Starting december second on t w. I mean you you mean you know. Four oclock in the morning in a small town two young men approach that target that part of our team of investigate his they going to enter a building without leaving a trace. Of the breaking begins from above the past controlling the drone could be as far away as china all russia the drone is setting for im protected networks and reporting them back to the hakas. It with the drug has reached the network and you can see the first packages come in i see the first devices showing up the first communication we can read it. Its as easy as it sounds. As an attack as weve been just to get. Digitize ation has now reached many areas of life in germany giving criminals new opportunities we hear about hacking attacks almost every day not least on our Industrial Infrastructure sometimes the victim is telecom sometimes its an industrial john such as to some crook in one country cyber criminals even achieved a blackout what if Something Like that happens here. The scenario has already been played out in. How much danger is germany and. We asked several hikers to find out for us. To highlight the dangers that come with increasing digitise ation we start our research in the every day Digital World where were promised security and convenience. The digital home controlling entire buildings with nobody devices is becoming increasingly popular like here in australia for example. This charming little hotel is such a building and were going to take a closer look at it the owner has agreed he doesnt know when the attack will occur. Owner could soon enough has embraced new technologies there were regular problems in his stressful everyday life such as with the cold storm on one occasion the door wasnt closed properly another time there was a power cut thats particularly bad when the hotel is closed the good spoil quickly and the financial damage to the family is significant. We always had a problem thats on Public Holidays we werent able to. Monitor our cold storage we thought about what to do about it. And some things that we bought a sensor for the cold store that sends temperature data straight to our mobile. Phones him the gunston temperate we get an email and can react to it immediately so for. Example to the temperature app was just the beginning of youve added other smart functionals can you tell us about those. You know if you dont know theres an alarm located by the front door of the hotel. Or in the process of investing much more in this direction so we can be even safer. Than dog right. Be it analog or temperature sensor. Controls all of the functions via his phone the app send the data via the internet he was advised by his son and hell play an Important Role later on in this film but first the father will show us his Digital World. In his home for example he has a log with an access code that he can also control via his phone. This internet of things promises to be intelligent convenient and secure. A smart home bundles a number of functions so that they can be centrally controlled the intelligent control for this house takes care of the lighting it happens and closes windows and it monitors doors in connection with the nylon system it controls the solar panels on the roof and is supposed to help with managing Energy Consumption apps from the internet of things can also be centrally controlled. By ten. Include household devices such as washing machines and surveillance cameras even light bulbs can be connected to the internet now all these items can be controlled remotely over the internet with a small van. But how easy is it for hackers to access this data and thereby learn for example that the home of the hotel guest is currently on occupied. Sebastien cold air is an expert hes looking for security loopholes to woman uses not to harm them. Hell hack the hotel for us to be asked to let the son of the ana will help him he advised his father but hes learned a few more things since then the two hackers have developed programs that can manipulate smart home controls from the outside. As is all of us until it is the smart homes promise security these components such as the Burglar Alarms are sold on the basis of delivering security and difficulty in most cases technically knowledgeable attackers will be able to access these systems or influence various functions in these smart homes. As a financial and smart homes too bad for us. Hotelier could still not bought into these promises for a long time to he was excited about intelligent light bulbs that he could control from his smartphone as a protection against burglars for example but what he didnt see coming is that he wrote about exactly the opposite films for us as attackers the light bulbs and interesting we want to open doors without being verified since both are online and those are using the same encrypted material is easier to attack the lightbulbs rather than the lock which is better protected. Its friday eighteen minutes to eight the peak period were starting our attack on noticed. Equipped with a transmitter and an Internet Connection the drone penetrates the Hotel Network then it sends the data to the to hackers. Where in the alarm system is the activated the doors open and we can get into. The hotel you feel safe because the app tells him everythings fine. The two hackers on damaging the door theyre using the key but even a crowbar would have gone undetected because they d. Activated the Burglar Alarm fast. Their Entry Remains unnoticed by the app to the surveillance cameras woman ip elated from the outside for the past thirty minutes theyve been showing a photo that was taken before not the two intruders. Theyve even remotely cracked the combination lock that the private have. Could selma still doesnt know that weve already