recommended reading

Threatwatch

Ultimate fear: China breached U.S. dam database to use as a roadmap for cyberattack

Accidentally leaked credentials; Unauthorized use of user privileges; User accounts compromised

An unauthorized user gained access to an Army database of U.S. dams that “categorizes U.S. dams by the number of people that would be killed if a dam fails.”

The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams has raised concerns that China is preparing to conduct a future cyberattack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams.

According to unnamed U.S. officials, the Corps of Engineers’ National Inventory of Dams was hacked by an unauthorized user believed to be from China.

The database contains information on vulnerabilities of every major dam in the United States. There are around 8,100 such dams.

A Corps of Engineers spokesman confirmed the cyber incident but declined to corroborate details: “The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce said in a statement.

“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.

sector

Government (U.S.); Other Critical Infrastructure

reported

May 1, 2013

reported by

Washington Free Beacon

number affected

Unknown

location of breach

United States

perpetrators

Chinese Hackers

location of perpetrators

Unknown

date breach occurred

January 2013

date breach detected

April 2013