The SANS Institute, a computer-security training body, reported the CIA's disclosure on Friday. CIA senior analyst Tom Donahue told a SANS Institute conference on Wednesday in New Orleans that the CIA had evidence of successful cyberattacks against critical national infrastructures outside the United States.
"We have information that cyberattacks have been used to disrupt power equipment in several regions outside the U.S.," Donahue said. "In at least one case, the disruption caused a power outage affecting multiple cities."
Donahue added that the CIA does not know who executed the attacks or why but that all of the attacks involved "intrusions through the Internet."
The CIA analyst added that his agency had evidence of blackmail demands following demonstrations of successful intrusions.
"We have information, from multiple regions outside the U.S., of cyberintrusions into utilities, followed by extortion demands," Donahue said. "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge."
The CIA does not normally make this information public. According to Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public and came down on the side of disclosure, the SANS Institute reported.
Alan Paller, director of research at the SANS Institute, warned more than three years ago about demonstrations of denial-of-service attacks to computer systems, followed by demands for cash.
Information from CIA & ZDNet
"We have information that cyberattacks have been used to disrupt power equipment in several regions outside the U.S.," Donahue said. "In at least one case, the disruption caused a power outage affecting multiple cities."
Donahue added that the CIA does not know who executed the attacks or why but that all of the attacks involved "intrusions through the Internet."
The CIA analyst added that his agency had evidence of blackmail demands following demonstrations of successful intrusions.
"We have information, from multiple regions outside the U.S., of cyberintrusions into utilities, followed by extortion demands," Donahue said. "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge."
The CIA does not normally make this information public. According to Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public and came down on the side of disclosure, the SANS Institute reported.
Alan Paller, director of research at the SANS Institute, warned more than three years ago about demonstrations of denial-of-service attacks to computer systems, followed by demands for cash.
Information from CIA & ZDNet