completed our trial battling his security i didnt train. Doors open we can go in. Your son just broke into your hotel and you say to that we shall. All be honest im very surprised that it was that easy. To get you out i always thought we had a safe house but this is this easy in this day and age via a certain smartphone apps still really surprises me in house. We too are amazed at how effortlessly the hackers succeeded in their attack. Unfortunately from professional experience its no surprise but as a private individual you should be angry. Your promise features and security and uses innocently buy these products but are completely left in the dark about their own security. As its security is fake leaped. Hotel. Has asked his son to take the insecurity advises offline. Experts have a theory that ukraine is a kind of test lab for hackers trying out the latest cyber weapons. In november twenty fifth day in this malware called black energy triggered a widespread power outage in ukraine a year later there were more severe Cyber Attacks on the country even though the people of kiev dont see much of the civil war a tax on the electricity grid quickly became a matter of life and death in this struggling country the ministry for state security has invited the International Press to report on the latest Cyber Attacks in the country they targeted the Financial System the metro and once again the countrys policies apply the old malware black energy is still fresh in peoples minds but it already has a successor. Janko witness stand tack on the electricity grid. He takes us to the scene of the crime about an hours drive from kenya. Well secured from the outside the electrical substation outside the city because of the war with russia the countrys Energy Supplies in a desperate state their electricity demand can barely be met. Then the engineer shows me the room where he was forced to look on helplessly as the instruments developed a life of that alone and couldnt be controlled from within anymore it was the last i had the night shift on a completely normal day at the substation everything was fine and then towards midnight the switches started changing color. So when we got to make sure that it was. When i looked at the voltage divider transformers i understood that the substation one hundred ten to three hundred thirty kilovolts didnt have any voltage anymore but it wasnt as fun as the apollo. We were all shocked nobody could believe it that. The cyber attack caused a red alert in the biggest control center in europe which monitors electricity lines from russia to the e. U. There are a lot of the director of the state Energy Supplier sees political motives behind the attacks and these attacks could have disastrous consequences for the whole of europe in the future they could be you know he can muster with all the European Countries that have modern Administration Systems with highly connected centrally controlled i. T. Systems even more vulnerable than ukraines isolated i. T. Systems on a bus why i believe that the things happen. Here will have consequences for developed countries like germany and austria too i think because were not so linked up the consequences for the ukrainian electricity grid were less than what could have happened in those other countries i mentioned where even the political system agreed to make you know about the nation as movable to the ukraine got off lightly but such an attack could have more serious consequences in germany how safe is our Energy Supply given the increasingly connected nature of our systems the federal office for Information Security refers us to existing laws governing the protection of our Critical Infrastructure. The item security law came into force in germany in summer two thousand and fifteen there are minimum standards requirements for operators of Critical Energy plants to report attacks that has given us a different level of protection of therefore i think an attack like the one on ukraine isnt likely in germany really we want to know more. When visiting an expat whos interested in exactly this topic could hackers use loopholes to trigger a europe wide power outage. This is matty has done hina he wants to know how high the risk of a blackout is weve already had a taste caused by a cruise line up from the my ashes. That was the fourth of november two thousand and six. When i luxury liner was delivered on the ms up our card with far reaching consequences a cut a single high voltage power line was switched off there were communication problems between the grid operate has this resulted in a europe wide chain reaction. About. The people didnt know what was going on they couldnt reach the Electricity Supply e. D. F. So they called us but we didnt know what was going on either all when power would be restored. The power cut lasted two hours. Why is the worlds biggest tenant tricity grid so vulnerable. Because it vibrates as the experts put it. Doesnt say its just this is the european alec just the grid it reaches from turkey to portugal and denmark to italy its not a National Grid its a big european wide grid thats so peaceful thats whats the frequency at which it vibrates in europe its fifty hertz plus minus smallish deviations but generally speaking its fifty hertz the frequency reacts very sensitively to outages imagine it like a pair of old scales theres the demand for electricity i mean the sum of all electrical consumers and then theres the supply normally the systems in balance if a power station fails one side becomes lighter while the other becomes heavier my frequency drops off and seeing the other power stations notice that and say ok lets power up a bit to restore the balance and then i get my grid frequency of fifty heads back for the shots. To cause a blackout hackers would have