Hackers targeted U.S. nuclear plants using ... fake Microsoft Word résumés

The FBI and U.S. Department of Homeland security have been helping multiple U.S. energy companies fend off cyberattacks from foreign hackers, according to bombshell reports from the New York Times and Bloomberg on Thursday.

The stories explain how hackers working for a foreign government breached at least a dozen U.S. power plants, raising concerns (yet again) over vulnerabilities in the electrical grid.

Both stories go into tremendous detail about how the attacks were pulled off, but the New York Times story in particular featured a strange little anecdote that stood out in the context of reading about "nuclear plants" and "hacking."

Here's the excerpt:

The fake résumés were Microsoft Word documents that were laced with malicious code. Once the recipients clicked on those documents, attackers could steal their credentials and proceed to other machines on a network.

Wait, what?

Is the security of U.S. nuclear facilities really being threatened by a dusty old MS Word document? Aren't you supposed to send your résumé as a PDF anyways?

Luckily, it's a little more complicated than that. Federal officials say the hackers were only able to penetrate the business side of the nuclear facility — not the operations of the plant — and that there was no threat to public safety.

Furthermore, Wired reports that most industrial control systems run on obscure computers that typically aren't connected to the internet. So hackers would presumably need to go to great lengths to access the operations systems.

Still, even if hackers have to do much more to execute a full-scale power grid attack, it's scary to know that it could all start from something as innocuous as a MS Word document.

This is just one more reason we should all be using Google Docs.