Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chinese Hackers Infiltrate US Army Database, Compromise Safety of Dams

samzenpus posted about a year ago | from the protect-ya-neck dept.

China 256

coolnumbr12 writes "Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers' National Inventory of Dams (NID) has raised concerns that information gathered in the hack could help China carry out a cyber-attack on the national electrical power grid."

cancel ×

256 comments

Sorry! There are no comments related to the filter you selected.

This crosses one of Obama's famous red lines. (5, Funny)

Anonymous Coward | about a year ago | (#43615891)

You guys have nine years to knock that shit off or there is gonna be trouble.

how is this not an act of war? (1)

Anonymous Coward | about a year ago | (#43615895)

is there proof that it's tied to the chinese govt? if so, this seems like an overtly aggressive action.

False. Flag. (1)

Anonymous Coward | about a year ago | (#43615971)

Subject. Line.

Re:False. Flag. (1)

TapeCutter (624760) | about a year ago | (#43616127)

Nah, it's clearly pot meets kettle.

Re:how is this not an act of war? (5, Interesting)

sabri (584428) | about a year ago | (#43616077)

Is there proof that it actually was a Chinese citizen behind the keyboard? All they did so far is trace the origin back to a Chinese IP address.

Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.

I'm also wondering whether or not the DOD is purposely saying "it's the Chinese" to avoid people asking them "why don't you secure your shit better?".

Re:how is this not an act of war? (0, Troll)

Anonymous Coward | about a year ago | (#43616319)

Something happens in Iran, initial reports point to USA
IT MUST BE THE USA

Something happens in US, initial reports point to China
IT CAN'T BE CHINA

Re:how is this not an act of war? (1)

AK Marc (707885) | about a year ago | (#43616381)

It was China who hacked South Korea, until the company announced it was an internal IP that hacked them, not China. And if China hacks so many people so often, why has there never been any proof? Does an IP identify a person?

Re:how is this not an act of war? (4, Insightful)

Anonymous Coward | about a year ago | (#43616435)

How about the Iranian scientist who was assassinated? People thought it was CIA/Mossad, but it turned out that he was working undercover for the US, and was assassinated by the Iranian intelligence service.

By your logic, that single event should exonerate the US for any future occurrences of assassination inside Iran.

Re:how is this not an act of war? (1)

AK Marc (707885) | about a year ago | (#43616501)

But that was CIA, just not for the original reasons.

Re:how is this not an act of war? (0)

Anonymous Coward | about a year ago | (#43616413)

Much as that needed to be said, I hope you weren't expecting to be thanked for exposing Slashdot's Groupthink on this topic.

Re:how is this not an act of war? (1)

ewhenn (647989) | about a year ago | (#43616361)

Actually it just makes me want to ask, "why don't you secure your shit better.... from the Chinese?"

Re:how is this not an act of war? (1)

AK Marc (707885) | about a year ago | (#43616369)

The last time everyone swore it was the Chinese, it was later tracked down to an internal computer. Wolf doesn't work after the 10,000th accusation without proof.

Re:how is this not an act of war? (0)

Etherwalk (681268) | about a year ago | (#43616589)

China's reputation in this area is such (and well-earned) that they are the presumptively guilty party. "Innocent until proven guilty" does not apply to nation-states that routinely engage in operations of type X when an operation of type X occurs.

Yes, it could be Iran or North Korea, but the IP is Chinese, as are most of the IPs from attacks that China originates, so China is a reasonable suspect.

Re:how is this not an act of war? (4, Informative)

icebike (68054) | about a year ago | (#43616645)

Even if the culprit turned out to be a person with Chinese citizenship, it could very well be the same thing as some pimply faced youth somewhere in a fly-over state hacking into a Chinese database. It does not have to be related to the government. However, if it is, China has some explanation to do.

The great firewall of china won't allow any access to foreign sites that they don't like, but turns a blind eye to wholesale hacking by pimply faced kids? Who is THAT naive any more?

That it came from their IP and means nothing in and of itself. Especially when you RTFA and find this nugget

“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was GIVEN to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce said in a statement.

“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.

So there was no hacking involved. Simply someone handing out a password to a database to someone else who was not authorized. Since someone in the US Army or someone the Army authorized handed over the credentials you can hardly call it an act of war.

Someone screwed up, and it took months to find out about it. It may well have been something entirely innocent (if ill advised) as allowing hydrological engineers to compare notes on some aspect of dam construction or dam safety.

