SCADA Hacker: Water District Used 3-Character Password

Trailrunner7 writes "In an e-mail interview with Threatpost, a hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI (human machine interface) software used to manage water and sewage infrastructure accessible to the Internet and used a password that was just three characters long. The hacker, using the handle 'pr0f' took credit for a remote compromise of supervisory control and data acquisition (SCADA) systems. Communicating from an e-mail address tied to a Romanian domain, the hacker told Threatpost that he discovered the vulnerable system using a scanner that looks for the online fingerprints of SCADA systems. 'This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,' he wrote in an e-mail."

Read more of this story at Slashdot.