Click on any incident to see details.


ID Approximate date of the incident Year Source Database Attack Description Country Industry Type Attack Details Impact Link at the Internet Malware Name MITRE ATT&CK Software ID [if exists] Duration Ransom Value (USD) Paid (Y/N) TI Safe Score
wdt_ID ID Approximate date of the incident Year Source Database Attack Description Country Industry Type Attack Details Impact Link at the Internet Malware Name MITRE ATT&CK Software ID [if exists] Duration Ransom Value (USD) Paid (Y/N) TI Safe Score
1 1 01/06/1982 1.982 RISI CIA Trojan Causes Siberian Gas Pipeline Explosion Russia Petroleum Thomas Reed, senior US national security official, claims in his book “At The Abyss” that the United States allowed the USSR to steal pipeline control software from a Canadian company. This software included a Trojan Horse that caused a major explosion of the Trans-Siberian gas pipeline in June, 1982. The Trojan ran during a pressure test on the pipeline but doubled the usual pressure, causing the explosion. (#1, #2) “In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,” Reed writes. (#3) The scheme to plant bugs in Soviet software was masterminded by Gus Weiss, who at the time was on the National Security Council and who died last year. Soviet agents had been so keen to acquire US technology, they didn’t question its provenance. (#4) Russian newspaper sources deny the report, saying an explosion did take place, but it was caused by poor construction, not by planted software. “What the Americans have written is rubbish,” said Vasily Pchelintsev, who in 1982 headed the KGB office in the Tyumen region, the likely site of the explosion described in the book.” (#5) The software sabotage had two effects, explains Reed. The first was economic. By creating an explosion with the power of a three kiloton nuclear weapon, the US disrupted supplies of gas and consequential foreign currency earnings. But the project also had important psychological advantages in the battle between the two superpowers. “By implication, every cell of the Soviet leviathan might be infected,” Reed writes. “They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the entire operation.” 5
2 2 12/08/1985 1.985 RISI Union Carbide Chemical Leak West Virginia United States Chemical The Institute facility leaked methylene chloride and aldicarb oxime, chemicals used to manufacture the pesticide Temik. The leak resulted from a computer program that was not yet programmed to recognize aldicarb oxime, compounded by human error when the operator misinterpreted the results of the program to imply the presence of methyl isocyanate (as in Bhopal). (#3) One hundred and thirty four people were were sent to the hospital, six of whom where Union Carbide employees. Thirty people filed two lawsuits seeking $88 million in damages, but hundreds of people marched in support of the company. OSHA proposed fines of $32,100 for endangering workers, though later agreed to having Union Carbide pay $4,400 if it bought an accident simulator for training workers. (#1) 5
3 3 01/01/1989 1.989 RISI Oil Company SCADA System Impacted by RF Interference United States Petroleum In 1989 a SCADA sytem was being prepared for an oil company in Houston Texas. All the remote telemetry units were communicating with the master station computer via low power Johnson radios. The dummy loads on all of the antennae were used to cut down the range of the transmissions, (this caused havoc with the SWR’s and other equipment but the transceivers could be adjusted to get decent communications most of the time). Sporadically there would be bursts of errors for seemingly no reason. Using data analysers, junk could be seen on the frequency but could not be identified. Using a telephone handset on a circuit to listen to the ‘noise’ it was established that a delivery truck was talking to his dispatcher at the same time that the communications efficiency dropped to zero. (#1) 3
4 4 01/01/1991 1.991 RISI Computer Error at Sellafield Nuclear Plant in UK England Energy A computer error at the vitrification plant resulted in two shielding doors being left open while highly radioactive material was still inside one chamber. (#2) Production at the facility was stopped and did not resume until cause of the accident was established. No one was exposed to radiation during the incident. (#2) 5
5 5 01/01/1992 1.992 RISI Computer Sabotage at Nuclear Power Plant Lithuania Energy A computer programmer at the Ignalina Power Reactor Sation in Lithuania introduced a virus into one of the stations computers in an attempt to sabotage a reactor at the plant by introducing a virus into the computer system. Oleg Savchuk was arrested on a charge of premeditated sabotage. The station shut down the same day the incident was reported, however, a spokesman said this was coincidental and had nothing to do with the computer virus. The cooling system in the first reactor broke down. There is some controversy surrounding the case. There were accusations that the station management fabricated the incident to get rid of Savchuk. There were also suggestions by station management that Savchuck may have introduced the virus and then called it to the attention of management in order to receive a bonus for solving the problem. The infected computer system was in control of subsidiary systems, not the reactor according to the deputy minister of Power Engineering, Saulius Kutas in a statement to the Lithuanian news media. Nuclear plant computer was infected with a virus. There was a station shutdown, though it was reported to be coincidental and not caused by the virus. Oleg Savchuk was arrested for premeditated sabotage. 3