Re:how is this not an act of war? (0)

Anonymous Coward | about a year ago | (#43616629)

It wasn't an act of war because the hacker chose not to execute the $PGHID command. That command punches a giant hole in the dam.

Seriously though, while I would expect Fox News to give us these kinds of headlines, I hope for, and pretty much always get, better here. There are no "Break All the Dams" commands. There are no "Shut off All the Power" commands. There are no "Set All the Traffic Lights To Green" commands. Any time anyone uses the type "cyber-attack", we should give them the "Yeah, right" look and tell them to either be more specific or admit that they don't actually know what they're sensationalizing about.

There is no more such a thing as a "cyber-attack on the national electrical power grid" as there is a "cyber-attack on the national water supply" or a "cyber-attack on the nation's food supply" or a "cyber-attack on our nation's roads." Yes, we can find some cases where controller malfunctions blew some equipment up, sometimes pretty catastrophically, but willful hacking damage is very very rare and will never be used on a large scale because of the ratio of effort required to cause damage to the ease of defending against that damage as soon as it's discovered. How many people were killed by one of the most sophisticated and successful cyber-attacks that we know of (the stuxnet attacks)?

Keep things in perspective. Spamming botnets and PC viruses will continue to be far more effective at destroying countless hours of people's lives and costing corporations billions of dollars than all the foreign military cyber-attacks put together will ever be.

Doesn't matter (1)

Anonymous Coward | about a year ago | (#43615901)

I'm sure the leaks we know about are weak compared to the ones we don't know about

Real reason (5, Interesting)

Anonymous Coward | about a year ago | (#43615909)

quoted from "https://news.ycombinator.com/item?id=5642408"

Of course they can, what makes you think they aren't?

But a more interesting question is to look at what information is presented and what is missing. How much is new, how much is old. Then on policy stories like this one I sometimes pop over to the senate web site and look at what's coming up on the senate calendar [1] and oh look, on May 7th they are having a hearing to talk about

      Hearings to examine the Department of the Air Force in
      review of the Defense Authorization Request for fiscal
      year 2014 and the Future Years Defense Program.

Hmm, who is in charge of Cyber Command? Why it's the Air Force! Who would have guessed.

(yes I can be that cynical)

Re:Real reason (0)

Anonymous Coward | about a year ago | (#43615951)

[1] http://www.senate.gov/pagelayout/committees/b_three_sections...

Re: Real reason (1)

Anonymous Coward | about a year ago | (#43615999)

Maybe you should pop over to wiki too. CyberCom is not a air force subordinate command. Its a joint command currently commanded by an Army general.

FP! (-1)

Anonymous Coward | about a year ago | (#43615915)

First

All your dam are belong to us! We now take water! (-1)

Anonymous Coward | about a year ago | (#43615939)

Attacking civilian public infrastructure is an act of war, digitally or not. Disabling them remotely is the same as bombing them with a drone or a pilot for that matter.

Re:All your dam are belong to us! We now take wate (1)

flayzernax (1060680) | about a year ago | (#43616119)

Nothing got disabled. Worst case scenario information that could be used to disable may have been garnered.

Though... for such a big bad country the U.S. is certainly taking all these intrusions in stride...

Re:All your dam are belong to us! We now take wate (3, Insightful)

Genda (560240) | about a year ago | (#43616183)

That's because if we actually made too big a stink, we'd have to deal with the dirty deeds we did in the first place to prompt such a response and the last thing we really want to do is to begin airing our dirty laundry. Grumbling under our breath about what a bunch of douches the Chinese are is about as far as we can go without having to scrape large amounts of egg off of our collective faces.

Re:All your dam are belong to us! We now take wate (1)

AK Marc (707885) | about a year ago | (#43616421)

No harm was done. It's more like calling a weather balloon over your airspace an act of war. "It could be full of poisonous gas"

Do you really want to start a war over an unproven act of zero harm?

What Information? (4, Insightful)

Alex Pennace (27488) | about a year ago | (#43615949)

From the article it isn't clear exactly what information was deemed sensitive. Does this information include very specific details (like, "here is the password to that plant's SCADA system?" Or does it cover broader details that the public had free access to prior to the September 11 attacks, such information now being withheld as "critical infrastructure information?"

Re:What Information? (1)

linatux (63153) | about a year ago | (#43616043)

Hopefully the SCADA systems have a password other than the default

Re: What Information? (1)

s.petry (762400) | about a year ago | (#43616173)

123456

conf password is "password"

Re: What Information? (4, Informative)

AG the other (1169501) | about a year ago | (#43616231)

Actually army network passwords have or at least had to be when I worked for them 15 letters long, contain no dictionary words and have a minimum of 2 small letters, to caps and two symbols. They are also changed every 30 days and can not be reused.
Also at random times all passwords are just set to be reset because that is what the admins are told to do.

