German Nuclear Plant Security Alert: Computers Found To Be Infected With Viruses, USB Drives In Plant Also Hiding Malware

A security alert was issued at a German nuclear power plant after remote-access trojans and file-stealing malware were found on a computer system that monitors the plant’s fuel rods. The incident took place at the Gundremmigen facility located 75 miles from Munich. The viruses were discovered by an employee who claims that in addition to finding the viruses on the computer, 18 USB removable storage devices located in the nuclear plant also contained the file-stealing malware.

Reuters reports that Germany’s Federal Office for Information Security (BSI) is looking into the incident at the Gundremmigen nuclear facility along with the help of the nuclear plant’s IT department. It was revealed that the nuclear facility found remote-access trojans and file-stealing malware on the computer that monitors fuel rods. However, it was reported that the security of the facility was not hindered, as the computer was not connected to the internet. Therefore, the virus was never able to give access to the remote user for infiltration of the facility’s network and information.

Two of the viruses infecting the nuclear plant computer were detailed as “W32.Ramnit” and “Conficker.” The Ramnit virus is a worm that provides attackers with a remote access tool which allows them to “steal files and inject code into webpages to capture banking data.” Conficker virus is used by cyber-attackers to “steal user credentials and personal financial data and turn infected computers into ‘bots’ to carry out distributed denial of service (DDoS) attacks.”

While the outside user was never able to gain access to the computer due to the lack of internet connectivity, it was noted that the particular viruses and malware found on the computer were highly transferable, which is likely why they were found on 18 different USB drives in the nuclear facility.

“Conficker has infected millions of Windows computers worldwide since it first came to light in 2008. It is able to spread through networks and by copying itself onto removable data drives”

It is unclear, according to Yahoo News, how the viruses landed on the computer that allegedly has no internet access. However, Mikko Hypponen, the chief research officer for Finland-based F-Secure, reported to the publication that there are numerous ways the virus could have made its way onto the computer which do not include the need for internet access. Hypponen says that it is “surprisingly common” for viruses such as these to be located on computers, even in high-security areas, as they are so easily spread.

Hypponen refers to an unnamed European aircraft manufacturer to make his point. He claims the aircraft manufacturer has to scrub its cockpit computers weekly of malware designed for Android phone devices but says that the “attacks” on the plane manufacturer were not intentional to the specific company. Instead, the malware was making its way onto the computers when pilots charged their cell phones with USB ports in the cockpit. He notes that this type of virus is common and is not indicative of a plot to take down the nuclear plant.

Although not all attacks are intentional, a U.S. power company learned the hard way about the devastating effects a virus can have on energy operations. In 2013, a computer virus attacked a turbine control system after a technician accidentally inserted an infected USB computer drive into the network. The virus resulted in the power system going down for three weeks.

Despite the idea that the viruses were likely placed on the computer by accident, it was noted that the virus could have been placed intentionally on the computer by someone inside of the power plant. Therefore, the German utility company RWE says they are ramping up security measures at the Gundremmigen nuclear facility they operate.

[Image via Shutterstock]