Connect with us

Hi, what are you looking for?



Military Database of U.S. Dams Compromised by Attackers: Report

U.S. intelligence agencies believe Chinese hackers recently accessed a database containing sensitive infrastructure data.

U.S. intelligence agencies believe Chinese hackers recently accessed a database containing sensitive infrastructure data.

An unauthorized user—believed to be from China—was able to access the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database beginning in January, The Washington Free Beacon reported Wednesday. The said database contains sensitive information on vulnerabilities of every major dam in the United States.

The US Army Corps of Engineers did not reply to phone calls and emails from SecurityWeek requesting details of the incident. Pete Pierce, a spokesperson from the Corps, confirmed to the Free Beacon the cyber-incident had occurred, but declined to provide additional details.

Army Corps of Engineers Database of Dams Hacked“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce told the publication.

The Army Corps of Engineers immediately revoked the user’s access to the database after discovering the user was not authorized, Pierce said. The Corps is reviewing security protocols governing who has access to the database, he said.

NID’s Web portal recently was updated to add a statement informing users that “usernames and passwords have changed to be compliant with recent security policy changes.” Free Beacon reported the changes were made after the attack was discovered.

There are around 8,100 major dams across the United States, many of which are hydroelectric dams that generate electricity and feed into the national electrical power grid. The database categorizes dams by the number of people that would be killed in case of a dam collapse.

Officials “familiar with intelligence reports” told the Free Beacon that the attack was traced back to China and was discovered in April.

Advertisement. Scroll to continue reading.

The incident, and the fact that it was traced back to China, raises concerns that the cyber-adversaries may be planning an attack against the national electrical power grid. Officials are concerned that data from NID could be used by attackers to plan attacks to disrupt power grids and damage critical infrastructure.

Recent reports have highlighted how critical infrastructure—electrical power grids, financial networks, transportation controls, and industrial control systems—are vulnerable because the computer networks and equipment used do not have proper security safeguards built inside.

China is a frequent suspect whenever cases of cyber-espionage or sabotage are uncovered. Government officials believe China is encouraging its group of elite hackers to break into companies and steal intellectual property, and cyber-security experts have recently warned of the dangers of nation-states targeting American critical infrastructure. Mandiant’s report in February highlighted some of the activities that have been traced back to China, and identified some of the campaigns carried out by an elite military hacking unit.

Related Podcast: The State of ICS/SCADA Security

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Related ReadingPutting SCADA Protection on the Radar

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.