Meaning news. For kalkin the morning in a small town two young men approached that target that part of our team of investigate his theyre going to enter a building without leaving a trace. Theyre breaking begins from above the person controlling the drone could be as far away as china all russia the drum is setting for im protected networks and reporting them back to the hakas. It one of the drugs has reached the network and you can see the first packages coming i see the first devices showing up the first communication we can read it. Its as easy as it sounds. As an attack as weve been just just. Digitize ation has now reached many areas of life in germany giving criminals new opportunities we hear about hacking attacks in most every day not least on our Industrial Infrastructure sometimes the victim is telecom sometimes its an industrial john such as to some crook in one country cyber criminals even achieved a blackout what if Something Like that happens here. The scenario has already been played out in. How much danger is germany and. We asked several hikers to find out for us. To highlight the dangers that come with increasing digitise ation we start our research in the every day Digital World where were promised security and convenience. The digital home controlling entire buildings with nobody devices is becoming increasingly popular like here in austria for example. This charming little hotel is such a building and were going to take a closer look at it the owner has agreed he doesnt know when the attack will occur. Owner could soon enough has embraced new technologies there were regular problems in his stressful everyday life such as with the cold storm on one occasion the door wasnt closed properly another time there was a power cut thats particularly bad when the hotel is closed the good spoil quickly and the financial damage to the family is significant. We always had a problem thats on Public Holidays we werent able to. Monitor our cold store we thought about what to do about it. And some things are better we bought a sensor for the cold store that sends temperature data straight to our mobile. Phones same day the gunston temperate we get an email and can react to it immediately. To temper to the temperature app was just the beginning of youve added other smart functionals can you tell us about those. You dont know as an alarm located by the front door of the hotel. Or in the process of investing much more in this direction so we can be even safer. Than dark right. Be it an alarm or a temperature sensor. Controls all of the functions via his phone the app send the data via the internet he was advised by his son and hell play an Important Role later on in this film but first the father will show us his Digital World. In his home for example he has a log with an access code that he can also control via his phone. This internet of things promises to be intelligent convenient and secure. The smart home bundles a number of functions so that they can be centrally controlled the intelligent control over this house takes care of the lighting it happens and closes windows and it monitors doors in connection with the nylon system it controls the solar panels on the roof and is supposed to help with managing Energy Consumption apps from the internet of things can also be centrally controlled. Items. Is included how so devices such as washing machines and surveillance cameras even light bulbs can be connected to the internet now all these items can be controlled remotely over the internet with a smart phone. But how easy is it for hackers to access this data and thereby learn for example that the home of the hotel guest is currently on occupied. Sebastien cold air is an expert hes looking for security loopholes to warn uses not to harm them. Hell hack the hotel for us to be asked to let the son of the owner will help him he advised his father but hes learned a few more things since then the two hackers have developed programs that can manipulate smart home controls from the outside. As is orders until it is the smart homes promise security these components such as the Burglar Alarms are sold on the basis of delivering security and difficulty in most cases technically knowledgeable attackers will be able to access these systems or influence various functions in these smart homes. As a financial and smart homes to baffles me. Hotelier could still not bought into these promises for a long time to he was excited about intelligent light bulbs that he could control from his smartphone as a protection against burglars for example but what he didnt see coming is that he wrote about exactly the opposite. For us as attackers the light bulbs and interesting we want to open doors without being very far since both are online and those are using the same encrypted material its easier to attack the lightbulbs rather than the lock which is better protected. Its friday eighteen minutes to eight the peak period were starting our attack on no test. Equipped with a transmitter and an Internet Connection the drone penetrates the Hotel Network then it sends the data to the two hackers. Where in the alarm system is the activated the doors open and we can get into. The hotel you feel safe because the app tells him everythings fine. The two hackers on damaging the door theyre using the key but even a crowbar would have gone undetected because they d. Activated the Burglar Alarm fast. Their Entry Remains unnoticed by the app to the surveillance cameras were manipulated from the outside for the past thirty minutes theyve been showing a photo that was taken before not the two intruders. Theyve even remotely cracked the combination lock for the private hands. Yeah. Selma still doesnt know that weve already completed our trial by jury his security didnt train. We can go in. Your son just broke into your hotel