Environment magazine. D. W. Meaning union. Four oclock in the morning in a small town two young men approach that target that part of our team of investigators theyre going to enter a building without leaving a trace. The break in begins from above the person controlling the drone could be as far away as china all russia the drum is setting for on protected networks and reporting them back to the hakas. It when the drug has reached the network and you can. See the first packages come in i see the first devices showing up the first communication we can read it its as easy as it sounds. As i talk as we then just. Get. Digitize ation has now reached many areas of life in germany giving criminals new opportunities we hear about hacking attacks in most every day not least on our Industrial Infrastructure sometimes the victim is telecom sometimes its an industrial john such as to some crook in one country cyber criminals even achieved a blackout what if Something Like that happens here. The scenario has already been played out in. How much danger is germany and. We asked several hikers to find out for us. To highlight the dangers that come with increasing digitise ation we start our research in the every day Digital World where were promised security and convenience. The digital home controlling entire buildings with nobody devices is becoming increasingly popular like here in austria for example. This charming little hotel is such a building and were going to take a closer look at it the owner has agreed he doesnt know when the attack will occur. Owner could soon enough has embraced new technologies there were regular problems in his stressful everyday life such as with the cold storm on one occasion the door wasnt closed properly another time there was a power cut thats particularly bad when the hotel is closed the good spoil quickly and the financial damaged. To the family is significant we have we always had the problem that on Public Holidays we werent able to monitor our cold storage because we thought about what to do about it. And some things are better we bought a sensor for the cold store that sends temperature data straight to our mobile. Phones or phones and they began send them to do it that we get an email and can react to it immediately. To temper to the temperature app was just the beginning of youve added other smart functional smart can you tell us about those. You dont know as an alarm located by the front door of the hotel. Or in the process of investing much more in this direction so we can be even safer. Than dark right. Be it analog or temperature sensor. Controls all of the functions via his phone the app send the data via the internet he was advised by his son and hell play an Important Role later on in this film but first the father will show us his Digital World. In his home for example he has a log with an access code that he can also control via his phone. This internet of things promises to be intelligent convenient and secure. The smart home bundles a number of functions so that they can be centrally controlled the intelligent control over this house takes care of the lighting it happens and closes windows and it monitors doors in connection with an alarm system it controls the solar panels on the roof and is supposed to help with managing energy. Consumption apps from the internet of things can also be centrally controlled. Items include household devices such as washing machines and surveillance cameras even light bulbs can be connected to the internet now all these items can be controlled remotely over the internet with a small van. But how easy is it for hackers to access this data and thereby learn for example that the home of the hotel guest is currently on occupied. Sebastien cold air is an expert hes looking for security loopholes to woman uses not to harm them. Hell hack the hotel for us to be asked to let the son of the owner will help him he advised his father but hes learned a few more things and then the two hackers have developed programs that can manipulate smart home controls from the outside. As a source until it is the smart homes promise security these components such as the Burglar Alarms are sold on the basis of delivering security and difficulty in most cases technically knowledgeable attackers will be able to access these systems or influence various functions in these smart homes. As a financial and smart homes to banff was. Hotelier could still not bought into these promises for a long time to he was excited about intelligent light bulbs that he could control from his smartphone as a protection against burglars for example but what he didnt see coming is that he wrote about exactly the opposite. For us as attackers the light bulbs and interesting we want to open doors without being verified since both are online and those are using the same encrypted material is easier to attack the lightbulbs rather than the lock which is better protected. Its friday eighteen minutes to eight the peak period were starting our attack on no test. Equipped with a transmitter and an Internet Connection the drone penetrates the Hotel Network then it sends the data to the two hackers. Where in the alarm system is the activated the doors open we can get in. The hotel you feel safe because the app tells him everythings fine. The two hackers on damaging the door theyre using the key but even a crowbar would have gone undetected because they d. Activated the Burglar Alarm first. Their Entry Remains unnoticed by the app to the surveillance cameras woman ip elated from the outside for the past thirty minutes theyve been showing a photo that was taken before not the two intruders. Theyve even remotely cracked the combination lock that the private have. Area. Could still doesnt know that weve already completed our trial battery his security didnt train with the. Doors open we can go in. Your son just broke into your hotel and you say to that if you shall. All be honest im very surprised that it was that easy. To get you out i always thought we had a safe house but this is this is easy in this day and age via certain smartphone apps still really surprises me in house. We too are amazed at how effortlessly the hackers succeeded in their attack. Unfortunately from professional experience its no surprise that as a private individual you should be angry. Your promise features and security and uses innocently by these products but are completely left