Most Violent Cyber Attack Noted To Date: 2008 Pipeline Explosion Caused By Remote Hacking

December 13, 2014
No Comment

By Bob Gourley

turkeyPipelineBlast Most Violent Cyber Attack Noted To Date: 2008 Pipeline Explosion Caused By Remote Hacking

Reporting by Jordan Robertson and Michael Riley in Bloomberg is shedding new light on a destructive attack against an oil pipeline that caused a massive explosion in Refahiye Turkey in 2008. The event occurred six years ago, but information is just coming out indicating the cyber attack component of this event.

Robertson and Riley’s reports indicate that the pipeline was fitted with sensors and cameras to monitor all 1099 miles of the pipeline from the Caspian Sea to the Mediterranean, but the blast did not trigger a single distress signal. They also did not trigger the massive explosion and continuing combustion in eastern Turkey.

Hackers, probably acting under the direction of Russia, had shut down alarms, cut off communications and then super-pressurized the crude oil in the line. Over 60 hours of video surveillance were erased by the hackers. There was a recording from an unknown IR camera that caught two individuals with laptop computers walking near the pipeline, according to Robertson and Riley.

The business impact of the attack was measured in the billions of dollars. The geopolitical strategic impact is hard to assess. If the goal was to stop the movement of oil via this path, which may well have been Russia’s objective, that goal clearly failed. The pipeline was back in operation soon after the attack. But if the goal was to ensure our nation’s decision-makers are fearful of remote attacks against our own pipelines, well, that message may or may not have been received by our nation’s strategic planners and leadership. Those guys are slow to learn and quick to forget, as we have documented in the past.

Although this was not the first cyber attack that caused physical effects on infrastructure (we believe that to be the Maroochy Shire attacks of 2000), clearly this is one for the textbooks and deserves study by those who want to know the cyber threat (we promise to treat it in the next edition of our book by that title).