Re: What Information? (1)

slashmydots (2189826) | about a year ago | (#43616269)

I don't think the military owns or operates hydroelectric dams though

Re: What Information? (3, Informative)

Anonymous Coward | about a year ago | (#43616357)

The Army Corps of Engineers manages public waterways & dams in the eastern states.

Re: What Information? (4, Informative)

AG the other (1169501) | about a year ago | (#43616449)

They operate at least 4 or 5 in the state or Arkansas alone. During the 50s and 60s they just about damed up everything bigger than a trickle from a water hose here.
That's the Core of Engineers. That are where the guys that build for the Army get practice for digging in the USA for when they go other places.
They have a totally cool model of the Mississippi river in Vicksburg that they use to simulate floods, droughts and other projects in the entire Mississippi river drainage.
That's a big area in case you didn't know.

Re: What Information? (4, Insightful)

xQx (5744) | about a year ago | (#43616305)

Meaning the three most effective ways to gain access are:
1. Take high res photos of people's desks as you walk past and read use the passwords that will be written on yellow sticky notes around the place.
2. Steal someone's phone or diary and look for the passwords they've noted in their contacts or notes.
3. When you find the password, which will be something like "skldjfsldfjsklfjsf!@*(#3-Feb13" and it's now 30 days later, try "skldjfsldfjsklfjsf!@*(#3-Mar13" or "skldjfsldfjsklfjsf!@*(#3-Mar14"

Because at the end of the day a human needs to remember these ridiculous passwords, and they will revert to either writing it down or using a pattern.

Re: What Information? (1)

nomasteryoda (801608) | about a year ago | (#43616407)

Wow... that's exactly my password... LOL --- if you believe that, then you are a windows loser

Re: What Information? (4, Insightful)

rahvin112 (446269) | about a year ago | (#43616445)

The human memory thing is why we should have moved to pass phrases a LONG time ago. You can get far more entropy with a phrase than you can ever get with a password, no matter how complex.

A simple four word phrase with capitalized words and some punctuation would easily have 4x the number of characters as that impossible to remember 15 letter password. And as you noted, 30 day changes ensure there is a date, or number that allows the use of the same password with a slight variation.

Re: What Information? (2)

WWJohnBrowningDo (2792397) | about a year ago | (#43616455)

contain no dictionary words and have a minimum of 2 small letters, to caps and two symbols

Ironically, anal retentive password rules like this one actually undermines the password entropy. In this case I'll bet 99% of the passwords contain exactly two symbols.

what about embedded systems / ones that only have (1)

Joe_Dragon (2206452) | about a year ago | (#43616459)

what about embedded systems / ones that only have a few basic longin names?

Re:what about embedded systems / ones that only ha (1)

AG the other (1169501) | about a year ago | (#43616593)

They were outlawed. Not allowed on the network. Had to be upgraded and removed from the network.

Re:What Information? (0)

Anonymous Coward | about a year ago | (#43616371)

If it's the same US Army Corps of Engineers database of dams that I'm familiar with, it has a listing for every last damn dam known to exist in the USA (including every little podunk millpond and farm impoundment that's been reported) with a level of detail that compares pretty poorly to what can be learned from examining Google Earth or any map site with aerial photograph overlays. It has things like rough estimates of dam height, volume of water impounded, vague evaluations of condition and age, etc.

In other words, YAWN, calm down. Correct me if there's some other damn dam database that contains secrets the heathen Chinee must not know which I sincerely doubt.

Washington's hamfisted attempts to provoke anti-chinese and anti-Iranian hysteria are getting really tiresome.

Just got to say (4, Funny)

ColdWetDog (752185) | about a year ago | (#43615955)

Dam these Chinese!

Re:Just got to say (1)

Karl Cocknozzle (514413) | about a year ago | (#43616075)

Dam these Chinese!

...And then three hours later you just feel like you'll pass out if you don't hack somebody else...

Re:Just got to say (0)

Anonymous Coward | about a year ago | (#43616465)

This is just another dam Chinese hack attack.

Re:Just got to say (0)

Anonymous Coward | about a year ago | (#43616479)

They're doing that to themselves. Three Gorges Dam flooded a huge area of priceless cultural areas, and replaced it with a slow-motion silt disaster and a potential dam failure disaster.