in the dark about their own security good as its the security is fake lived. Hotel. Has asked his son to take the insecurity advises offline. Experts have a theory that ukraine is a kind of test lab for hackers trying out the latest cyber weapons. In the event the twenty fifth day in this malware called black energy triggered a widespread power outage in ukraine a year later there were more severe Cyber Attacks on the country even though the people of kiev dont see much of the civil war attacks on the electricity grid quickly became a matter of life and death in this struggling country the ministry for state security has invited the International Press to report on the latest Cyber Attacks in the country they targeted the Financial System the metro and once again the countrys policies apply the old malware black energy is still fresh in peoples minds but it already has a successor. Janko witness stand tack on the electricity grid. He takes us to the scene of the crime about an hours drive from kiev. Well secured from the outside the electrical substation outside the city because of the war with russia the countrys Energy Supplies in a desperate state their electricity demand can barely be met. Then the engineer shows me the room where he was forced to look on helplessly as the instruments developed a life of that alone and couldnt be controlled from within anymore it was the last i had the night shift on a completely normal day at the substation everything was fine and then towards midnight the switches started changing color but at so when we got to make sure that it was. When i looked at the voltage divider transformers i understood that the substation one hundred ten to three hundred thirty kilovolts didnt have any voltage anymore but it wasnt just a power. We were all shocked nobody could believe it that. The cyber attack caused a red alert in the biggest control center in europe which monitors electricity lines from russia to the e. U. There are a lot of the director of the state Energy Supplier sees political motives behind the attacks and these attacks could have design astras consequences for the whole of europe in the future they could be you know he can just go with all the European Countries that have modern Administration Systems with highly connected centrally controlled i. T. Systems even more vulnerable than ukraines isolated i. T. Systems when in the past why i believe that the things happen. Here will have consequences for developed countries like germany and austria too i think because were not so linked up the consequences for the ukrainian electricity grid were less than what could have happened in those other countries i mentioned where even the political system agree the make you know about the nation is movable to the ukraine got off lightly but such an attack could have more serious consequences in germany how safe is our Energy Supply given the increasingly connected nature of our systems the federal office for Information Security refers us to existing laws governing the protection of our Critical Infrastructure. Security law came into force in germany in summer two thousand and fifteen there are minimum standards requirements for operators of Critical Energy plants to report attacks that has given us a different level of protection therefore i think an attack like the one on ukraine isnt likely in germany really we want to know more. When visiting an expat whos interested in exactly this topic could hackers use loopholes to trigger a europe wide power outage. This is matty has done hina he wants to know how high the risk of a blackout is weve already had a taste caused by a cruise line up from the my ashes. That was the fourth of november two thousand and six. When i luxury liner was delivered on the ms up our card with far reaching consequences a cut a single high voltage power line was switched off there were communication problems between the grid operators this resulted in a europe wide chain reaction. About. The people didnt know what was going on they couldnt reach the Electricity Supply e. D. F. So they called us but we didnt know what was going on either all when power would be restored. The power cut lasted two hours. Why is the worlds biggest electricity grid so vulnerable. Because it vibrates as the experts put it. Doesnt just because this is the european alec just the grid it reaches from turkey to portugal and denmark to italy its not a National Grid its a big european wide grid thats as if thats whats the frequency at which it vibrates in europe its fifty hertz plus minus smallish deviations but generally speaking its fifty hertz the frequency reacts very sensitively to outages imagine it like a pair of old scales theres the demand for electricity i mean the sum of all electrical consumers and then theres the supply normally the systems in balance if a power station fails one side becomes lighter while the other becomes heavier my frequency drops off and seeing the other power stations notice that and say ok lets power up a bit to restore the balance and then i get my grid frequency of fifty heads back for shots. To cause a blackout hakas would have to find a way to switch off as many consume as all produces similar taney asmi with one click. But what do i need in order to bring about a blackout was a this is im i have a lot of wind energy and solar energy in the grid that has to be transported i have a situation where a lot of electricity has to be moved to another country such as england these are all factors. That already ramp it up a bit for the grid but theyre not normal issues but if i can provoke another big jump in performance at exactly that time the chances of triggering a blackout a highly. A blackout in europe last thing several days potentially would bring everything to a standstill concern about the vulnerability of Critical Infrastructure brings hackers scientists and operators together when meeting an old acquaintance who has already had experience with acas as the manager of a municipal power plant. That is the manager of the new less about whats in etling and hes also responsible for a power supply you understand the subject of decentralization is highly topical in Energy Supply surplus funds and twenty years ago we had around twenty Energy Producers here. Today we have almost nine hundred of them a joy to have this custom a generation is hooked up to our control center that creates new risks around