Cyber Attack on German Steel Mill Leads to ‘Massive’ Real World Damage

Sometime in the last several months, a steel mill in an undisclosed location in Germany lost control of its blast furnace. Given that blast furnaces contain molten metal heated to thousands of degrees, it was a dangerous situation. Fortunately, there were no reported injuries, and the only result was “massive damage” to the facility.

More concerning, though, was why the accident happened. Hackers had infiltrated the mill’s control system and wreaked havoc, according to a report from BSI, the German government’s office for information security.

blast-furnace
Blast furnaces can reach thousands of degrees, and any malfunctions can pose serious risk.

The black hats used a spear phishing scam—targeted emails that attempt to coax sensitive information from targets by appearing to originate from within the organization—to obtain security credentials to the mill’s office network. Once inside, the hackers were eventually able to break into the systems that control furnace—using their mastery of the plant’s virtual world to cause damage in the real world.

Last month, Loek Essers reported on the cyberattack for IT World:

Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

Kim Zetter, reporting today for Wired:

This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant. That attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur.

Although the German steel mill attack is just the second instance of damage caused by a cyber attack, last June, in an exclusive interview with NOVA, Edward Snowden discussed the vulnerabilities of internet-connected physical infrastructure.

“When people conceptualize a cyber-attack, they do tend to think about parts of the critical infrastructure like power plants, water supplies, and similar sort of heavy infrastructure, critical infrastructure areas,” he said. “And they could be hit, as long as they’re network connected.”

Highlights from Edward Snowden's interview with NOVA