Ali Dehghantanha gets phone calls from farmers, sometimes in the middle of the night, looking for help with a cyberattack. In the last year, his squad of engineers and computer scientists has responded to dozens of reports of hacks inside farming and food production operations around southwestern Ontario. In some cases, it’s the garden variety hacking you’d expect, someone clicked a bad link in a sketchy email and now hackers want money to unlock a system or give back the farmer’s data.
In other cases, it’s more sophisticated. Twice, Dehghantanha has seen hackers break into a farm system and threaten to kill livestock — chickens in one case, cattle in another. And in about a third of the investigations his team as conducted over the past year, he has found evidence that state-sponsored hackers from Russia, China, North Korea and Iran have figured out how to quietly gain access to a control system inside a farm.
[…]
Farms are now complex technical operations that use networks of remote monitors that measure soil moisture, or robotic milkers that can detect an infection in a single teat, or environmental control systems that maintain the precise indoor temperature and air filtration needs of a poultry barn. All that, theoretically, could be commandeered and held for ransom in a cyberattack. For example, a hacker could gain control of a thermostat and threaten to turn up the heat and kill an entire flock of chickens.
[…]
The Canadian food industry alone experienced a series of high-profile incidents late last year, including a “cybersecurity incident” at Maple Leaf Foods Inc., one of the country’s largest meat packers, in November. Around the same time, Empire Co. Ltd. — Canada’s second-largest grocery chain that includes Sobeys, Safeway, IGA and Farm Boy — experienced what it described as a cybersecurity “intrusion” that snarled operations and is expected to cost the company $25 million.
[…]
Steve Brown, a senior manager in the cybersecurity practice of the professional services firm BDO Canada LLP, said he’s hearing more complaints from agricultural clients who have been attacked. And he’s noticed that those attacks tend to ramp up during periods when hackers know farmers will be distracted, during the spring plant or the harvest in late summer.
[…]
It doesn’t have to be as dramatic as threatening to kill livestock, Brown said. Sometimes the target of ransomware attacks can be as simple as financial data that a hacker steals and refuses to give back without a fee. The payouts can range from thousands to hundreds of thousands of dollars. In Brown’s experience, the cyberattacker has monitored the operation for months before they strike, so they know precisely how much the farm can afford in ransom.
“It’s not a spur of the moment thing,” he said.
[…]
But the attackers Brown has seen aren’t the state-sponsored hackers that the Canadian intelligence community is so concerned about. The ones he has dealt with are common criminals, or animal rights “hacktivists,” bent on disrupting operations for livestock farms they don’t agree with.
From the article:
[…]
[…]
[…]
[…]
[…]