Security Experts:

Connect with us

Hi, what are you looking for?



Military Database of U.S. Dams Compromised by Attackers: Report

U.S. intelligence agencies believe Chinese hackers recently accessed a database containing sensitive infrastructure data.

U.S. intelligence agencies believe Chinese hackers recently accessed a database containing sensitive infrastructure data.

An unauthorized user—believed to be from China—was able to access the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database beginning in January, The Washington Free Beacon reported Wednesday. The said database contains sensitive information on vulnerabilities of every major dam in the United States.

The US Army Corps of Engineers did not reply to phone calls and emails from SecurityWeek requesting details of the incident. Pete Pierce, a spokesperson from the Corps, confirmed to the Free Beacon the cyber-incident had occurred, but declined to provide additional details.

Army Corps of Engineers Database of Dams Hacked“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce told the publication.

The Army Corps of Engineers immediately revoked the user’s access to the database after discovering the user was not authorized, Pierce said. The Corps is reviewing security protocols governing who has access to the database, he said.

NID’s Web portal recently was updated to add a statement informing users that “usernames and passwords have changed to be compliant with recent security policy changes.” Free Beacon reported the changes were made after the attack was discovered.

There are around 8,100 major dams across the United States, many of which are hydroelectric dams that generate electricity and feed into the national electrical power grid. The database categorizes dams by the number of people that would be killed in case of a dam collapse.

Officials “familiar with intelligence reports” told the Free Beacon that the attack was traced back to China and was discovered in April.

The incident, and the fact that it was traced back to China, raises concerns that the cyber-adversaries may be planning an attack against the national electrical power grid. Officials are concerned that data from NID could be used by attackers to plan attacks to disrupt power grids and damage critical infrastructure.

Recent reports have highlighted how critical infrastructure—electrical power grids, financial networks, transportation controls, and industrial control systems—are vulnerable because the computer networks and equipment used do not have proper security safeguards built inside.

China is a frequent suspect whenever cases of cyber-espionage or sabotage are uncovered. Government officials believe China is encouraging its group of elite hackers to break into companies and steal intellectual property, and cyber-security experts have recently warned of the dangers of nation-states targeting American critical infrastructure. Mandiant’s report in February highlighted some of the activities that have been traced back to China, and identified some of the campaigns carried out by an elite military hacking unit.

Related Podcast: The State of ICS/SCADA Security

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Related ReadingPutting SCADA Protection on the Radar

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack