On a sunny day last summer, in a vast cornfield somewhere in the large, windy middle of America, two researchers from the University of Tulsa stepped into an oven-hot, elevator-sized chamber within the base of a 300-foot-tall wind turbine. They'd picked the simple pin-and-tumbler lock on the turbine's metal door in less than a minute and opened the unsecured server closet inside.

Jason Staggs, a tall 28-year-old Oklahoman, quickly unplugged a network cable and inserted it into a Raspberry Pi minicomputer, the size of a deck of cards, that had been fitted with a Wi-Fi antenna. He switched on the Pi and attached another Ethernet cable from the minicomputer into an open port on a programmable automation controller, a microwave-sized computer that controlled the turbine. The two men then closed the door behind them and walked back to the white van they'd driven down a gravel path that ran through the field.

Staggs sat in the front seat and opened a MacBook Pro while the researchers looked up at the towering machine. Like the dozens of other turbines in the field, its white blades—each longer than a wing of a Boeing 747—turned hypnotically. Staggs typed into his laptop's command line and soon saw a list of IP addresses representing every networked turbine in the field. A few minutes later he typed another command, and the hackers watched as the single turbine above them emitted a muted screech like the brakes of an aging 18-wheel truck, slowed, and came to a stop.

[...] "They don't take into consideration that someone can just pick a lock and plug in a Raspberry Pi," Staggs says. The turbines they broke into were protected only by easily picked standard five-pin locks, or by padlocks that took seconds to remove with a pair of bolt cutters. And while the Tulsa researchers tested connecting to their minicomputers via Wi-Fi from as far as fifty feet away, they note they could have just as easily used another radio protocol, like GSM, to launch attacks from hundreds or thousands of miles away.