*Entry Title: *WHID 2011-74: Wind Power Company Hacked *WHID ID: *2011-74 *Date Occurred: *April 18, 2011 *Attack Method: *Brute Force *Application Weakness: *Insufficient Authentication *Outcome: *Leakage of Information *Attacked Entity Field: *SCADA *Attacked Entity Geography: *New Mexico, USA *Incident Description: *In an email interview with the IDG News Service, Bigr R, said he was a former employee of NextEra's parent company, Florida Power & Light. He said he used a bug in the Cisco Security Device Manager software used by NextEra to break into the site. "They gave to it public IP, so it was easy to hack into it through the Web," he said. "They used default passwords, which I got from one of administrators. Then I obtained level 15 priv. (superuser), and understood the topology of SCADA networks. Then it was easily to detect SCADA and turn it off." *Mass Attack: *No *Reference:* http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack *Attack Source Geography:*