backtop

Print E-mail del.icio.us 26 comment(s) - last by masher2.. on Jun 13 at 5:52 PM
Data from 1,500 nuclear weapons employees compromised

Around 1,500 workers for the nuclear-weapons unit of the Energy Department in Albuquerque, New Mexico have been left vulnerable after a hacker stole sensitive information.  Names, Social Security numbers, information where the employees worked, security clearance and birth dates were taken during the theft.  The incident took place last September, but the proper authorities were not notified until several days ago, it was reported during a congressional hearing last Friday.  It is unknown what impact the breach had on the 1,500 employees.           

News of this attack, especially after the larger breach of the Veterans Affairs Department, may put more pressure on the government to do a better job of securing its networks and databases against cyber attacks.  Another serious concern is why it took so long before the theft victims and proper government officials were notified.  Linton Brooks, head of the National Nuclear Security Administration, believed the counterintelligence office would tell employees of the security breach -- but that never happened.  One of the members of the House Energy and Commerce Committee has asked Brooks for his resignation.

This sort of data theft has occurred several times already in the past year.  In May, millions of US military veterans had their personal information compromised when discs with the sensitive data were stolen as part of a larger heist. In March, nearly 200,000 HP employees had their personal information exposed when a Fidelity laptop with the employee information was stolen.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Astounding
By Chalmus on 6/13/2006 8:45:39 AM , Rating: 3
It seems that about 99% of all this identity theft could be cured with just a little bit of encryption. Why are all these names, addresses, SS# and everything else being stored on laptops, desktops, and wherever else without being encrypted? Do they just have spreadsheets and/or access databases with all of this info for all to see?

I mean, for pities sake, I used to be the admin of a small private college, and if someone ganked our servers they wouldn't be able to get at that information without some serious work. Seems like having 256bit or better encryption required on all government files wouldn't be too much to ask.




RE: Astounding
By Master Kenobi (blog) on 6/13/2006 8:57:59 AM , Rating: 2
Strange, we use high level encryption on everything and were just a financial business, we don't have anything thats classified........ Government = lazy?


RE: Astounding
By BladeVenom on 6/13/2006 9:13:55 AM , Rating: 2
...and stupid.


RE: Astounding
By masher2 (blog) on 6/13/2006 10:02:05 AM , Rating: 2
> "we use high level encryption on everything and were just a financial business, we don't have anything thats classified..."

This wasn't classified information either. Just an employee list.


RE: Astounding
By suryad on 6/13/2006 10:06:19 AM , Rating: 2
Hmm...maybe it could be some of the employees could have access to certain sensitive nuclear data...their lives could be in trouble if it falls into the wrong hands. I am usually not a paranoid person...but I always am beginning to imagine the worst case scenario these days.


RE: Astounding
By masher2 (blog) on 6/13/2006 10:16:36 AM , Rating: 2
These were all contract workers. You're not going to find anyone in that list who knows launch codes or or device locations.


RE: Astounding
By rushfan2006 on 6/13/2006 3:09:26 PM , Rating: 2
quote:
> "we use high level encryption on everything and were just a financial business, we don't have anything thats classified..."

This wasn't classified information either. Just an employee list.


No. But it is what is called "non-public information", which in the banking/financing world (in the USA anyway)..there are laws that define security standards and the conditions to which non-public information is to be handled.

Now if my company, has to abide by laws handling your non-public information when you apply for a mortgage or else we can get in trouble with government, I can't imagine that the same standards wouldn't apply to a Nuclear power facility.


RE: Astounding
By rushfan2006 on 6/13/2006 3:13:25 PM , Rating: 2
>>oh my bad its even worse it was a Nuclear WEAPONS facility...just makes my point even more pertinent.


RE: Astounding
By masher2 (blog) on 6/13/2006 5:51:43 PM , Rating: 2
Your point is moot. There is nothing in this story to suggest that all relevant laws and standards weren't followed. Perhaps those standards are due for tightening...but there's no reason to suppose they were disregarded.

As for your point being somehow more valid because of the facility type, I fail to see the logic. So someone knows the name of a janitor or cafeteria clerk at a nuclear weapons facility...anyone who actually planned a serious attack could learn as much or more in a few hours of surveillance near the entry gate. All the truly sensitive positions are filled by permanent employees...and that's a list that wasn't compromised.

No, the real issue here is identity theft. And that's true regardless of where these contractors worked.



RE: Astounding
By NeonFlak on 6/13/2006 9:19:36 AM , Rating: 2
Encrypted or not, why the hell is it all in the same place?


RE: Astounding
By Trisped on 6/13/2006 11:33:49 AM , Rating: 2
The type of info stolen is what you normally find in the financial department, so they can give employees pay checks (and report your earnings to the government, etc). What they really need to do is increase system security. There should be no way for a hacker to get into a system from the out side, especially one with people's personal ID info.


RE: Astounding
By bob661 on 6/13/2006 1:48:48 PM , Rating: 2
quote:
Encrypted or not, why the hell is it all in the same place?
And why is it on someone's personal laptop? And why is that laptop allowed to go back and forth from work to home? Idiotas!


mm, data sold to ?
By tuteja1986 on 6/13/2006 3:42:21 AM , Rating: 2
Global Terrorist :?





RE: mm, data sold to ?
By Samus on 6/13/2006 5:55:15 AM , Rating: 2
holy shit, this'll come back to haunt us.


RE: mm, data sold to ?
By Scabies on 6/13/2006 7:45:56 AM , Rating: 2
Then (terrorist name) Schmo comes in with Joe Schmo's login and security information and turns off the core redundancies. Chernobylville, USA


RE: mm, data sold to ?
By xit2nowhere on 6/13/2006 7:50:32 AM , Rating: 2
So the only way to stay unidentified is to do what John Connor did in T3 then ?

Heheh :)


Jack Bauer to the rescue!
By shabby on 6/13/2006 7:12:00 AM , Rating: 2
If anyone knows anything aboot nucular stuff its Jack Bauer!




By NullSubroutine on 6/13/2006 11:38:27 AM , Rating: 2
woohoo!


By GhandiInstinct on 6/13/2006 3:55:35 PM , Rating: 3
And finds no record of any employee activity in this department.




"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki