Crackers have manipulated SCADA(supervisory control and data acquisition) infrastructure which is used to monitor and control power plants, and can now remotely gain administrative privileges to solar power plants. The U.S Department of Homeland Security released an advisory stating this exploit specifically affects the company eSolar’s monitoring system. According to the statement there are numerous critical firmware vulnerabilities that are “easily” exploitable. The exploits included several SQL injections that compromised usernames and passwords that were stored in PLAIN TEXT. Although the exploits only affect this specific SCADA program, there could be vulnerabilities in several other SCADA programs as well. Similar to how wireless routers have a few universal usernames and passwords by default, SCADA systems do too. With inexperienced users installing the SCADA infrastructure, they’re bound to leave default passwords alone. Another huge security flaw with SCADA systems is that generally there is no encryption or authentication built in by default, or used along side the systems. What this means to an attacker, if they find the IP address that is connected to the SCADA web server they can do whatever they’d like to the system. It’s extremely feasible for an attacker to shut off electricity to an entire city. The most notable SCADA attack would be the Stuxnet malware on Iran’s centrifuges. If an water treatment plant was shutdown or a electric grid powering critical medical equipment was tampered with there would be an nation wide outcry of “why wasn’t this though of beforehand?”. Security is no longer an option is a necessity.