The True Story: Two U.S. Nuclear Labs "Hacked"
December 8, 2007 5:49 PM
comment(s) - last by
Two labs of America's top scientists have fallen for the oldest trick in the hackers' book
featured a blog yesterday on how the media frequently reports on so called "hacks" with little understanding of what happened, participating in a
irresponsible brand of journalism that borders on alarmism
. The problem is exacerbated in that people really do fall victim to Internet scams, even rather smart ones, which reporters dubiously dub "hacks."
One such report
that two nuclear labs had been "hacked." The true story is a bit more entertaining and the reveals that there is no threat to the country's nuclear safety. Real threats such as concerted "hacks"
conducted by the Chinese against the U.S. government
are certainly a concern, but the only thing dangerous about the compromise at these labs is the stupidity of a few scientists and workers at the plants.
The Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Lab in New Mexico have made a habit of
collecting the social security numbers, names, and birth dates
of scientists who visit the plants. The information is put into a database, which reads like a who's who of America's top scientists.
Unfortunately, nobody thought such a practice might be a bit insecure. Starting October 29, workers at the labs began receiving phishing emails, which followed a traditional attack pattern of containing malicious Trojan-containing attachments.
There is no evidence that the attacks were specifically geared at the lab. If the attacks were just a general Internet attack, those responsible might have been excited at the big fish they caught. The two labs both have reported that the phishing emails gained access to their system, which indicates at least two employees -- one at each plant -- were foolish enough to click the attachment and commence the damage. The result was that the database with the scientists' information was compromised.
The phishers gained access to the records of all visitors at the plant between 1999 and 2004.
Don't blame the news networks solely for sensationalizing the attack and making it sound like a sophisticated assault. Leaders at the labs have gone on record trying to fudge the facts in statements, making the attacks sound more complex than they really are and icing over that the attacks only succeeded due to employee failures.
For example, ORNL director Thom Mason stated that the attacks were, "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," and continued, "Because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack."
Los Alamos has been more silent about what appears to prove the old adage that the greatest hole in security on the average computer network is the network's users.
In 2006 Los Alamos fell victim to social engineering and phishing when its emails were stolen and ended up on the USB stick of a drug dealer found in a police raid. The emails contained data of simulated nuclear weapons tests considered sensitive.
At the time executive director of the Project On Government Oversight (POGO), Danielle Brian blasted Los Alamos for their lax security stating, "This appears to be a new low, even drug dealers can get classified information out of Los Alamos."
Expect more pressure for ORNL and LANL as the smoke of sensationalism begins to blow away, revealing atrocious security due to user stupidity. Looks like some of America's top minds have just fallen for the one of the oldest tricks in the hackers' book.
This article is over a month old, voting and posting comments is disabled
private Internet Protocol network
12/9/2007 7:14:29 AM
A closed IP network or private internet networks is not a new-
many agencies of classified nature/Govts/etc use them around the world.
No ACCESS(either way) is allowed to the outside world namely-public internet etc.
Employees have NO access to USB connections,that prevents them to use external hard drives/disk on keys etc .
Plus a series of other security measures too long to quote here.
Good news is on the way -
The General Services Administration last week requested information from network vendors interested in building a protected government network, dubbed Govnet.
"Govnet will be a private Internet Protocol network shared by government agencies and other authorized users only," the request for information said. "Govnet will provide connectivity among users to a defined set of service delivery points."
The network would be totally separate from the public Internet or other public or private networks. It would include voice, conferencing and multicast services. The GSA is asking for a network that "will be immune from malicious service and/or functional disruptions to which the shared public networks are vulnerable" and be impervious to malicious code from any external network.
The government is clearly on a fast track. Proposals are due to the GSA by Nov. 24.
RE: private Internet Protocol network
12/10/2007 12:20:32 PM
Things already exist to solve their problem you are correct, but for some reason they simply are not interested in those solutions up to this point. Perhaps now it will change.
The company I worked for does point to point dedicated or MPLS over standard lines that are for other "high risk" customers but we never had any serious return from the federal government. However, companies like Microsoft loved it and continually ask for more bandwidth than we can provide for their area, local and state governments beg us to run fiber to their area, and we have many bank customers. You would figure if its good enough for those guys the government would reconsider.
Unfortunately it seems nothing less than a fully dedicated fiber optic network will be the only answer they will accept. Meanwhile they will probably keep everything status quo until its completed 100% and we will continue to have incidents like this as it will drag on forever with all sorts of budget overruns. And it will probably cost a small fortune in the end, no doubt.
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Hack The Planet
December 7, 2007, 1:52 PM
Unisys Blamed for China-Connected Homeland Security Hacks
September 26, 2007, 10:08 AM
FTC Targets Google Again for Advertising Practices
May 24, 2013, 1:17 PM
Google Engineer Finds Microsoft Security Flaw, Says Company is Hostile About It
May 23, 2013, 10:51 AM
Survey: 94 Percent of Teens Use Facebook
May 22, 2013, 2:53 PM
Congress Looks to Force Extra Protection on Utilities to Combat Cyberattacks
May 22, 2013, 2:24 PM
U.S. Military Cuts Guantanamo Bay Wi-Fi After Alleged Threat by Anonymous
May 21, 2013, 11:00 AM
Yahoo Acquires Tumblr for $1.1 Billion
May 20, 2013, 11:12 AM
Most Popular Articles
High School Student Creates Storage Device that Can Charge in 20 Seconds
May 20, 2013, 6:51 AM
Apples Tries to Use Decade-Old Patents to Ban Samsung Galaxy S IV
May 22, 2013, 3:00 PM
NASA Awards $125,000 Grant for 3D Printed Food on Long-Term Space Travels
May 21, 2013, 1:32 PM
Microsoft Announces Voice-Controlled "Xbox One"
May 21, 2013, 12:55 AM
Cure For Baldness Could Be on Store Shelves within Two Years
May 22, 2013, 8:29 AM
Latest Blog Posts
Lumosity: Does it Work?
May 22, 2013, 8:20 PM
Quick Note: Sony "Teases" PS4 Ahead of Xbox Reveal in New Video
May 20, 2013, 12:33 PM
Nokia Introduces Instagram-Like App of Its Own to Help Lumia Sales
May 20, 2013, 7:10 AM
Parents of Pre-Teen Drivers Commonly Practice Distracted Driving Says Study
May 9, 2013, 7:16 AM
Apple's iOS 7 Running Into Internal Delays Due to Massive Overhaul
May 1, 2013, 4:26 PM
More Blog Posts
Copyright 2013 DailyTech LLC. -
Terms, Conditions & Privacy Information