On a sunny day last summer, in a vast cornfield somewhere in the large, windy middle of America, two researchers from the University of Tulsa stepped into an oven-hot, elevator-sized chamber within the base of a 300-foot-tall wind turbine. They’d picked the simple pin-and-tumbler lock on the turbine’s metal door in less than a minute and opened the unsecured server closet inside.

Jason Staggs, a tall 28-year-old Oklahoman, quickly unplugged a network cable and inserted it into a Raspberry Pi minicomputer, the size of a deck of cards, that had been fitted with a Wi-Fi antenna. He switched on the Pi and attached another Ethernet cable from the minicomputer into an open port on a programmable automation controller, a microwave-sized computer that controlled the turbine. The two men then closed the door behind them and walked back to the white van they’d driven down a gravel path that ran through the field.

Staggs sat in the front seat and opened a MacBook Pro while the researchers looked up at the towering machine. Like the dozens of other turbines in the field, its white blades---each longer than a wing of a Boeing 747---turned hypnotically. Staggs typed into his laptop's command line and soon saw a list of IP addresses representing every networked turbine in the field. A few minutes later he typed another command, and the hackers watched as the single turbine above them emitted a muted screech like the brakes of an aging 18-wheel truck, slowed, and came to a stop.

Jason Staggs. Ross Mantle for WIRED

'We Were Shocked'

For the past two years, Staggs and his fellow researchers at the University of Tulsa have been systematically hacking wind farms around the United States to demonstrate the little-known digital vulnerabilities of an increasingly popular form of American energy production. With the permission of wind energy companies, they’ve performed penetration tests on five different wind farms across the central US and West Coast that use the hardware of five wind power equipment manufacturers.

As part of the agreement that legally allowed them to access those facilities, the researchers say they can't name the wind farms’ owners, the locations they tested, or the companies that built the turbines and other hardware they attacked. But in interviews with WIRED and a presentation they plan to give at the Black Hat security conference next month, they're detailing the security vulnerabilities they uncovered. By physically accessing the internals of the turbines themselves---which often stood virtually unprotected in the middle of open fields---and planting $45 in commodity computing equipment, the researchers carried out an extended menu of attacks on not only the individual wind turbine they'd broken into but all of the others connected to it on the same wind farm's network. The results included paralyzing turbines, suddenly triggering their brakes to potentially damage them, and even relaying false feedback to their operators to prevent the sabotage from being detected.