i. T. Securities theres a loophole that could be abused and would steal because. We set out to find potential loopholes and quickly find one at a Primary School in the town center. That yes while i teach classes at taking place abstemious the future of the Energy Transition is starting in the schools sela. The new heat and power station thats to supply the town center with an actress city and heating has just been completed protected by thick walls and under the supervision of the municipal utilities these plans. As opposed to guarantee the palace supply. Im aaron stefan sized bag have found something after just ten minutes despite think wools theres a Wireless Network in the summer. Something i see no need for there to be a one as network down here because Maintenance Technicians can use a cable. A simple cable instead of a Wireless Network would provide security but remember maintenance is more convenient and cheaper the move toward Sustainable Energy sources is also creating Palace Station that can be controlled wirelessly via an app and Internet Connection and the wireless router. This router is very easily accessible were just looking into what other devices we can access via this router and whether we can access them by the control system of the power plant. And indeed other unknown individuals have already been inside this network yet when we found out that people have connected to this network with their phones in theory they also have access to get. A standard router with an unsecured why fine network to control a small power plant we simulate an attack on the router and switch it off. The municipal utilities control room cant do anything but watch its yellow now and that means the connection has been interrupted if it remains interrupted for more than five minutes it turns red and then theres nothing you can do any of your problem is that we cant have a connection to the heat and power station any more come for you we can no longer control it from here we cant influence the temperatures or output and we cant do anything remotely if a problem occurs if. There is a problem we dont find out about any more than. A communist medal from it. As a gateway for attack as with any luck such events will be limited to student pranks. Im going to cycle if you had the time and youre connected to the wife and network you could sit out here disguised as a student and try to get access for as long as you like. The big danger is that someone who really wants to break something will attempt it. And the individual locked in here with a phone can do that. In that league in town center the security of the supply depends on ones more ruta municipal utilities boss has to react and repair. Colleague and my colleagues who took a look at it are going to develop a security concept to make these heat and power stations secure from attacks. From the i was inside city of ottawa and i if so by the end is that if we had sixty power stations and you switch them all off at once then wed have a very serious problem with digging and uses its you feel like its a god psych like. At its most extreme it could lead to a blackout extreme five isnt to downplay coward. But are we just talking about an individual case about carelessness you know this program has stumbled across a loophole in the system that shows how dangerous even the most minor faults in a single router could become for the whole of germany. After moving house Alexander Graf wanted to make a phone call with his old phone via his new providers cable modem since that didnt work he took a closer look at the modem and made a frightening discovery. While searching for the problem with his phone he came across a Network Connection to the providers and tie a cable network. The password he needed to access it came with the now dam one was even an encrypted in his route his memory. Millions can be made on the black market with such an unrecognized security loophole known as zero day foods does conspire millions of citizens as they do their phone banking or make expensive foreign phone calls via the numbers a billion devices could be affected from looters to aircraft as it is use wherever we have safety Critical Systems and certainly also in respect of infrastructure such as Nuclear Power plants the question is always how linked up are the systems that are open to attack a security loophole becomes particularly problematic when you connect systems that werent designed to be connected when you have systems that dont have any Security Concepts for access rights for example but you put them online and then theyre open to attack and thats a Real Security risk. Linking up devices creates additional risks the vulnerability of individual devices is worrying enough but its only when theyre linked up that blanket attacks can occur but when the risk is so high why are devices even linked up in this way why dont we operate every wind turbine and solar panel separately. We get the answer to this question at the university of professor get higher share this research has shown that the transition to Renewable Energy can only succeed if produces intelligently connected. Experts cool these networks smart grids its not grades need different meters smart meters that will be getting in time thats the only way to balance out the green Energy Produced resulting in a stable and tricity great interview. If we want to use wind and solar energy we have the problem that wind doesnt blow all the time and theres no sun at night when these if we have to track the ups and downs of production to deal with them and thats what we get from the smart grid. Thats about as marketers if i were an actress that he comes from solar or wind Power Production and consumption have to be matched up every second theres a fluctuation in how much electricity is produced so we need smart grades and the test lab. That Test Facilities here and yes in addition to this roof we have a test area and im saying ns and another one in here just that and it in and sing and its twenty five percent of the Energy Requirements and in his estate and no less than one hundred percent is produced locally from solar power the future of the Energy Transition seems to have arrived the synchronous grid of Continental Europe as its called will only remain stable in its fifty heads frequency if we manage to keep the decent realized production of millions of citizens in balance with all Household Consumption the cobra