U.S. Homeland Security and the FBI have warned that Ontario’s main electricity distributor may have been the target of malicious Russian cyber-activity.
Russia has denied any wrongdoing.
An IP address at Hydro One was among hundreds of malicious addresses identified in online scanning by the U.S. government as it investigated alleged Russian hacking of the Democratic National Committee.
The discovery suggests Russia may have secretly downloaded malicious software onto computers at Hydro One, which runs most of the province’s transmission lines.
Hydro One was informed of the finding by the RCMP on Dec. 29, as were four other Ontario electricity companies. In total, six of the IP addresses in the U.S. report are located in Canada. One address belongs to an Alberta-based ISP.
A CTV News investigation determined the Hydro One IP address was set up in the 1990s by Ontario Hydro, the public utility that pre-dated the partially-privatized Hydro One.
The company says the address involved was not linked to the province’s electricity grid and there is no reason to believe the power system has been compromised.
Hydro One told CTV News that it takes cyber-security seriously and “the address in question is not an active IP address at Hydro One, nor is it connected to the power system.”
Although it’s possible the power company was a target, the FBI believes the computers involved were used as launching pads for attacks on other targets – a technique sometimes called a zombie attack.
Hydro One wasn’t the only power company affected. One of Vermont’s electric utilities, Burlington Electric Department, confirmed last week that one of its laptops had the malicious Russian malware code known as “Grizzly Steppe.”
CTV Technology Analyst Carmi Levi called the discovery a wake-up call.
“It means that whatever security processes are being used to secure that particular IP address or the hardware or the laptop associated with that address … are absolutely inadequate,” Levi said. “Someone isn’t doing his or her job.”
Homeland Security released a list of hundreds of affected IP addresses traced to various locations around the world. The map below shows which countries had the largest number of compromised computers.