Slashdot Mirror
Nuclear Agency Worker Information Hacked
Juha-Matti Laurio writes to mention a Reuters report about a fairly worrying case of identity theft. A determined hacker gained access to the U.S. National Nuclear Safety Administration's records and made off with the information for over 1,500 employees and contractors. From the article: "The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA. An NNSA spokesman was not available for comment."
Shouldn't be too hard to track down now, though. Phew!
just to get the joke out of the way
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Why aren't laws in place that REQUIRE, on a FEDERAL level people to report to the Attorney General, the company(s) involved with the theft, and the actions taken? California has something close to it, but something nation wide would be nice for the FASTEST growing crime in the US. http://www.usps.com/postalinspectors/idthft_ncpw.h tm. (source)
The excuse they used that "We thought they knew" is total crap, you'd figure when the head of NNSA says to the ED "Oh hey, we had a security breach where information on 1500 people was stolen, just so you know" Bodman would say "Woooh there, what have you done about it?" as opposed to you know, saying "Mm kay, how about them bears?" and brushing it off...
Uhhhh.... maybe because these contractors are handling classified information such as the location of various and sundry nuclear waepons and other realtively sensitive information??????
When a few numbers can be used to perpetrate ID fraud, we have a problem. This problem was made possible by the use of the Social Security Number as a "federal serial number." The abuse of the SSN for anything BUT Social Security accounting purposes needs not only to be "discouraged" as it presently is, it needs to be made ILLEGAL.
If you want credit, go apply to the credit agencies the way they once did and use other companies as a reference the way things used to be in the good ole days. What does getting credit or a bank account have to do with your social security account anyway? Why does supplying my social security number become a requisite for getting a bank account? In some states, your SSN is also your driver's license number.
It's "convenient" for the government and all agencies and companies interested in collecting massive pools of information on single individuals. That's kinda the problem. That's been the argument for decades since the inception of the SSN.
We'll always be vulnerable as individuals because we cannot do anything about anyone else having our information... we don't even know who has it. We're ultimately powerless until we can have the use of the SSN for anything but Social Security accounting made illegal.
When dealing with nuclear security (not nucular like bush says) i expect them to have all kinds of background on contractors. When safety is an issue you need to know this stuff. You are right though that sometimes the government is overzelous but in this case i think its warranted.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Yeah. To get access to that you need an acoustic coupler and just dial a load of numbers in Sunnyvale California. I believe the industry standard for back-door passwords is "Joshua"
The NNSA is a semi-autonomous arm of the Energy Department and also guards some of the U.S. military's nuclear secrets and responds to global nuclear and radiological emergencies. So I wonder... How long will it be before someone actually utilitizes some of the information that's being stolen. We already know the military was hit for 26.5 million records, and supposedly the Chinese are ramping up their cyberoffense and defense. I'm wondering how long will it be before the ultimate "so that's what they wanted that information for" scenario comes about. It's sickening to see a country that can supposedly defend itself and the world, can't even secure their own networks. Last thing that needs to happen is this new NSA snooping database to get owned as well.
... Luckily for us Americans, the NSA is snooping the planet so never fear they will find the culprits... Unless of course they get pwned too.
So here would be the nightmare scenario in my eyes... Hackers get DoD information from those 26.5 million VA database and slowly poison them... While the US is straddled in Iraq militarily, some country starts kidnapping those on the NNSA's list and either killing them or torturing them for information (schematics to facilities, etc.) while all this is going on, someone strikes inside the US on such a big scale, Hiroshima looks like a mild 4th of July show.... Scary isn't it?
Infiltrated dot Net
The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA.
It's different than telling the public.
That which does not kill me only postpones the inevitable.
This story reports things quite out of context, the more I find myself directly involved with things in the news, the more I realize its all bullshit.
Here's the actual scoop, I work as an incident response investigator for the NNSA. There are two issues being confused and placed into one, there was an incident last September, it continues on now as a series of incidents that all mesh together as being from the same source- why haven't there been arrests and such? because it requires the cooperation of the foreign nation in question. Last month a service center in new mexico was broken into as part of the larger incident. This was a result of an attack using zero-day that at the moment is still unpatchable (no patch exists).
This is what is now being reported as a result of congressional hearings that took place. The information itself was not stolen almost a year ago, but rather less than a month ago, but the incident as a whole has been going on much longer than that. Alarms went up all over the place when this occured and everyone with a need to know was informed.
So to summarize, two related incidents, the first starting last September, and one occuring last month. The personal data was taken last month as part of the larger incident but is being reported as the data was stolen in september, which is incorrect.
I say we take off and nuke the entire site from orbit. It's the only way to be sure.
This new page is just comming online. You can check if your info was stolen. You just need to type your full name, SSN, birthdate, and address. It's really useful. US Goverment Identity Theft Agency Homepage
please excuse my apathy
He probably just wanted to find out, once and for all, what state Homer lives in.
Can you blame him?
Lightman, you just don't learn, do you? Stop hacking the WOPR!
Circumcision is child abuse.
http://www.privacyrights.org/ar/ChronDataBreaches. htm
whoa is right
Ask not why some poor little schmuck lost his job for hiring idiots and building a culture of cover-up and deceit in his organization. Ask why some other bigger schmuck did not.
What I don't understand is why we don't hold people accountable more often. It clearly is a tradition that has fallen on hard times in the U.S. In Europe it seems to be more common for government heads to be "held accountable" for the organization they run.
If you mod me down, I shall become more powerful than you could possibly imagine.