A double made for mines. In union. Four oclock in the morning in a small town two young men approach that target that part of our team of investigators theyre going to enter a building without leaving a trace. The breaking begins from above the puzzle controlling the drone could be as far away as china all russia the drone is setting for im protected networks and reporting them back to the hakas. The drug has reached the network and you can see the first packages come in i see the first devices showing up the first communication we can read it its as easy as it sounds. As an attack as we then just. Get. Digitized sation has now reached many areas of life in germany giving criminals new opportunities we hear about hacking attacks in most every day not least on our Industrial Infrastructure sometimes the victim is telecom sometimes its an industrial john such as to some crook in one country cyber. I mean knows even achieve the blackout what if Something Like that happens. The scenario has already been played out in. How much danger is germany and. We are asked several hikers to find out for us. To highlight the dangers that come with increasing digitise ation we start our research in the every day Digital World where were promised security and convenience. The digital home controlling entire buildings with nobody devices is becoming increasingly popular like here in austria for example. This charming little hotel is such a building and were going to take a closer look at it the owner has agreed he doesnt know when the attack will occur. Owner could soon enough has embraced new technologies there were regular problems in his stressful everyday life such as with the cold storm on one occasion the door wasnt closed properly another time there was a power cut thats particularly bad when the hotel is closed the good spoil quickly and the financial damage to the family is significant we have we always had the problem that on Public Holidays we werent able to monitor our cold storage because we thought about what to do about it. And some things that we bought a sensor for the cold stall that sends temperature data straight to our mobile. Phones in the dance and then print to it that we get an email and can react to it immediately so for. Example to the temperature app was just the beginning of youve added other smart functionals can you tell us about those. You know as good. As an alarm located by the front door of the hotel. In the process of investing much more in this direction so we can be even safer. Be it an alarm or temperature sensor. Controls all of the functions via his phone the app send the data via the internet he was advised by his son and hell play an Important Role later on in this film but first the father will show us his Digital World. In his home for example he has a log with an access code that he can also control via his phone. This internet of things promises to be intelligent convenient and secure. A smart home bundles a number of functions so that they can be centrally controlled the intelligent control for this house takes care of the lighting it happens and closes windows and it monitors doors in connection with an alarm system it controls the solar panels on the roof and is supposed to help with managing Energy Consumption apps from the internet of things can also be centrally controlled. Items include household devices such as washing machines and surveillance cameras even light bulbs can be connected to the internet now all these items can be controlled remotely over the internet with a smart phone. But how easy is it for hackers to access this data and thereby learn for example that the home of the hotel guest is currently on occupied. Sebastien cold air is an expert hes looking for security loopholes to warn uses not to harm them. Hell hack the hotel for us to be asked to let the son of the ana will help him he advised his father but hes learned a few more things since then the two hackers have developed programs that can manipulate smart home controls from the outside. As is all of us until it is these smart homes promise security these components such as the Burglar Alarms are sold on the basis of delivering security in difficulty and in most cases technically knowledgeable attackers will be able to access these systems or influence various functions in these smart homes. As a functional and smart homes too bad for us. Hotelier could still not bought into these promises for a long time to he was excited about intelligent light bulbs that he could control from his smartphone as a protection against burglars for example but what he didnt see coming is that he wrote about exactly the opposite. For us as attackers the light bulbs and interesting we want to open doors without being verified since both are online and those are using the same encrypted material its easier to attack the lightbulbs rather than the lock which is better protected. Its friday eighteen minutes to eight the peak period were starting our attack on noticed. Equipped with a transmitter and an Internet Connection the drone penetrates the Hotel Network then it sends the data to the to hackers. Where in alarm system is the activated the doors open and we can get in. The hotel you feel safe because the app tells him everythings fine. The two hackers on damaging the door theyre using the key but even a crowbar would have gone undetected because they d. Activated the Burglar Alarm fast. Their Entry Remains unnoticed by the app to the surveillance cameras were manipulated from the outside for the past thirty minutes theyd be showing a photo that was taken before not the two intruders. Theyve even remotely cracked the combination lock that the private have. Yeah. You. Could still doesnt know that weve already completed our trial battery his