Update: Yes, Hackers Did Steal Your Taxes and Shut Off the Power

A recent cyber attack on Ukraine's power utilities that plunged hundreds of cities into darkness could be replicated in the U.S., according to Obama administration officials. Investigators concluded that highly skilled hackers stole the credentials of system operators and learned how to switch off circuit breakers, the New York Times reports.

The Ukrainian government condemned the attacks, accusing the Russians of targeting their country's power grid as a form of political intimidation. A U.S. Department of Homeland Security report issued on Feb. 25 does not mention Russian involvement, saying only that the Ukranian power companies had been infected with so-called BlackEnergy and KillDisk malware.

The report concludes that the hackers conducted extensive surveillance of the power companies' networks in order to gain access credentials. Then, in a series of coordinated attacks on three facilities less than 30 minutes of each other, they used remote control systems to turn off the circuit breakers, plunging 225,000 people into darkness.

It's a scenario that could easily happen in the U.S., and power companies have known for some time that their systems are vulnerable. Just a few days before the Dec. 23 attack in Ukraine, an Associated Press investigation found hackers had infiltrated American power systems so extensively that they could set off massive power outages whenever they want to.

Part of the reason for this vulnerability is that U.S. power utilities are largely controlled by private investors who may have little incentive to beef up security, according to the AP. But government systems aren't immune either, as evidenced by a recent IRS data breach that involved multiple attempts to access taxpayer accounts.

That attack was much bigger than the IRS originally thought. An internal investigation announced last week found that more than 390,000 taxpayer accounts were compromised in addition to those previously discovered, for a total of more than 700,000 affected taxpayers. That's in addition to an attempt to steal more than 400,000 Social Security numbers in order to generate e-file PINs, which the IRS also announced last month.

This article originally appeared on PCMag.com.

About Our Expert

Tom Brant

Managing Editor

I’m a managing editor at PCMag.com focused on PC hardware. Reading this during the day? Then you've caught me testing gear and editing reviews of Wi-Fi routers, printers, laptops, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I've covered most major consumer tech events, including CES, Computex, Google I/O, and IFA. I've also appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rainforests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

The Technology I Use

While most people buy a phone or laptop and stick with it for years, I’m lucky enough to use devices based on Android, iOS, macOS, and Windows daily as part of my job. As a result, I cycle through lots of tech in addition to my IT-issue work laptop. (Yes, that's a ThinkPad.) Personally, I’ve also owned a lot of tech products both cutting-edge and cringeworthy, from the Nintendo GameCube and the original MacBook to the Palm m105 and the CueCat.

Read the latest from Tom Brant

Read full bio