Slashdot Mirror

← Back to Stories (view on slashdot.org)

SCADA Hacker: Water District Used 3-Character Password

Posted by samzenpus on from the abc-easy-as-123 dept.

Trailrunner7 writes "In an e-mail interview with Threatpost, a hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI (human machine interface) software used to manage water and sewage infrastructure accessible to the Internet and used a password that was just three characters long. The hacker, using the handle 'pr0f' took credit for a remote compromise of supervisory control and data acquisition (SCADA) systems. Communicating from an e-mail address tied to a Romanian domain, the hacker told Threatpost that he discovered the vulnerable system using a scanner that looks for the online fingerprints of SCADA systems. 'This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,' he wrote in an e-mail."

12 of 213 comments (clear)

  1. duh by stoolpigeon · · Score: 4, Funny

    the upside is if you can't afford your own truck landing robot helicopter, it shouldn't be too hard to steal one. access to truck landing robot helicopters should be an inalienable right.

    i bet the password was h2o

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    1. Re:duh by stoolpigeon · · Score: 5, Funny

      Of course, you are correct.

      --
      It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    2. Re:duh by masternerdguy · · Score: 5, Funny

      3 letter password? I guess not everything's bigger in Texas.

      --
      To offset political mods, replace Flamebait with Insightful.
  2. Predicting Government Response by itchythebear · · Score: 5, Funny

    A child who knows how the HMI that comes with Simatic works could have accomplished this...

    The obvious course of action to prevent future attacks against SCADA systems is to ban all children. Problem sovled.

    --
    If what I just said sounded like a troll, it was probably just a failed attempt at humor.
    1. Re:Predicting Government Response by Anonymous Coward · · Score: 3, Funny

      A child who knows how the HMI that comes with Simatic works could have accomplished this...

      Well, yeah, I mean, who doesn't have fond memories of studying the Simatic HMI on SCADA systems back in preschool?

    2. Re:Predicting Government Response by TheCarp · · Score: 4, Funny

      no, our teacher was a doody head. He was too lazy to teach the modules on SCADA and just had us spend extra time "playing with blocks".

      --
      "I opened my eyes, and everything went dark again"
  3. Comment removed by account_deleted · · Score: 1, Funny

    Comment removed based on user account deletion

  4. Effective passwords? by Anonymous Coward · · Score: 5, Funny

    Damn it Jim, im a water guy not a computer expert!

  5. Re:abc by Chris+Mattern · · Score: 5, Funny

    That's the same combination I have on my luggage!

  6. Re:and why... by L4t3r4lu5 · · Score: 2, Funny

    Unicycle = One wheel bike
    Unique = One of
    United = Made into one

    Stop me if you see a pattern.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  7. Re:easy as 123 by GameboyRMH · · Score: 4, Funny

    ABC, 123, PLC baby, you and me girl!

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  8. Child knows by jones_supa · · Score: 5, Funny

    A child who knows how the HMI that comes with Simatic works could have accomplished this,' he wrote in an e-mail.

    And a child knows too that you shouldn't break into other people's property...