Attacker says SCADA system was protected by three-character password

As an update to my previous post “Cyber attack on US Water Treatment Plant“, a second SCADA-based system at a US water plant was hit in recent days, with revelations made by the attacker that it was controlled by a three-character password.

The attacker, using the alias ‘Pr0f’, hit the plant in Harris County in Houston, Texas and said that the district had ‘human machine interface’ software to manage water and sewage infrastructure accessible to the internet, and the password used to protect the system was just three characters long.

Even the attacker was “somewhat shocked” by the low level of security but added that he had previously seen databases protected by the password ‘@dmin’ and companies using their names as passwords for workstations.

In this enlightened age, I would hope that weak security passwords were a thing of the past but examples, such as the two attacks on waste water treatment plants demonstrate that there are still lessons to be learnt.

For further information on this article, please see

Share this article on Social Media:

Leave a Reply