what do you say to that. All be honest im very surprised that it was that easy. To get you out i always thought we had a safe house but this is this easy in this day and age via a certain smartphone apps still really surprises me in house. We too are amazed at how effortlessly the hackers succeeded in their attack. Unfortunately from professional experience its no surprise that as a private individual you should be angry. Your promise features and security and uses innocently by these products but are completely left in the dark about their own security so the security is fake lived. Hotel could still not has asked his son to take the insecurity advises offline. Experts have a theory that ukraine is a kind of test lab for hackers trying out the latest cyber weapons. In the event a twenty fifteen this malware called black energy triggered a widespread power outage in ukraine a year later there were more severe Cyber Attacks on the country even though the people of kiev dont see much of the civil war attacks on the electricity grid quickly became a matter of life and death in this struggling country the ministry for state security has invited the International Press to report on the latest Cyber Attacks in the country they targeted the Financial System the metro and once again the countrys power supply the old malware block energy is still fresh in peoples minds but it already has a successor. Janko witness stand tack on the electricity grid. He takes us to the scene of the crime about an hours drive from kenya. Well secured from the outside the electrical substation outside the city because of the war with russia the countrys Energy Supplies in a desperate state their electricity demand can barely be met. Then the engineer shows me the room where he was forced to look on helplessly as the instruments developed a life of that alone and couldnt be controlled from within anymore it was the last i had the night shift on a completely normal day at the substation everything was fine and then towards midnight the switches started changing color which up so when we got to make sure that it is. When i looked at the voltage divider transformers i understood that the substation one hundred ten to three hundred thirty kilovolts didnt have any voltage anymore but it wasnt as far as the apollo. We were all shocked nobody could believe it that. The cyber attack caused a red alert in the biggest control center in europe which monitors electricity lines from russia to the e. U. There are a lot of the director of the state Energy Supplier sees political motives behind the attacks and these attacks could have disastrous consequences for the whole of europe in the future the korean that he can muster with all the European Countries that have modern Administration Systems with highly connected centrally controlled i. T. Systems even more vulnerable than ukraines isolated i. T. Systems one of us why i believe that the things happen. Here will have consequences for developed countries like germany and austria too i think because were not so linked up the consequences for the ukrainian electricity grid were less than what could have happened in those other countries i mentioned where you normally could steam agree to make you know about the mission is movable to the ukraine got off lightly but such an attack could have more serious consequences in germany how safe is our Energy Supply given the increasingly connected nature of our systems the federal office for Information Security refers us to existing laws governing the protection of our Critical Infrastructure. The i. T. Security law came into force in germany in summer two thousand and fifteen there are minimum standards requirements for operators of Critical Energy plants to report attacks that has given us a different level of protection of therefore i think an attack like the one on ukraine isnt likely in germany really we want to know more. Were visiting an expat whos interested in exactly this topic could hackers use loopholes to trigger a europe wide power outage. This is matty has done hina he wants to know how high the risk of a blackout is weve already had a taste caused by a cruise liner from the my ash. That was the fourth of november two thousand and six. When i luxury liner was delivered on the ms up our card with far reaching consequences a cut a single high voltage power line was switched off there were communication problems between the grid operate has this resulted in a europe wide chain reaction. About. The people didnt know what was going on they couldnt reach the Electricity Supply e. D. F. So they called us but we didnt know what was going on either all when power would be restored. The power cut lasted two hours. Why is the worlds biggest electricity grid so vulnerable. Because it vibrates as the experts put it. Just says just this is the european elec just the grid it reaches from turkey to portugal and denmark to italy its not a National Grid its a big european wide grid thats. Whats the frequency at which it vibrates the center in europe its fifty hertz plus minus a smallish deviations but generally speaking its fifty hertz the frequency reacts very sensitively to outages imagine it like a pair of old scales theres the demand for electricity i mean the sum of all electrical consumers and then theres the supply normally the systems in balance if a power station fails one side becomes lighter while the other becomes heavier my frequency drops off and seeing the other power stations notice that and say ok lets power up a bit to restore the balance and then i get my grid frequency of fifty heads back for the shots. To cause a blackout hackers would have to find a way to switch off as many consumers all produces similar taney a snake with one click. But what do i need in order to bring about the blackout was a this is im i