Slashdot Mirror
US Military 'Hacked' by Emails
An anonymous reader writes "Two of the US Military's most important science labs were apparently 'hacked'. Phishing mail was sent to a pair of research labs, where trojan programs allowed interlopers access to the otherwise secure networks. One of the sites was the infamous Los Alamos, which has been discussed many times here at Slashdot for its string of security breaches. 'Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests. "This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian, executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks.'"
No one can hack into a classified (Secret or above) network from the outside by sending them emails or anything else - *because classified networks are not connected to the outside world*.
Brett
Note that the
More recently, we're moving to some different networking configurations to help cut down on some of these breaches. It may help; it may not. Foreign nationals are losing administrator priveleges on their own (unclassified, mind you) computers, which is causing LOTS of headaches and won't solve a damned thing. Many of them have sent messages saying, "Yeah, remove my access, and see how much work gets done." If we had a moderation system here, those would be +5 Damned Right.
You are correct that they're run by the DoE -- and it's not merely a technicality.
I've worked at Oak Ridge -- it's not a weapons lab. A huge fraction of the work that goes on there is related to energy sustainability and production. This includes materials research and reactor simulation for next-generation nuclear reactors, but it also includes solar energy, wind power, coal, oil, hydrogen, etc. It does do homeland security-related stuff, specifically with detectors (to monitor ports for incoming reactor materials, etc.) but it's definitely not a military lab. I've worked at a weapons lab before -- it's a completely different environment. There was no military-style regimentation at ORNL.
I had but a simple dream, to destroy all humans.
I live fairly near the Oak Ridge (TN) area. The National Labs there have done the same sort of work as Los Alamos since both sites were founded in the 40's. Contracts keep tending to go preferentially to Los Alamos - it currently gets roughly 4 times the government dollars overall, 5 times the spending on specifically Nuclear Deterrent related research, and is getting over 10 times the historical preservation funding to preserve its historic buildings. (That's just from the public record, without taking black budget spending into account. I don't know if that distorts the figures or not, obviously).
The Oak Ridge labs safety and security records are both far superior to Los Alamos. (While neither location has a perfect record, even non-serious rated incidents at ORNL have averaged many years apart. There has never been a security incident involving the ORNL facilities that didn't end up with the FBI at least knowing exactly what information was compromised, who did it, and who got it in the end, while there are three incidents on record for LA that no investigator can tell the congressional oversight committee just what may have been stolen, if they are confident they found everyone who did it or not, or if a particular hostile foreign government may possibly have ended up getting the info.).
There's also the Argonne labs in the Chicago area. Arguably, if there's some reason not to transfer more of LAs work to OR, they are also a better prospect if the US really cares about security. Los Alamos has had several opportunities to clean up their act - the problems are apparently systemic, and nothing short of major funding losses seems at all likely to motivate them at this point.
Who is John Cabal?
This makes some sort of sense given the fact that they were operated by a university for so long while Sandia and Livermore have been over-seen by corporate entities.
Huh? LLNL has been managed by UC until this October (LANL went corporate before LLNL).
I will grant that cybersecurity problems at national labs should be taken seriously. But there are at least 10,000 people doing at least part of their research at national labs, much of it inherently internet-based and hardly any of it has military applications. It is unreasonable to expect that no computers at a national lab will ever get hacked. Any computer that is connected to a network has a non-zero probability of getting hacked. I am doing my doctoral research at a national lab (Brookhaven) and have been in far too many meetings where we had to figure out how to work with security measures implemented in response to stories like this, which tend to paper over important details. The story says nothing about what information was actually acquired through the attack, for instance. And it neglected to mention that the "drug dealer" didn't actually have the USB stick with classified information, but rather lived with a person who worked at LANL and had illegally brought it home. He didn't even know he had anything classidied. (As usual, *people* are the weakest point in security, not computers.) As someone already commented, this is a Department of Energy Lab, not a "military" lab. Much, if not most, of the research at LANL is not classified. Just because someone at LANL got hacked does not mean classified information got hacked, nor does it mean that the computers that got hacked were remotely related to anything with the word "nuclear" in the subject. Among the measures which were proposed to remedy Brookhaven's "problems" with cybersecurity were banning all non-US citizens from logging in to any computer outside of BNL. There is a collider at BNL which has, overall, cost about $1B to