family are in the middle of the Energy Transition they live in one of the test areas in oem theyve made their own home small not much to that childrens delight. They like playing with the wall the gadgets. Patrick coba appreciates the convenience but hes professionally secured his network. The command centers located in the basement of that home we try to hack it but to no avail the passionate tinkerer has used a simple trick. After having a chat with our Insulation Companies we decided to have the heating controls offline there installed on a computer that has no connection so it cant be attacked. His project home is simply not connected yet and thats why its safe but thats to change soon if the government gets its way so every house will be connected with a device that will replace traditional need has a smart meter. Smart meters on that just to measure the consumption and production of electricity in future they should actively control the performance of solar panels Wind Turbines and consumption in the home the vision is as follows if theres too much and i tricity the smart meters will switch on washing machines crank up fridges and charge up electric cars if theres too little at tricity then smart meters should be able to draw on reserves such as from the batteries in electric cars. Smart meters already in use in spain italy and finland germany is lagging a few years behind although the rollout of smart meters in germany started officially on the first of january twenty seventh team there are no devices yet that meet high German Security standards. Nevertheless the industry is celebrating the market at the future. Having smart meters is an opportunity for germany i want to get right to the heart of it the law to digitize the Energy Transition has removed the final hurdle after five years of political discussion we have cleared the way for the introduction of smart meters. I doubt your citizens are coming of age in the field. Energy two they can now make independent decisions will be entirely new Business Models we dont know many of them yet but i always have an image in the back of my mind from the liberalization of telecommunications when we give Young Children an Old Fashioned telephone with a doll today what do they do they try to push the numbers or swipe them thats the kind of change im hoping for with these new smart meters. And all the millions of it inspired me if. I knew wild but is it safe. The massive use of smart meters caused hakka having a vast quest to come up with a plan. He and a colleague were able to hack into millions of smart meters in spain with just a single device. Fortunately hes one of the good guys. It was a test thats why spain suffered no blackout. We were able to get into the network to get smart meters and control them. Which obviously is funny because then youre smart meters. Were getting installed remote disconnection feature that basically means that if you dont pay your bill they had a trickle company will just shut down joy or electricity remotely with a people for about an on a remote computer maybe about one thousand kilometers away from your house. And we were able to control that. Even found a way that would that out to craft cost on updates which could be considered somewhat i was because if you craft a closed on update well shut down at some time or well listen to about or comment or whatever it will turn every smart meter into our flashing tool so basically one a smart meter will update others then when those others get updated with a cold they will update other so it will spread pretty much like a virus to us even though its not running our we always but their way of working is the same so you could cause a big blackout just. By having access to one smart meter might not be an access i dont mean opening it i mean just on the to go port. No one would ever know how it is started. How it happened. Have you immediately reported the security loophole to the manufacturers after which he started working for a company in. With the serious Security Problems that the spanish not need his mind having a vast quiz the dance team took on a german model they spent several weeks looking into a fast generation devise from a german manufacturer one however which hadnt been built for the demands of the transition to Renewable Energy is. First impression of the board was that it was just really basic. Its very clear that the product itself wasnt developed with security in mind and. Its very easy for any attacker who has physical access to the device. Manufacturer cant understand every component using complete detail they just look at the bits that are relevant to them and thats what they build their entire product around but if the components do other things to that they dont need then that can be a weakness on this one. While were doing our research the manufacturer gets in touch with us. The Company Tells us theyre aware of the weaknesses under working on a new generation of devices and that they have invested several Million Euros into making these devices safe. For the rest of. The connect the connector one was advanced for a first device of this type but attacking it is no longer a problem i think a good hacker could do that with a decent mobile phone a little more beautiful lady can you get it again this generation of devices compares to the new one like the old nokia phone compares to modern Smartphones Nokia telephone. And smart phone if they so devices were connected they could be attacked thats why the federal office for Information Security has given manufacturers specific instructions about how to protect themselves against hacking attacks. Here we have the connector three point zero weve taken all the specifications issued by the office for Information Security into account theyve told us exactly what Security Technology to incorporate into our devices. By the time we finished making this film the federal office for Information Security hadnt yet certified any of the eight manufacturers smart meters and anyway certifications one thing liability quite another politicians dream of manufacturers being liable for everything in the future as a manufacturer what do you have to say about politicians demanding Product Liability to get it to him as equipment manufacturers we find this whole topic really difficult to address imagine that we have a hacking attack on these devices in three years time how can we say now that will happen