By Pierluigi Paganini, Editor-in-Chief, CDM
May 3, 2013, 11:30 am EST
The systems of the US Army Corps of Engineers’ National Inventory of Dams (NID) were hacked back in January by hacker probably having Chinese origin.
The systems of the US Army Corps of Engineers’ National Inventory of Dams (NID) were hacked back in January by hackers probably having Chinese origin; the discovery has been made by U.S. Intelligence that tracked the intrusion into sensitive infrastructure database.
Experts say the information contained in the breached database could be used in cyberattacks launched by terrorists or hostile states. The infrastructures of US Army Corps of Engineers’ National Inventory of Dams (NID) were hacked, the news has been reported by The Washington Free Beacon website and it is considered high concerning by security experts. The news has been revealed to the website by unnamed intelligence officials that blamed the Chinese government or Chinese hackers. The data stolen are high sensitive, the database hacked in fact contained information of vulnerabilities related to around 8100 major dams located the United States.
The spokesman for Corps of Engineers, Pete Pierce, confirmed the unauthorized access to US Army Corps of Engineers’ National Inventory of Dams, to respond to the incident the Corps of Engineers revoked the account compromised and has immediately to start on improving of security for database and network.
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” “[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,”Pierce said.
After the data breach on the official website of US Army Corps of Engineers’ National Inventory of Dams was published an announcement that informed that all user credentials had been reset for compliance to security policy.
“December 2012 – All NID account usernames and passwords have changed to be compliant with recent security policy changes. All NID account usernames were changed to be the same as the e-mail address registered with the user account. All registered users should have received an automatic email notification with their new, temporary login information. You must log into the NID site using your e-mail address and the new password. When logging into the site with your new password for the first time, it is highly recommended that you copy/paste your password from the email you received rather than manually typing the password. Please remember: your password is case sensitive even though your username is not.”
The incident is critical, data acquired by hackers could be used to conduct a series of cyber attacks against National critical infrastructures, in different occasions US officials have alerted US Government of possible offensive against the country operated by state-sponsored hackers or cyber terrorists.
The Washington Free Beacon reported the declaration of Michelle Van Cleave, the former National Counterintelligence Executive, a senior counterintelligence policymaker that pointed out that the severity of the attack:
“In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” “You may ask yourself, why would anyone want to do that? You could ask the same question about why anyone would plant IEDs at the Boston Marathon.” “Alarm bells should be going off because we have next to no national security emergency preparedness planning in place to deal with contingencies like that,” she said.
Security experts are convinced that the intrusion has the primary goal to collect “vulnerability and targeting data” for future cyber or military attacks.
Recently Defense Science Board (DSB), a Federal Advisory Committee established to provide independent advice to the Secretary of Defense issued a report titled “Resilient Military Systems and the Advanced Cyber Threat” that presented an alarming scenario on the US nation’s military considered unprepared for a full-scale cyber-conflict. The 138-page report alerts Pentagon on the necessity to improve cyber capabilities to deal with such event, top-tier adversary represents a serious menace in case of cyber war, and in case of conflict critical infrastructures such as Dams represent a strategic target to preserve. The numerous initiatives conducted by the US Government to improve cyber capabilities are not sufficient to face with sophisticated cyber attacks by hostile countries, the report remarks that Defense Department “is not prepared to defend against these threats” and its effort leak of a proper coordination, the document also alerts central authorities on a “fragmented” dispersion of commitments. Lila Kee, board member of the North American Energy Standard Board (NAESB) and GlobalSign’s chief product and marketing officer commented the hack of the US Army Corps of Engineers’ National Inventory of Dams with the following words:
“This latest breach of the U.S. Army Corps of Engineers’ National Inventory of Dams is another loud siren warning critical infrastructure (CI) companies as well as the government that cyber threats to the CI are real and that security standards must be established, followed and enforced to protect our country,” “The energy sector and its electric segment are particularly vulnerable to cyberattack, especially considering that technology is rapidly gaining a larger role in critical infrastructure operations,” “Everyday evidence of nation-state foul play in the security of our CI grows. With the Department of Energy making a push to generate 80 percent of the nation’s electricity utilizing existing dams, cybersecurity standards must be a serious concern for the government and regulators.”
Regardless of the true origin of the attacks the incident raises the need to ensure the protection of critical infrastructures, information systems used for their control and information managed by governmental entities such as the results of vulnerability assessments conducted to identify critical vulnerabilities exploitable by attackers.
(Source: CDM & Security Affairs – Security)