security didnt train with the. Doors open we can go in. Your son just broke into your hotel what you say to that. Ill be honest im very surprised that it was that easy. To get you out i always thought we had a safe house but that its this easy in this day and age via a certain smartphone apps still really surprises me in house. We too are amazed at how effortlessly the hackers succeeded in their attack. Unfortunately from professional experience its no surprise that as a private individual you should be angry. Your promise features and security and uses innocently buy these products but are completely left in the dark about their own security so the security is fake lived. Hotel. Has asked his son to take the insecurity advises offline. Experts have a theory that ukraine is a kind of test lab for hackers trying out the latest cyber weapons. In the event the twenty fifth day in this malware called black energy triggered a widespread power outage in ukraine a year later there were more severe Cyber Attacks on the country even though the people of kiev dont say much of the civil war attacks on the electricity grid quickly became a matter of life and death in this struggling country the ministry for state security has invited the International Press to report on the latest Cyber Attacks in the country they targeted the Financial System the metro and once again the countrys power supply the old malware block energy is still fresh in peoples minds but it already has a successor. Janko witness stand tack on the electricity grid. He takes us to the scene of the crime about an hours drive from kiev. Well secured from the outside the electrical substation outside the city because of the war with russia the countrys Energy Supplies in a desperate state their electricity demand can barely be met. Then the engineer shows me the room where he was forced to look on helplessly as the instruments developed a life of that alone and couldnt be controlled from within anymore it was the last i had the night shift on a completely normal day at the substation everything was fine and then towards midnight the switches started changing color which up so when we got to make sure that it was going to work when i looked at the voltage divider transformers i understood that the substation one hundred ten to three hundred thirty kilovolts didnt have any voltage anymore but it wasnt as far as the apollo. We were all shocked nobody could believe it that. The cyber attack caused a red alert in the biggest control center in europe which monitors electricity lines from russia to the e. U. Several articles the director of the state Energy Supplier sees political motives behind the attacks and these attacks could have disastrous consequences for the whole of europe in the future the korean that he can muster with all the European Countries that have modern Administration Systems with highly connected centrally controlled i. T. Systems even more vulnerable than ukraines isolated i. T. Systems on a bus why i believe that the things happen. Here will have consequences for developed countries like germany and austria too i think because were not so linked up the consequences for the ukrainian electricity grid were less than what could have happened in those other countries i mentioned where even the flick of steam agree the make you know about the way she is movable to the ukraine got off lightly but such an attack could have more serious consequences in germany how safe is our Energy Supply given the increasingly connected nature of our systems the federal office for Information Security refers us to existing laws governing the protection of our Critical Infrastructure. The i. T. Security law came into force in germany in summer two thousand and fifteen there are minimum standards requirements for operators of Critical Energy plants to report attacks that has given us a different level of protection therefore i think an attack like the one on ukraine isnt likely in germany really we want to know more. When visiting an expat whos interested in exactly this topic could hackers use loopholes to trigger a europe wide power outage. This is matty has done hina he wants to know how high the risk of a blackout is weve already had a taste caused by a cruise line a from the my ashes. That was the fourth of november two thousand and six. When i luxury liner was delivered on the ms up our card with far reaching consequences a cut a single high voltage power line was switched off there were communication problems between the grid operators this resulted in a europe wide chain reaction. About. The people didnt know what was going on they couldnt reach the Electricity Supply e. D. F. So they called us but we didnt know what was going on either all when power would be restored. The power cut lasted two hours. Why is the worlds biggest electricity grid so vulnerable. Because it vibrates as the experts put it. Doesnt just because this is the european Alec Christie grid it reaches from turkey to portugal and denmark to italy its not a National Grid its a big european wide grid thats as old as if thats whats the frequency at which it vibrates as in the in europe its fifty hertz plus minus a smallish deviations but generally speaking its fifty hertz the frequency reacts very sensitively to outages imagine it like a pair of old scales that is the demand for electricity in the sum of all electrical consumers and then theres the supply normally the systems in balance if a power station fails one side becomes lighter while the other becomes heavier my frequency drops off and seeing the other power stations notice that and say ok lets power up a bit to restore the balance and then i get my grid frequency of fifty heads back for the jets. To cool was a blackout hakas would have to find