build and run. This rule would have essentially stop this collider from running, costing the government about $1B, along with ending a promising scientific program. There were other rules proposed that we had to password-protect every computer - which is very dangerous if that computer controls an apparatus that operates at high voltage so someone who forgets or doesn't know the password can't turn it off. The slew of cyber-security updates imposed on BNL by DOE in response the the hysteria over cyber security caused me personally to lose two weeks of productivity because it was so hard to get into the computer clusters I needed to use for my research. There were about 1000 scientists affected by the same thing - we easily lost 20 person-years of labor, if not more. Even if you assume that everyone earned a grad student salary, that's $500,000. Overall, I have been in meetings which consumed about 40 hours of roughly 20 PhD scientists' time trying to figure out how to work around these rules. None of this includes the lost time because all of our computer experts were working on security instead of supporting the research goal of the lab. And what is at risk at Brookhaven? Data on relativistic heavy ion collisions. I personally think that if someone were really interested enough in our data to try to steal it, it would be a major development for the field. Oh man, and if they analyzed it - find those lambda baryons! - it would really decrease the work load in our collaboration. Please, take our data and analyze it for us! There's essentially no risk of permanent data loss because of multiple backups on various types of media in different geographical locations - you'd have to take out everything at once. The biggest real risk is that we would get hacked and turned into a porn server. Embarrassing, yes. Catastrophic? No. It happens to servers all the time. And indeed the one time I'm aware of BNL getting hacked, at least while I've been there, and all they did was sneak links to porn sites into an obscure webpage, not host porn on any BNL computers. (Which none of the stories mentioned... They all said BNL was hosting porn.) So what am I saying? 1. Simply because of the size and number of national labs, it is unreasonable to expect that national labs will never get hacked. 2. The response needs to be proportional to the risk. If the rules are too strict, this costs money, with no benefit.
That's not a universally implemented security mechanism, even within the DoD.
Eagles may soar, but weasels don't get sucked into jet engines.
The LANL network tht got hacked was unclassified.
Here is an official email to the employees (sorry, but the links don't work outside the lab):
To/MS: All Employees
From/MS: Michael R. Anastasio, DIR, A100
Phone/Fax: 7-5101/5-2679
Symbol: DIR-07-324
Date: November 9, 2007
SUBJECT: RECENT HACKING EVENT A REMINDER TO BE CYBER SECURITY
AWARE
For years the Laboratory has been the target of daily, relentless
attacks by hackers by means of SPAM, random pinging, robotic
campaigns, and various other determined, focused, sophisticated
efforts. The Laboratory receives more than 50,000 attacks each
day, and on some days the number reaches half a million. The vast
majority are unsuccessful, but defending against the attacks is
complicated by the difficulty in distinguishing the serious
attacks from all the rest.
Occasionally, a new computer worm or virus comes through the
Laboratory's unclassified network firewall undetected, resulting
in the compromise of computers. Recently, malicious and
determined hackers have accessed the Lab's unclassified Yellow
Network and removed a significant amount of unclassified
material. The exact nature of the stolen information is under
forensic investigation.
The affected computers have been disconnected from the Internet
and the hacker's software has been disabled. The Laboratory's
Red, or classified, network is "air-gapped" from all
unclassified networks and was not affected.
This recent occurrence is a reminder that awareness is the first
and most important layer of defense against fast-spreading worms
that target known vulnerabilities. The threat of comprehensive,
malevolent attacks is continuous and high.
Here are some things you can do to help protect our network and
your computer from infection:
* Don't open unknown e-mail attachments or click on suspicious
links.
* Ensure that your computer has the most recent operating
system security patches.
* Ensure your antivirus application is installed, functioning,
and updated with the latest software.
* Ensure that your computer scans all files for viruses.
To better recognize a possible computer security incident and how
to promptly report it to your OCSR (Organizational Computer
Security Representative) and line manager, please take a moment
to refresh your understanding of cyber security issues by
reviewing cyber security training
http://int.lanl.gov/security/cyber/training/training.shtml
Cyber Security Team Contact Information - Web:
http://int.lanl.gov/security/cyber/
Phone: 665-1795 - Fax: 665-1799 - Email: cybersecurity @lanl.gov
You may also access a recent Security Smart on cyber security at
http://int.lanl.gov/security/documents/security-smart/comp_resp_0707.pdf
These labs are run by the Department of Energy, not Defense.
They are not defense labs, they are scientific research institutes.
They also provide several large experimental facilities (>$200M) that universities could never afford to run, that give free access to profs who want to use them.
POGO have a political ax to grind, in that they represent the Luddites who are scared of anything that might be related to "nuclear".
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.