Oh yeah, thats a great idea (1, Insightful)

MichaelSmith (789609) | about a year ago | (#43615973)

Destroy the economy of your biggest customer. Thats a great way to stay in business.

Re:Oh yeah, thats a great idea (2)

Nerdfest (867930) | about a year ago | (#43616115)

I'd guess that China's long term goal is not merely economic domination.

Re:Oh yeah, thats a great idea (4, Insightful)

Genda (560240) | about a year ago | (#43616213)

Yeah, because the Chinese have bases in countries all over the world... Oh, wait that's us. No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again. We spend more on our military than the next 13 nations combined (but we can't afford to educate our children... bright.) I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?

Just a thought.

Re:Oh yeah, thats a great idea (0)

Nerdfest (867930) | about a year ago | (#43616257)

I'm Canadian. What's this 'us' you speak of Kimosabe?

Re:Oh yeah, thats a great idea (3, Funny)

Sri Ramkrishna (1856) | about a year ago | (#43616311)

Even more funny is the fact is that since we can't educate our chidlren, we'll have to import our talent to run our war machines since we'll be nothing but a bunch of ignoramous who believe that dinosaurs and Jesus got along or something silly that or that the earth is only 5000 years old.

Re:Oh yeah, thats a great idea (0)

Anonymous Coward | about a year ago | (#43616599)

Yeah, because not teaching evolution is the big problem that's going to sink the future of our country.
[/rolling of eyes]
 
It's hard to take people like you seriously because you don't give a fuck that we're graduating people from the 13th year of public school that can't do basic algebra and who's biggest reading challenge over the years has been the sports articles on ESPN.com.
 
If it wasn't for you having such a stick up your ass you could see what the student body of the American school system has become. Fucktards that can't read and write on the 7th grade level who don't have the math skills it take to figure out the sales tax when buying the latest Iron Man DVD from Best Buy. They don't know and understand evolution because they don't have the ability to understand that what is 6 inch from their face. Not teaching evolution ranks right up there with not offering French as a foreign language to today's students in their quest to be well rounded people in society.
 
But keep on going on about religion. We'll have the dumbest group of atheists on the face of the planet but that's ok because now they'll know that the earth is like really old or something... maybe even a few million years old.

Re:Oh yeah, thats a great idea (3, Insightful)

Sardaukar86 (850333) | about a year ago | (#43616443)

The issues with the US education system do not appear [usc.edu] to be the result of insufficient funding.

Re:Oh yeah, thats a great idea (0)

Anonymous Coward | about a year ago | (#43616545)

Show me where you can find a clear line of evidence that shows that the amount of money you spend on education means a better educated public. The US was dumping endless fucking money at an increasing pace for decades into helping Ghetto Johnny and Trailer Park Susie to read, write and do arithmetic and for decades the test results did nothing but go down.
 
Not to say we don't spend too much on defending others and building a fighting force that hopefully will never be used but this whole idea that money is the solution to the problem of education is just pure rat shit. Maybe if you get your head out of your ass you'll see the problem is a social problem, not an economic one.

Re:Oh yeah, thats a great idea (1)

magarity (164372) | about a year ago | (#43616609)

Yeah, because the Chinese have bases in countries all over the world... Oh, wait that's us. No, it's the Chinese who are spending themselves into oblivion on weapons of war... Oh, wait, that's us again. We spend more on our military than the next 13 nations combined (but we can't afford to educate our children... bright.) I dunno, perhaps if we moved from offense to defense, these things wouldn't be issues?

Just a thought.

You need to check the ratios on the federal budget to see on what it is the US is spending itself into oblivion. Military spending is not the lion's share. And spending on public education exceeds what the feds spend on the military.

Re:Oh yeah, thats a great idea (1)

Anonymous Coward | about a year ago | (#43616227)

They could have conquered the world two thousand years ago, but decided that they had grown too big. They actually are also limiting their own population with the "one child" laws and such. I seriously doubt they want more region than they currently have.

Re:Oh yeah, thats a great idea (1)

Bing Tsher E (943915) | about a year ago | (#43616359)

I don't think there is a lot of continuity in the powers that ruled China 2000 years ago and the regime in power now. It's shocking that anybody could even think that was relevant.

If they drop the one child policy... (1)

AmazingRuss (555076) | about a year ago | (#43616401)

... they're gonna need some lebensraum. Long term could be 4 generations. Look how far China has come in the last 4.

Re:Oh yeah, thats a great idea (1)

cmurf (2833651) | about a year ago | (#43616139)

Another great idea would be for posters to consider either not making things up, or state who has raised concerns (as absurd as they may be).

Lazy execs or engineers? (3, Insightful)

grantspassalan (2531078) | about a year ago | (#43615977)

I don't understand why anyone would want to connect really important things such as power plants and dams to the Internet. We have been running such things for about a century now and they work just fine. Anything behind a barbed wire fence should never be connected to the Internet. Why do people do this? Just for the convenience of some fat executive or lazy engineer who doesn't want to get his fat @$$ out of this office and see what is really going on with the machinery?

Re:Lazy execs or engineers? (5, Funny)

Anonymous Coward | about a year ago | (#43616129)

Anything behind a barbed wire fence should never be connected to the Internet.

Earl! Unplug the cows!

Re:Lazy execs or engineers? (2)

Karl Cocknozzle (514413) | about a year ago | (#43616297)

Anything behind a barbed wire fence should never be connected to the Internet.

Earl! Unplug the cows!

Ahh, spring... When a young AC's thoughts turn to love...

If only I had mod points... Well crafted.

Re:Lazy execs or engineers? (4, Insightful)

Karl Cocknozzle (514413) | about a year ago | (#43616133)

I don't understand why anyone would want to connect really important things such as power plants and dams to the Internet. We have been running such things for about a century now and they work just fine. Anything behind a barbed wire fence should never be connected to the Internet. Why do people do this? Just for the convenience of some fat executive or lazy engineer who doesn't want to get his fat @$$ out of this office and see what is really going on with the machinery?

The issue isn't that individual devices are connected to the Internet per se, the problem is that many of these networks are not designed to isolate the sensitive systems from "vanilla" office computers. The problem is people in operations centers need access to weather, news etc and while they have news channels on video wall with various other readouts, sometimes they need to confirm stuff. If it really is going to freeze suddenly, that will require extra capacity as heaters, water heaters, and engine block-heaters get switched back on by some people.

They could run parallel LANs, with separate workstations and networks for the "sensitive" operational machines and the "regular" vanilla workstations where people do email and crap.

The risk is at the touch points, and good luck shutting them all down. How will the administrators receive alerts if the "sensitive" systems can't send SNMP pops to a monitoring system outside the virtual-wire--or to one inside of it that then emails you outside the wire. At some point, PEOPLE become the touch point and sneaker net with USB tokens becomes a problem. You can shutdown and cement over the USB ports but some applications require dongles somewhere and eventually something gets plugged into something and autorun.exe happens and the next thing you know, they're hacked by Chinese.

This problem runs many, many layers deep. If only "unplugging it" was that easy.

Re:Lazy execs or engineers? (1)

sirsnork (530512) | about a year ago | (#43616527)

Firewalls can and do block incoming traffic. The only machine allowed to make outbound connections is the SMNP trap server, and it can only connect to internal SMTP server.

Sneakernet is the problem, electronically securing systems that must send electronic alerts, not so much

Re:Lazy execs or engineers? (1)

Gogo0 (877020) | about a year ago | (#43616563)

quick clarification, in the Army (even CoE), SENSITIVE information is what is on the "vanilla" computers 99% of the time. it is a designator for information that is classified higher than PUBLIC, lower than SECRET, and for use at work only.

SENSITIVE data could be anything between a list of unit personnel's home telephone numbers to a comprehensive list of vulnerabilities across the entire unclassified network. anything deemed too-sensitive is classified higher and resides on a different network.

odds are better than decent that this is not information that will allow all our dams to be shut down or something, however it could give whoever nabbed it an overview that, combined with other data, could be compromising. its like someone reading your diary. it sucks, and they learned a lot, but it probably wasnt very valuable information to begin with. at least it shouldnt be.

Re:Lazy execs or engineers? (1)

Anonymous Coward | about a year ago | (#43616253)

No its much more than that. Some of it even being driven by the federal government through the SmartGrid initiatives. Their are networks throughout the power transmission system that control power switches, transformers, and power generation. The software to control all of this is complex and you need people in diverse locations to be able to monitor and react. Things like priority and location of a powerline impact along with a map can be propagated to linemen on rugged tablets.

So meet those desires they connect these devices with their corporate networks and consequently to the internet. And.. just for the record the tech talent at utilities doesn't tend to exactly be the highest of quality so I'm sure there are plenty of vulnerabilities for those looking..

Re:Lazy execs or engineers? (1)

slashmydots (2189826) | about a year ago | (#43616279)

Fat ass engineer actually, I would assume. Also he's probably offsite and a 3rd party contractor for cost reasons.
I have an idea! Make a local-only computer. Have a display of all settings and readings. Point a webcam at it. Tada, read-only access to all the settings and readings, lol.

Must be getting old (0)

Anonymous Coward | about a year ago | (#43615983)

We used to call them script kiddies. Is that term no longer cool?

Re:Must be getting old (2)

pspahn (1175617) | about a year ago | (#43616225)

If we really push how "uncool" it is to be a script kiddie, before long we will have hipsters calling themselves script kiddies. At that point, we can have someone to point and laugh at.

Not the hack compromises the safety (5, Insightful)

gweihir (88907) | about a year ago | (#43615991)

The vulnerabilities of the dams are the real problem, but for some reason the government prefers to lie about that. Most of these vulnerabilities are probably pretty obvious to an expert (and, yes, the Chinese have experts on damns and these can go to the US for vacation), so hiding these problems is pretty stupid in the first place.

Re:Not the hack compromises the safety (1, Troll)

Karl Cocknozzle (514413) | about a year ago | (#43616177)

The vulnerabilities of the dams are the real problem, but for some reason the government prefers to lie about that. Most of these vulnerabilities are probably pretty obvious to an expert (and, yes, the Chinese have experts on damns and these can go to the US for vacation), so hiding these problems is pretty stupid in the first place.

Right, but we don't want no more liberal big gubmint!" And so the dams go unrepaired. As go the bridges. And waterways. And embankments. And highway offramps...

Every great many years something fails spectacularly, and a few dozen commuters get splashed into the river. See also Minneapolis... Then lip service is paid, asses are kissed, and in the end only the absolutely worst bridges are fixed, the rest simply get "back-burnered" until the next stimulus bill comes along. And millions of commuters drive over these roads and bridges every single day.

Have fun! I'm riding my bike.

Re:Not the hack compromises the safety (0)

Anonymous Coward | about a year ago | (#43616521)

You may want to look into those incidents deeper and look into how much money is wasted on graft, corruption, and pork barrel spending before you kneejerk and boldly claim they were due to simply not having a big enough budget.

Re:Not the hack compromises the safety (1)

gweihir (88907) | about a year ago | (#43616569)

Indeed. What I find truly fascinating is the double standards. Terrorism kills quite small numbers of people in comparison, yet billions are spend (or better: wasted) to "fight" it. Yet this clear and present danger to critical infrastructure is ignored. Typically, you should not attribute to maliciousness what can be adequately explained by stupidity, but I think the state of the US infrastructure problems have exceeded what stupidity can explain some time ago.

hiding vulernabilities from al-qaeda (0)

Anonymous Coward | about a year ago | (#43616245)

I bet the US govt knows a real government with real hydrologists, like China, can find vulnerabilities in the dams. Lots of civil engineering details, including dam vulnerabilities, were classified after Sep 11, 2001, to keep it out of the hands of terrorist groups like al-qaeda.

I think that China stealing a dam vulnerability database, and being tracked by the United States, is better for the United States than China. Unless, China intends to go to war real soon. Big businesses and government agencies will now take security seriously, thanks to China.

Re:hiding vulernabilities from al-qaeda (2)

gweihir (88907) | about a year ago | (#43616603)

Al-Qaeda does not and never had the capability for a large terrorist attack in the US. September 11th was only possible due to terminal incompetence and arrogance on the side of the FBI and others. There is absolutely no point in keeping this data from them.

If there should be a terrorist organization in existence than can blow up US dams, then they do not need that database. The only thing that hiding this database accomplishes is to make sure the US population does not find out how their tax money is wastes by arrogant incompetents in power. That completely explains why this data got classified. The mess-up got so bad that even ordinary people would be able to understand it, and hence to hat to be hid.

Re:Not the hack compromises the safety (0)

Anonymous Coward | about a year ago | (#43616387)

No need to really attack or break anything, still plenty of potential to profit.

Data about maintenance schedules and engineering surveys could be useful, even if they can't hack into controlling the dams themselves. Knowing enough details that allow for accurate risk assessment could be a PR problem for those operating dams or officials in charge of public safety.

Perhaps the Chinese want in on the insurance industry? Offer coverage where nobody else normally does. The kind of data they acquired could possibly give them leverage compared to typical flood insurance rate maps.

Might also be a way to get in on some kind of real estate deals. Make the knowlege public, and it may be possible to acquire land for cheap downstream.

Or perhaps it could be used by Chinese civil engineering firms to put pressure on for repair service contracts? Knowing the most vulnerable locations would allow them to know what's worth going all-in on whenever bidding for these kind of jobs starts. And if that doesn't seem likely to work, buy out the material supply chain for things like cement in areas nearest dams that need the most repair.

Remember in terms of culture and values, historically the Chinese tend to be more crafty than evil. Don't cause problems, instead take great advantage of problems that somebody else created for themselves.

Re:Not the hack compromises the safety (0)

Anonymous Coward | about a year ago | (#43616577)

It's hard to quantify vulnerability in this sense. Maybe they say, "In 100 years shit will get bad if we don't replace these bucklings." Or maybe they say "If someone started a fire there the dam would collapse suddenly without warning and everyone in the area would die." Who knows? The real elephant in the room is that the goddamn US Army got hacked by the Chinese. We should be demanding that they export said hackers so they can stand trial here. Of course they'd refuse, then it'd be open season on their systems, much like how our intellectual property here is open season for them.

NUKE ;EM NOW !! (0)

Anonymous Coward | about a year ago | (#43616029)

Today our dams !! Tomorrow our women !!

Pearl harbour.. (1)

GigaBurglar (2465952) | about a year ago | (#43616031)

Not a troll - I just don't hide it any more. It's a movie and you are the audience. Quick roll out the cyber tanks I'm literally shitting myself . Critical mass. Bleh.. I don't belong in this shit-hole.

War? (0)

Anonymous Coward | about a year ago | (#43616037)

Is that enough to require military action?

Article translation (4, Informative)

hugg (22953) | about a year ago | (#43616053)

According to http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/:

"Chinese hackers" = “the Chinese government or military cyber warriors” according to unnamed officials

"sensitive U.S. army database" is a database where users are emailed their username and password in cleartext

"Non-government users can query the database but cannot download data from it" (???)

How (1)

Anonymous Coward | about a year ago | (#43616055)

Does this even happen?

Don't they have consultants, etc. that collect huge sums of money to provide security against these kinds of attacks?

Also as other people have mentioned, why on earth are you able to attack the national power grid, arguably the most important bit of infrastructure in America. The US Gov should have plenty of infrastructure available to them to segregate any kind of network required for communication between plants.

So why don't we... (1)

Kaenneth (82978) | about a year ago | (#43616067)

just fix the vulnerabilities?

Re:So why don't we... (1)

slashmydots (2189826) | about a year ago | (#43616291)

Moneeeeeeey. A $50 billion fighter jet to bomb 3rd world countries is far more beneficial than a 99.9999% secure electrical grid.

Fucking hell (2)

readingaccount (2909349) | about a year ago | (#43616073)

Does everything these days have the security of a sheet of toilet paper? Either the Chinese are excellent hackers or we suck at security.

Re:Fucking hell (3, Funny)

Anonymous Coward | about a year ago | (#43616111)

Either the Chinese are excellent hackers or we suck at security.

The software was probably written by a Chinese outsourcing firm in the first place.

Duh.... (0)

Anonymous Coward | about a year ago | (#43616105)

Oh...let's hook up our infrastructure to the internet! It'll be secure! No hacker will ever get in....friggin govies think they are so secure. How many more things like this will it take to make them realize that having dedicated physical links is a bit more secure...although not failsafe.

Is there a law for that (1)

future assassin (639396) | about a year ago | (#43616151)

quick draft it up so the regular citizens can be blamed and punished.

expletive (2)

Tablizer (95088) | about a year ago | (#43616185)

Oh Dam!

Bonafied Chinese Hack? (0)

Anonymous Coward | about a year ago | (#43616271)

US Declare WAR against China would have been the bawlsy correct response.

Public Information (4, Insightful)

edibobb (113989) | about a year ago | (#43616285)

The U.S. Army Corps of Engineers doesn't keep classified information on civilian projects online, do they? Electrical distribution control systems are not accessible over the internet, are they? It looks to me like someone, whether Chinese, Lebanese, or Portuguese, got some not-so-sensitive information from the Corps of Engineers site, and the U.S. government is using it in its publicity campaign to pass laws giving the government (gasp!) more control over the internet.

Re:Public Information (2)

AK Marc (707885) | about a year ago | (#43616483)

That, and I think that you could make a good bit hosting a hack-jump box. Log in and hack from China. Guaranteed zero response. No investigation, no evidence. It came from a Chinese IP, so we'll assume it is the government and not investigate any further.

Hacking the US government from China is a heck of a lot safer than doing it from the UK.

Re:Public Information (2)

rahvin112 (446269) | about a year ago | (#43616503)

The corp doesn't do electricity. They do water. Dams, canals, dikes, etc. The information is likely sufficiency reports that include known weaknesses of the system, such as small foundation cracks in a dam that are a potential future issue that is being monitored but has not presented sufficient information to warrant repair.

Information such as that can be used to plan and execute attacks on system weaknesses. Another example would be ultimate capacity of a dam, which is the point at which an inflow would compromise the design of the spillway and result in dam failure. If you know the precise amount of inflow required to cause failure you can more precisely target with much higher success.

Many people don't realize how destructive these systems can be if unleashed. Destroying the Hoover dam would probably kill more than a million people in the subsequent flooding as much of the LA valley was washed into the ocean.

The other aspect is that much of this information will remain useful for decades to come. Inflow failure rates used in my previous example will likely remain constant as long as the dam stands. Many of these weaknesses will never be repaired because their risks will never out weigh the costs. So in theory even 50 years from now some of that information would still be valuable in an attack scenario.

In some other universe... (1)

fox171171 (1425329) | about a year ago | (#43616287)

Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers'...

...retaliated swiftly by fixing the vulnerabilities.

In our universe... (2)

fox171171 (1425329) | about a year ago | (#43616307)

Chinese hackers have infiltrated a sensitive U.S. Army database that contains information about the vulnerabilities of thousands of dams located throughout the United States. The U.S. Army Corps of Engineers'...

...got an immediate increase in budget, nothing was done to fix the vulnerabilites, and SOPA, CISPA, TPP, and a bunch of other crap got turned into law.

We need some damn dam security! (0)

Anonymous Coward | about a year ago | (#43616347)

We need some damn dam security!

Unplug the infrastructure from the Internet (0)

Anonymous Coward | about a year ago | (#43616377)

Problem solved. You morons. No critical infrastructure should ever be connected to the Internet. You can live without your social media on our power grid controllers. Who are the idiots that run these systems?

God damn (0)

Anonymous Coward | about a year ago | (#43616385)

God damn, seem like a good time to change a bunch of passwords.

and somenation can take out the 3 gorges dam (1)

Joe_Dragon (2206452) | about a year ago | (#43616395)

and some nation can take out the 3 gorges dam and make for big time flooding.

Dam. (1)

Redmancometh (2676319) | about a year ago | (#43616397)

Why was this connected to the dam internet? (couldn't help it, and I hadn't seen anyone making that joke) But seriously dafuq?

damn stinky capitalists (0)

Anonymous Coward | about a year ago | (#43616411)

damn stinky capitalists need a bath , lets give them all one at same time ....said commie pinko crazy haxor
and this is not hackers ITS GOVT AGENTS
make the distinction cause this shit bugs me you media fucktards use wrong words.

PHP (0)

Anonymous Coward | about a year ago | (#43616485)

vulnerability at www.dams.gov. It's easy. You just type username as the user and 'password' as password and then click on dam(self-destruct);
Then take an early lunch.

The dams themselves are running Windows ME, because dams need remote PHP, and Windows ME or they don't generate energy.

Been going on for at least a decade (0)

TigerPlish (174064) | about a year ago | (#43616539)

I was told in late '98 by a knowledgeable fellow that China had been trying to stick crowbars into USAF stuff for at least a decade -- meaning it was going on during Ray-gun, and likely Carter.

Now, I know lots of you also heard that, and variations on the same song. So why is it that mainstream media don't call it? It's been going on for a long, long time. Mainstream thinks China is an emerging threat. Bullshit. They were an emerging threat 30 years ago. Now they're a real threat.

The next World War will be computer-driven drones of all sorts, in air, space, water and land. I've been thinking that for 10+ years, but my confidence that it will happen is increasing exponentially. It's going to happen, folks.

Think of the ramifications of hardware backdoors in hardware made in usa, china -- anywhere, really.

I think it's time I put my zombie kit together.

Re:Been going on for at least a decade (1)

TigerPlish (174064) | about a year ago | (#43616571)

Oh, and another thing -- The next World War will really be fought inside the computer and the various networks. Yeah, drone bombs and bullets and real deaths -- but the real damage, I suspect, will be done by manipulating utilities and financial systems.

Wow, Sum of all Fears is starting to sound plausible. Didn't that one start with an attack on the stock exchanges? Bogus transactions, etc?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>