Ride the Lightning

Employees Connect a Nuclear Plant to the Internet So They Can Mine Cryptocurrency

August 27, 2019

ZDNet reported on August 22^nd that Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.

The investigation is being led by the Ukrainian Secret Service (SBU), who is looking at the incident as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure.

Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant's network and retrieve information from its systems, such as data about the plant's physical defenses and protections.

According to authorities, the incident took place in July at the South Ukraine Nuclear Power Plant, located near the city of Yuzhnoukrainsk, in southern Ukraine.

It's unknown how the scheme was discovered, but on July 10 the SBU raided the nuclear power plant, seizing computers and equipment specifically built for mining cryptocurrency. The equipment was found in the power plant's administration offices, and not on its industrial network.

Confiscated equipment included two metal cases containing basic computer parts, but with additional power supplies, coolers, and video cards. According to court documents, one case held six Radeon RX 470 GPU video cards, and the second five.

The SBU also found and seized additional equipment that looked like mining rigs in the building used as barracks by a military unit of the National Guard of Ukraine, tasked with guarding the power plant.

A fine job of guarding, eh?

Several employees have been charged for their involvement in the scheme, but not yet arrested. It's unclear if any military staff was charged. Officials believe the suspects engaged in their scheme because of a recent spike in cryptocurrency trading prices.

This incident isn't the first time that state employees have abused their access to large sources of electricity or computing power to mine cryptocurrency. In February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency's supercomputer to mine cryptocurrency.

A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used work computers to mine cryptocurrency.

A month after that, in April 2018, an employee at the Romanian National Research Institute for Nuclear Physics and Engineering was also caught mining cryptocurrency at work. Local news outlets reported that the employee brought his own mining rig and connected it to the institute's electrical network, which was recently expanded to support one of the most powerful lasers in the world.

So far, I haven't heard of this activity in the U.S. But it isn't exactly a surprise that many people are greedy for cryptomining dollars or that they would exploit work resources to make a personal profit. Let's hope our officials are keeping a careful eye on American critical infrastructure to keep avarice from making us vulnerable to cyber attacks.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson