly, it’s not even deliberate, though that happens too.

This Wired article gives some amount of forensic detail about the first attack on Ukraine’s power grid, a few years back. Of course, that one probably wasn’t perpetrated by the NSA, but the mechanism would likely be similar.

As to why the U.S. would do this in somewhat-friendly countries like Japan, Mexico and Brazil, I guess it could be that these were practice runs for eventual attacks on real enemies. Or that it didn’t really happen, of course.

My question, too. I often try to look at such psuedo-conspiracy theories, and ask if they are reasonable.

For example, the OP refers to dams & the electrical grid in Japan & Mexico.
But hydroelectric power from dams makes up only about 4% of the electricity in those countries. Why would the NSA target that, instead of the other 96% of the electricity sources?

I thought that Snowden released to The Guardian.

I am no security or malware expert but my work involves working with the systems referenced above ( SCADA / PLC / DCS). About 10/15 years back you could remote access the systems and change set points or turn on/off things but it’s very restricted nowadays for most systems (power plants , refineries, chemical plants, etc).

Reiterate that I am not a security expert.

Having said that, hydroelectric power plants usually are the first when you are trying to return from a blackout / grid failure. Hydro power works great in Island mode. So after a blackout, you will first start the hydropower plant, then progressively bring other power plants back online syncing to the hydro.

If you don’t have a hydroelectric power plant, it will be very difficult to recover from a grid failure / blackout.

It looks like it was some sort of collaboration between the two, though I’m not sure exactly what that means and I don’t really want to go hunting for these documents if they do exist publicly. But, either way, the point would remain that there’s the horse’s mouth and there are other things which may or may not say that they know more or have more information from Snowden, but really you (the OP) just want to go to the horse’s mouth, wherever it is, and just read that.