U.S. intelligence agencies believe Chinese hackers recently accessed a database containing sensitive infrastructure data.
An unauthorized user—believed to be from China—was able to access the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database beginning in January, The Washington Free Beacon reported Wednesday. The said database contains sensitive information on vulnerabilities of every major dam in the United States.
The US Army Corps of Engineers did not reply to phone calls and emails from SecurityWeek requesting details of the incident. Pete Pierce, a spokesperson from the Corps, confirmed to the Free Beacon the cyber-incident had occurred, but declined to provide additional details.
The Army Corps of Engineers immediately revoked the user’s access to the database after discovering the user was not authorized, Pierce said. The Corps is reviewing security protocols governing who has access to the database, he said.
NID’s Web portal recently was updated to add a statement informing users that “usernames and passwords have changed to be compliant with recent security policy changes.” Free Beacon reported the changes were made after the attack was discovered.
There are around 8,100 major dams across the United States, many of which are hydroelectric dams that generate electricity and feed into the national electrical power grid. The database categorizes dams by the number of people that would be killed in case of a dam collapse.
Officials “familiar with intelligence reports” told the Free Beacon that the attack was traced back to China and was discovered in April.
The incident, and the fact that it was traced back to China, raises concerns that the cyber-adversaries may be planning an attack against the national electrical power grid. Officials are concerned that data from NID could be used by attackers to plan attacks to disrupt power grids and damage critical infrastructure.
Recent reports have highlighted how critical infrastructure—electrical power grids, financial networks, transportation controls, and industrial control systems—are vulnerable because the computer networks and equipment used do not have proper security safeguards built inside.
China is a frequent suspect whenever cases of cyber-espionage or sabotage are uncovered. Government officials believe China is encouraging its group of elite hackers to break into companies and steal intellectual property, and cyber-security experts have recently warned of the dangers of nation-states targeting American critical infrastructure. Mandiant’s report in February highlighted some of the activities that have been traced back to China, and identified some of the campaigns carried out by an elite military hacking unit.
Related Podcast: The State of ICS/SCADA Security
Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure
Related Reading: Putting SCADA Protection on the Radar