to find a way to switch off as many consumers all produces similar taney a snake with one click. But what do i need in order to bring about a blackout was a this is im i have a lot of wind energy and solar energy in the grid that has to be transported i have a situation where a lot of electricity has to be moved to another country such as england these are all factors that already ramp it up a bit for the grid but theyre not normal issues but if i can provoke another big jump in performance at exactly that time the chances of triggering a blackout. A blackout in europe lasting several days potentially would bring everything to a standstill concern about the vulnerability of Critical Infrastructure brings hakas scientists and operators together when meeting an old acquaintance who has already had experience with acas as the manager of a municipal power plant. Is the manager then elizabeth whats in etling and hes also responsible for the power supply beyond just the subject of decentralization is highly topical in Energy Supply circles fancy twenty years ago we had around twenty Energy Producers here. Today we have almost nine hundred of them and george we have this custom a generation is hooked up to our control center that creates new risks around i. T. Securities theres a loophole that could be abused and would steal because. We set out to find potential loopholes and quickly find one at a. Primaries school in the town center. While i teach classes at taking place up status the future of the Energy Transition is starting in the school cellar. The new heat and power station thats to supply the town center with an actress city and heating has just been completed protected by thick walls and under the supervision of the municipal utilities these plants as opposed to guarantee the palace supply. Hi mary and stefan sized bag have found something after just ten minutes despite thick wools thats a Wireless Network and the santa. One thing i see no need for there to be a one as network down here because Maintenance Technicians can use a cable. A simple cable instead of a Wireless Network would provide security but remember maintenance is more convenient and cheaper the move toward Sustainable Energy sources is also creating power stations that can be controlled wirelessly via an app and Internet Connection and the wireless router. This router is very easily accessible were just looking into what other devices we can access via this router and whether we can access them by the control system of the power plant. And indeed other unknown individuals have already been inside this network yet. We found out that people have connected to this network with their phones in theory they also have access to. A standard router with an unsecured why fine network to control a small power plant we simulate an attack on the router and switch it off. Thank you. The municipal utilities control room cant do anything but watch its yellow now and that means the connection has been interrupted if it remains interrupted for more than five minutes it turns red and then theres nothing you can do any of the problem is that we cant have a connection to the heat and power station anymore come from yours and we can no longer control it from here we cant influence the temperatures or output and we cant do anything remotely if a problem occurs if there is a problem we dont find out about any more than. A convenience metal from it. As a gateway for attack as with any luck such events will be limited to student pranks. Im going to cycle if you had the time and youre connected to the wife and network you could sit out here disguised as a student and try to get access for as long as you like. The big danger is that someone who really wants to break something will attempt it because women dont know the individual locked in here with a phone can do that. In that Lincoln Town Center the security of the supply depends on ones more ruta municipal utilities boss has to react and repair. Colleague and my colleagues who took a look at it are going to develop a security concept to make these heat and power stations secure from attacks. From the i was inside city of ottawa and irish so i meant is that if we had sixty power stations and you switch them all off at once then wed have a very serious problem with digging and uses its you feel like its a god site like. At its most extreme it could lead to a blackout in extreme five isnt to downplay coward. But are we just talking about an individual case about carelessness you know this program has stumbled across a loophole in the system that shows how dangerous even the most minor faults in a single router could become for the whole of germany. After moving house Alexander Graf wanted to make a phone call with his old phone via his new providers cable modem since that didnt work he took a closer look at the modem and made a frightening discovery. While searching for the problem with his phone he came across a Network Connection to the providers and tie a cable network. The password he needed to access it came with the now dam one was even an encrypted in his word his memory. Millions can be made on the black market with such an unrecognized security loophole known as zero day foods does conspire millions of citizens as they do their phone banking or make expensive foreign phone calls via the numbers a billion devices could be affected from looters to aircraft. That is used wherever we have safety Critical Systems and certainly also in respect of infrastructure such as Nuclear Power plants the question is always how they linked up the systems that are open to attack a security loophole becomes particularly problematic when you connect systems that werent designed to be connected when you have systems that dont have any Security Concepts