The use of communication networks to interconnect controllers and physical plants in industrial and critical infrastructure facilities exposes such control systems to threats typical of the cyber domain. In this sense, studies have been done to explore vulnerabilities and propose security solutions for Networked Control System (NCS). From the point of view of the control theory, the literature indicates that stealthy and accurate cyber-physical attacks must be planned based on an accurate knowledge about the model of the NCS. However, most literature about these attacks does not indicate how such knowledge is obtained by the attacker. So, to fill this hiatus, it is proposed and evaluated in this paper an Active System Identification attack, where the attacker injects data on the NCS to learn about its model. The attack is implemented based on two bio-inspired metaheuristics, namely: Backtracking Search Optimization Algorithm (BSA); and Particle Swarm Optimization (PSO). The results indicate a better performance of the BSA-based attack, especially when the captured signals contain white Gaussian noise. The goal of this paper is to demonstrate the degree of accuracy that this attack may achieve, highlighting the potential impacts and encouraging the research of possible countermeasures. CCS Concepts •Security and privacy → Formal security models; Cryptanalysis and other attacks; •Computing methodologies → Search methodologies; Computational control theory;