a way to switch off as many consume as all produces similar taney a snake with one click. But what do i need in order to bring about a blackout was a process im i have a lot of wind energy and solar energy in the grid that has to be transported i have a situation where a lot of electricity has to be moved to another country such as england these are all factors. That already ramp it up a bit for the grid but theyre not normal issues but if i can provoke another big jump in performance at exactly that time the chances of triggering a blackout a highly. A blackout in europe lasting several days potentially would bring everything to a standstill concern about the vulnerability of Critical Infrastructure brings hackers scientists and operators together when meeting an old acquaintance who has already had experience with acas as the manager of a municipal power plant. That is the manager of the new less oppose etling and hes also responsible for the power supply i understand the subject of decentralization is highly topical infinity supply surplus funds in twenty years ago we had around twenty Energy Producers here. Today we have almost nine hundred of them a joy to have this custom a generation is hooked up to our control center that creates new risks around i. T. Securities theres a loophole that could be abused and would steal because. We set out to find potential loopholes and quickly find one at a Primary School in the town center. Yet while i teach classes at taking place up stands the future of the Energy Transition is starting in the schools sela. The new heat and Palace Station thats to supply the town center with an actress city and heating has just been completed protected by thick walls and under the supervision of the municipal utilities these plans. As opposed to guarantee the palace supply. Saying come on im aaron stefan size bag have found something after just ten minutes despite think wools theres a Wireless Network in the summer. I see no need for there to be a one as network down here because Maintenance Technicians can use a cable. A simple cable instead of a Wireless Network would provide security but trim and maintenance is more convenient and cheaper to move toward Sustainable Energy sources is also creating Palace Station that can be controlled wirelessly via an app and Internet Connection and the wireless router. This router is very easily accessible were just looking into what other devices we can access via this router and whether we can access them via the control system of the power plant. And indeed other unknown individuals have already been inside this network yet when we found out that people have connected to this network with their phones in theory they also have access to get. A standard router with an unsecured why fine network to control a small power plant we simulate an attack on the router and switch it off. The municipal utilities control room cant do anything but watch its yellow now and that means the connection has been interrupted if it remains interrupted for more than five minutes it turns red and then theres nothing you can do any of the problem is that we cant have a connection to the heat and power station anymore can for you we can no longer control it from here we cant influence the temperatures or output and we cant do anything remotely if a problem occurs if. There is a problem we dont find out about any more than. A communist medal from it. As a gateway for attack as with any luck such events will be limited to student pranks. Im going to title if you had the time and your connected to the wife and network you could sit out here disguised as a student and try to get access for as long as you like. The big danger is that someone who really wants to break something will attempt it. And the individual locked in here with a phone can do that too. In that league in town center the security of the supply depends on ones more ruta municipal utilities boss has to react and repair. Colleague and my colleagues who took a look at it are going to develop a security concept to make these heat and power stations secure from attacks. From the i was inside city of ottawa and i if so by the end is that if we had sixty power stations and you switch them all off at once then wed have a very serious problem with digging and uses its you feel like its a god psych like. At its most extreme it could lead to a blackout extreme five isnt to downplay cowed by him. But are we just talking about an individual case about carelessness you know this programmer has stumbled across a loophole in the system that shows how dangerous even the most minor folds in a single router could become for the whole of germany. After moving house Alexander Graf wanted to make a phone call with his old phone via his new providers cable modem since that didnt work he took a closer look at the modem and made a frightening discovery. While searching for the problem with his phone he came across a Network Connection to the providers and tie a cable network. The password he needed to access it came with a no damn one was even an encrypted in his route his memory. Millions can be made on the black market with such an unrecognized security loophole known as zero day foods does conspire millions of citizens as they do their phone banking or make expensive foreign phone calls via the numbers a billion devices could be affected from looters to aircraft. That is used wherever we have safety Critical Systems and certainly also in respect of infrastructure such as Nuclear Power plants the question is always how they linked up the systems that are open to attack a security loophole becomes particularly problematic when you connect systems that werent designed to be connected when you have systems that dont have any Security Concepts fo