- Ukrainian nuclear power plant employees were using two mining rigs to mine cryptocurrency.
- The authorities have found and seized eleven graphics cards that were powered by the nuclear plant.
- The systems were connected to the internet, so a severe cybersecurity risk was introduced to the plant.
Ukrainian news outlet Unian reports about a weird case of an investigation conducted by the Ukrainian Secret Service (SBU) against employees of the Yuzhnoukrainsk nuclear power plant. According to the reports, some of the employees connected the internal network to the Internet so they could leverage the plant’s power and infrastructure to mine cryptocurrency. This is a severe breach of the security policy of the nuclear plant, as it exposes state secrets and critical power generation units to all kinds of online threats. Moreover, it compromised network information, system information, physical defense information, and cybersecurity protection systems.
According to further details given by ZDNet, the SBU found and seized a total of eleven Radeon RX 470 graphics cards that were part of two mining rigs which operated from inside the nuclear power plant, while an undisclosed number of coolers, computer components, and power supply units have also been stripped and taken away. The SBU has not given any details about who, or even how many employees were involved in the incident, but it is possible that the operation was taking place in the knowledge of the military unit that is in charge of guarding the nuclear plant, so the matter may be taken to a military court.
The Yuzhnoukrainsk nuclear plant is the country’s second-largest one, with a nominal capacity of 2850 MW and an annual net output of 16.4 GW*h. It operates three individual units of pressurized water reactors which are licensed to continue their operation until 2023, 2025, and 2029 respectively. That said, this security incident is considered very serious by the authorities, as it compromised a key source of electricity for the country, and could potentially lay the ground for a successful cyber-espionage operation.
This is not the first time that people who work in power plants try to take advantage of the fact for personal gain. A very similar case took place in Russia in February 2018 when engineers working in the Sarov All-Russian Research Institute of Experimental Physics used the available supercomputers to mine cryptocurrency. In March 2018, the same happened in Australia with employees of the Bureau of Meteorology who also had a powerful supercomputer at their disposal. In April 2018, an employee of the Romanian Măgurele Institute was caught mining Monero at work. All that said, it looks like the temptation is too great for people who work in organizations that offer electric power combined with limitless computation resources, so this will most likely not be the last case of this type that we will report this year.