have a lot of wind energy and solar energy in the grid that has to be transported i have a situation where a lot of electricity has to be moved to another country such as england these are all factors that already ramp it up a bit for the grid but theyre not normal issues but if i can provoke another big jump in performance at exactly that time the chances of triggering a blackout a high. A blackout in europe lasting several days potentially would bring everything to a standstill concern about the vulnerability of Critical Infrastructure brings hakas scientists and operators together when meeting an old acquaintance who has already had experience with acas as the manager of a municipal power plant. That is the manager of the newness of power works in etling and hes also responsible for the power supply beyond just the subject of decentralization is highly topical infinity supply circles fantasy twenty years ago we had around twenty Energy Producers here. Today we have almost nine hundred. Eighty of this custom a generation is hooked up to our control center that creates new risks around i. T. Securities theres a loophole that could be abused and would steal because. We set out to find potential loopholes and quickly find one at a. Primaries school in the town center. While i teach classes at taking place on stands the future of the Energy Transition is starting in the schools. The new heat and power station thats to supply the town center with an actress city and heating has just been completed protected by thick walls and under the supervision of the municipal utilities these plants as opposed to guarantee the power supply. And stefan sized bag have found something after just ten minutes despite thick wools theres a Wireless Network in the santa. And i see no need for there to be a one as network down here because Maintenance Technicians can use a cable. A simple cable instead of a Wireless Network would provide security but trim and maintenance is more convenient and cheaper the move toward Sustainable Energy sources is also creating power stations that can be controlled wirelessly via an up and Internet Connection and a wireless router. This router is very easily accessible were just looking into what other devices we can access via this router and whether we can access them via the control system of the power plant. And indeed other unknown individuals have already been inside this network yet. We found out that people have connected to this network with their phones in theory they also have access to get. A standard router with an unsecured why fine network to control a small power plant we simulate an attack on the router and switch it off. Yet you. The municipal utilities control room cant do anything but watch its yellow now and that means the connection has been interrupted if it remains interrupted for more than five minutes it turns red and then theres nothing you can do any of your problem is that we cant have a connection to the heat and power station anymore confront you know we can no longer control it from here we cant influence the temperatures or output and we cant do anything remotely if a problem occurs if there is a problem we dont find out about any more than. A communist made up from it. As a gateway for attack as with any luck such events will be limited to student pranks. Im going to cite if you had the time and youre connected to the wife and network you could sit out here disguised as a student and try to get access for as long as you like. The big danger is that someone who really wants to break something will attempt it. The individual locked in here with a phone can do that. In that league in town center the security of the supply depends on ones more ruta municipal utilities boss has to react and repair. Colleague and my colleagues who took a look at it are going to develop a security concept to make these heat and power stations secure from attacks. From the i was inside city of ottawa irish so i meant is that if we had sixty power stations and you switch them all off at once then wed have a very serious problem with just beginning and uses its you feel lighter got psych like oxygen at its most extreme it could lead to a blackout in extreme five isnt to downplay cowed by him. But are we just talking about an individual case about carelessness you know this program has stumbled across a loophole in the system that shows how dangerous even the most minor faults in a single router could become for the whole of germany. After moving house Alexander Graf wanted to make a phone call with his old phone via his new providers cable modem since that didnt work he took a closer look at the modem and made a frightening discovery. While searching for the problem with his phone he came across a Network Connection to the providers and tie a cable network. The password he needed to access it came with the modem one was even an encrypted in his route his memory. Millions can be made on the black market with such an unrecognized security loophole known as zero day foods does conspire millions of citizens as they do their phone banking or make expensive foreign phone calls via the numbers a billion devices could be affected from looters to aircraft as it is use wherever we have safety Critical Systems and certainly also in respect of infrastructure such as Nuclear Power plants the question is always how linked up the systems that are open to attack a security loophole becomes particularly problematic when you connect systems that werent designed to be connected when you have systems that dont have any Security Concepts for access rights for example but you put them online and then theyre open to attack thats a Real Security risk. Linking up devices creates additional risks the vulnerability of individual devices is worrying enough but its only when theyre linked up t