The US military has revealed that a hacker infiltrated a government database for a period of several months, gaining access to detailed US Army Corps of Engineers information regarding possible vulnerabilities in US infrastructure.
According to a report published by nonprofit online newspaper the Washington Free Beacon, the hacker, possibly using stolen username and password credentials, accessed the National Inventory of Dams (NID) and siezed information not normally available to the public.
The NID database contains comprehensive information about 79,000 dams throughout the US, including the estimated number of deaths there would be if a given dam failed.
“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Army Corps of Engineers spokesperson Pete Pierce told the Washington Free Beacon.
Fox News also reported that Pierce "confirmed the cyber incident" but said he declined to provide further details about the intrusion.
Citing unnamed officials “familiar with intelligence reports,” the Washington Free Beacon went on to report that the NID was hacked by a user from China, whose intrusion began in January and was only discovered in April.
Though it's not yet clear precisely who was behind the NID hack, intrusions into critical infrastructure by state-sponsored hackers have increased in recent years, as nations attempt to collect information about systems controlling power grids, water supplies and transportation, among others.
According to reports by analysts, including Mandiant’s study of a “cyber espionage unit” based in Shanghai with ties to the People’s Liberation Army, China carries out the vast majority of global cyber intrusions into private and public sector secure networks.
However, hackers have also been employed by several other governments, including Israel, Russia and France.
“It’s not China alone. Dozens of other countries are involved,” former head of FBI cybersecurity investigations Shawn Henry told the Washington Post.
“In the wrong hands, the Army Corps of Engineers’ database could be a cyberattack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” Michelle Van Cleave, a former consultant to the CIA, told the Beacon of the recent hack.
Dams are just one part of national infrastructure networks that analysts and officials say are extremely vulnerable to intrusion by lone hackers or antagonistic governments wielding cyberweapons.
“The government’s senior-most civilian, military, and intelligence professionals all agree that inadequate cybersecurity within this critical infrastructure poses a grave threat to the security of the United States,” Obama Administration cybersecurity coordinator Michael Daniel wrote in February.