WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:20 PM
*Entry Title: *WHID 2011-74: Wind Power Company Hacked
*WHID ID: *2011-74
*Date Occurred: *April 18, 2011
*Attack Method: *Brute Force
*Application Weakness: *Insufficient Authentication
*Outcome: *Leakage of Information
*Attacked Entity Field: *SCADA
*Attacked Entity Geography: *New Mexico, USA
*Incident Description: *In an email interview with the IDG News Service,
Bigr R, said he was a former employee of NextEra's parent company, Florida
Power & Light. He said he used a bug in the Cisco Security Device Manager
software used by NextEra to break into the site. "They gave to it public IP,
so it was easy to hack into it through the Web," he said. "They used default
passwords, which I got from one of administrators. Then I obtained level 15
priv. (superuser), and understood the topology of SCADA networks. Then it
was easily to detect SCADA and turn it off."
*Mass Attack: *No
Reference:
http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack
Attack Source Geography:
*Entry Title: *WHID 2011-74: Wind Power Company Hacked
*WHID ID: *2011-74
*Date Occurred: *April 18, 2011
*Attack Method: *Brute Force
*Application Weakness: *Insufficient Authentication
*Outcome: *Leakage of Information
*Attacked Entity Field: *SCADA
*Attacked Entity Geography: *New Mexico, USA
*Incident Description: *In an email interview with the IDG News Service,
Bigr R, said he was a former employee of NextEra's parent company, Florida
Power & Light. He said he used a bug in the Cisco Security Device Manager
software used by NextEra to break into the site. "They gave to it public IP,
so it was easy to hack into it through the Web," he said. "They used default
passwords, which I got from one of administrators. Then I obtained level 15
priv. (superuser), and understood the topology of SCADA networks. Then it
was easily to detect SCADA and turn it off."
*Mass Attack: *No
*Reference:*
http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack
*Attack Source Geography:*