6 6 01/01/1994 1.994 RISI Computer Software Faults May Have Caused Chinook Helicopter Crash England Transportation Systems The Chinook Mark 2 helicopter crashed on June 2, 1994 killing all 29 people on board. Initially, the pilots were blamed for the incident. Later, it was concluded that the exact cause of the accident was impossible to establish. The BBC received internal Ministry of Defense (MoD) documents written nine months before the crash that describe the Chinook engine control computer software as “positively dangerous”. The report was written by a senior engineering officer at the MoD Aircraft Testing Center at Boscombe Down. The pre-crash report stated that a hazard analysis identified the engine software as “safety critical” and stated that “any malfunctions or deisgn errors could have catastrophic effects”. In addition, “21 category one and 153 category two anomalies have been revealed. One of these The Chinook Helicopter crashed killing all 29 people on board. New evidence casts doubt on the airworthiness of the helicpoter. A report prepared nine months before the crash indicated there may be problems with the engine control computer software. 4
7 7 02/01/1994 1.994 RISI Salt River Project Hack United States Energy Between July 8th and August 31st, 1994, the perpetrator, Lane Jarret Davis, accessed a computer or computers belonging to the Salt River Project via a dialup modem on a backup computer. He was able to access data and delete files on systems responsible for the monitoring and delivery of water and power to SRP customers, as well as customer, financial and personnel records (#1). The impacts reported on this incident are very contradictory. According to probation records (#1) Davis was able to access the canal control SCADA system for at least 5 hours, as well as accessing customer, financial and personnel records. SRP estimated that they suffered a $40,000 loss, not including the loss of productivity. The press reports (#3) and statement by Assistant Attorney General Michael Chertoff (#2) that Davis had control of the SCADA system controlling the Roosevelt Dam spill gates are believed to be incorrect. According to emails from SRP representatives to the Washington Post, the canal SCADA system and dam SCADA systems are not connected (#4). 4
8 8 01/01/1995 1.995 RISI PLCs Crashed by IT Audit United States Food and Agriculture A security consultant was scanning the food companies business and process networks for vulnerabilities. Probe packets containing deliberately malformed entered the Ethernet-based process control network and caused all PLCs to hard fault. The packets contained malformed ICMP Redirects messages with a subcode of 4 or greater. The loss of production was estimated to be over $1,000,000 USD 5
9 9 02/01/1995 1.995 RISI Oakland Air-Traffic Control Center Outage United States Transportation Systems One of the three power sources was down for testing and maintenance at the time of the episode. The second power source failed unexpectedly. When technicians attempted to bring the third power source on-line, a faulty circuit board in Critical Power Panel failed, preventing power from being restored. (#1) The reason for these failures appears to be examples of problems with aged computers being used for air-traffic control. (#2) All radar and radio communications at Oakland Center were shut down as the result of a 45-minute power outage. All radar screens went dark and all radio communications were cut off. Lights and telephones were unaffected. It took 45 minutes to restore radio and the backup DARC (direct access radar channel) radar system and it was more than an hour before the NAS computerized radar was restored. (#1) The center lost all radar and radio contact with airborne planes within an 18-million square-mile area. (#2) 5
10 10 01/01/1996 1.996 RISI Duplicate IP Address Prevents Machine Startup Canada Pulp and Paper The mill had upgraded the profile controller on the #1 Paper Machine to a control system that used Ethernet and TCP/IP to communicate between the scanners and the main controller. It was also connected to the main mill network through a bridge so that profile information could be accessed by business applications. Some time after the installation, a network printer in another area of the mill was accidentally given the same IP address as the controller. Initially this did not cause difficulties, but shortly after a routine maintenance shutdown, the scanners started directing their data to the printer rather than to the controller. The paper machine could not be started for over six hours. 3