and where the attack will come from we just will try to address the risks as best we can over time so were always up to date me thats why it him of who not to listen would be Nuclear Option for you dont know but i dont think any system is totally secure in your height its gobby he kind of says the manufacturers and hackers agree theyll never be one hundred Percent Security in the Digital World to go has to be to give hackers the biggest run for them money as they can because for them to time is money. The federal office the Information Security has a simpler interpretation when you get into a car which is also highly complex with many individual systems and engine brakes and Steering Wheel its relatively clear that the common you factor is always liable for all areas of all subsystems that dont work but in the cyber world we say its so complex were all using it nobodys liable because its hard to prove. Unsolved liability as is security loopholes wherever we turn and daily attacks from the web there are even digital blackmail as penetrating areas that are literally a matter of life and death. I look as can i was what happened at the lucas hospital which was a fully digitized hospital and one of the districts intensive care centers was that we were informed that the entire infrastructure had been shut down because of a Ransomware Attack so it could no longer provide emergency cover stories of we wondered what would happen if a patient with a heart attack had to be taken to somewhere fifteen minutes further away and died as a result of this fish tilt what happened february twenty sixth seen the look as hospital is an important part of Emergency Care in the district its fully connected in order to save lives patients guns are remotely accessible so that better and faster treatment can be given for example then there are the results of the tests done on hundreds of blood samples every day the network distributes them to the relative departments in real time the Cardiology Department relies on modern i. T. To these days the digital revolution is also revolutionizing medicine and increasing life spans we think its whats important is that everythings faster we get results right away i can take scans to the patient scans i didnt have before and show him or her the problem or i could show the patient other examples of pneumonia. And of your highly connected and then that was a problem what happened was we had an external hacking attack to protect our data the systems had to be shut down with that the complete system was switched off and our capacity was significantly reduced recently who could hear digital blackmail always follows the same principle. It happens when someone opens a manipulated attachment when surfing a fake website when clicking on a bad link by making such a wrong plague malware. Is activated which then spreads undetected in the system disguised as a harmless code the trojan grabs all the data and encrypts it nothing can be done anymore the trojan has taken over the computer. The victim is given a choice. Either the data is destroyed forever or ransom has to be paid quickly. Those who pay have to hope that the attacker would create the danger again after a successful transaction. Those who dont pay may well lose it forever. No patient was harmed but the damage cost the lucas hospital millions of year as its digital structure has to be rebuilt. Whether its a highly Specialized Hospital or a simple hotel as soon as they hook up to the web they are vulnerable to attack. Our research has shown that security measures on keeping up with the rapid pace of digitization. I present our Research Results to the president of the federal office for Information Security we had hacked lightbulbs and managed to break into a building that way we could have taken Wind Turbines off grid or even and time heat and power plants. So all we really better protected than ukraine. Is of course will close these loopholes over time businesses have to face up to their responsibilities and we have to introduce minimum standards and thats what were doing together its a task for society and i would prefer critics not to spread panic and instead make constructive. Contributions instead of pinpointing weak spots also put forward possible solutions really critics just complain but dont contribute a kind of consulting for to believe in god in cyberspace we live in a globalized world can one government or a single country even guarantee security at all as a state isnt responsible for everything the say protect its citizens what its like in traffic if i drive drunk in a hose or crashes im personally responsible we try to explain to people that when the traffic light in the cyber world is red you should stop and take the relevant measures but there is green you can proceed if youve installed the necessary updates for example. Of Mental Health must but if you dont stick to those rules you shouldnt be surprised when you get run over one of them a different version of hard work. But given how many security lupos we have found is it really that simple and we personally decide whether were going to drive a car nobody else does but we dont have that same choice in the context of the green energy and the risk is much greater to. Our research has confirmed that just a simple mass produced component could suffice to trigger a major disaster to stay with the traffic light metaphor traffic lights are good but what happens when hackers switch the mode to going. Theyre black and living in germany. Shes reminded what that means on a daily basis presenter john up like this not being able to blend in and all this. Taking a Holiday Group and being you know different than the way. She travelled across germany to meet other black people and to hear their stories. Its that. I grew up in a white family in a white neighborhood it was definitely a challenge. She decided to put me up for adoption. So the main thing was to keep your head down and your mouth shut of course of the face like this i could never completely disappear if you see all these stereotypes about africa its good to see you. Do something for your country but youre still the black guy with an. Afro germany starting december tenth d. W. Business news live from bergland u. S. President donald trump arrives in vietnam ready to get down to business the u. S. Leader is expected to put America First at a Regional Economic summit there but he will face a a