Slashdot Mirror
US Military 'Hacked' by Emails
An anonymous reader writes "Two of the US Military's most important science labs were apparently 'hacked'. Phishing mail was sent to a pair of research labs, where trojan programs allowed interlopers access to the otherwise secure networks. One of the sites was the infamous Los Alamos, which has been discussed many times here at Slashdot for its string of security breaches. 'Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests. "This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian, executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks.'"
Is it really worth pouring more money into this idiotville if every bit of scientific progress they make is practically public knowledge soon after? Just shut the stupid place down!
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
People in a company I was working for awhile ago received a phishing email that was targeted to us and our environment. I, and a few other people noticed something weird. I did research and realized it was phishing fairly quickly and got the network people to immediately block that site and send out mail to everybody asking anybody who visited that site before it was blocked to have their computer fully checked for malware.
I think we narrowly avoided disaster that day, and I suspect none of the security people (I was not among them) quite realized exactly what happened. I was immensely surprised by how targeted it was.
I can easily understand why a user might've been taken in, and I don't blame them at all. I found the whole thing very unsettling.
Need a Python, C++, Unix, Linux develop
Also.. I said we need better IT pro's because they need to push security more.. that wasn't clear at all. Sorry.
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
I've worked with a couple of the National Laboratories, and where Los Alamos really shines is basic research, while the others are better at engineering and have (somewhat) better security track records. This makes some sort of sense given the fact that they were operated by a university for so long while Sandia and Livermore have been over-seen by corporate entities. While it may make sense to move some of the more sensitive stock-pile stewardship programs away from there if they can't improve their security, it would be an absolute shame to shut the lab down altogether.
I onestly belive that such incidents are in a way unavoidable and making the security buget bigger is not going to solve this. More rulles, regulations and paranoia are going to lead to even worse security at the end of the day. One of the examples for this was company that decided that user passwords need to be at least 12 caracters long contain small caps, big caps, numbers and punctuation signs, non dictionary words, no sequences .... The result was that everybody had their passwords writen down and most of them kept on the desk. The whole aproach on security needs to be revisited.
http://ebgp.net/ccc/
Knowing a large number of people that work at Los Alamos National Lab (LANL) I can tell you that cutting the funding won't solve the problem. That would be a lot like trying to make a football team win games by cutting the legs off of a few team members. It just won't solve the problem. Yes, some projects should not be funded, just as other projects need more funding. And don't forget that many of the wasteful projects are ones that congress told them to work on. Some of the problems: 1) They are a big name. Whenever something bad happens it is all over the news. When something good happens it might or might make the news, and it will never be as big of a news item as a minor bad thing. Fork lift accident at Oak Ridge? Nobody hears about it. At LANL it makes national news. This is a huge factor in everyone saying that LANL is so poorly run. They hear about every bad thing there, but very little about the problems elsewhere. On top of that the news tends to give only part of the story. We hear on the news that someone at LANL buys a sports car on a LANL credit card. What they don't bother mentioning is that the order was a paperwork mix-up when they were ordering something else that cost just as much but was legit business. They also don't tell us that as soon as they found out there was a mix-up they actually corrected the order, returned the car, and got the money back. We hear "your tax dollars wasted by LANL" when the real story was "LANL makes paperwork error and then fixes it." 2) Because of 1 they get micro-managed by the DOE and congress. Congress has no clue how to run a large, secure, scientific lab and the DOE is not much better. 3) Congress & the DOE will tell them to do something and not provide the funding for the proper things. Recently they switched the management contract to a different agency and decided to pay them a lot more to manage the lab. The idea was that paying more would bring in better management. Well, the cost of the contract went from about 10 million to 90 million. Then congress said that the labs budget would stay the same. The net result? A 80 million budget cut. Are there problems at LANL? Yes. Will yelling about how bad things are fix it? No. Congress and the DOE need to get good management there and then give them the power and money to get the job done instead of giving them more rules to follow whenever something makes the news. Don't tell them that a forklift accident can't be allowed. Instead tell them that they have to have 30% fewer construction accidents than industry. Don't tell them that they can never loose a hard drive; tell them that they can never let weapons designs leak. Don't tell them how to run their security. Give them the money for good security and the ability to do it.
-WolvesOfTheNight
It still amazes me that anyone could believe any of the conspiracy theories, the U.S. Govt couldn't successfully keep anything secret.
UFO Conspiracies?, Kennedy Assassination Conspiracy?, Secret Commissions Directing Foreign Policy?, Bah phoey!
Lets face it, nothing as big as the Atomic bomb, or as small as Monica Lewinsiki's cigar stays secret for long.
We might as well do nuclear research live on CSPAN, at least then only 5 or 6 people will see it.
(If at first you don't succeed, do it different next time!)
No one can hack into a classified (Secret or above) network from the outside by sending them emails or anything else - *because classified networks are not connected to the outside world*.
I think you mean:
*because classified networks are supposed not connected to the outside world*
As other people have already said, policy and reality are 2 different things. I've done some contract work for my state police headquarters and was shocked to find an unsecured, dhcp enabled wireless gateway accessible from outside the building connected to the polices Intranet. The section responsible: The Computer Crime Section.
This from the same organisation that instructed the then IT security manager to destroy her report on serious problems in their network and infrastructure because it would cost money to fix and "if we destroy the report a) No one will know about the areas of weakness to exploit them and b) If we are compromised we can claim we did not know that anything was wrong."
Your only as secure as them dumbest employee or boss.
Sorry to post anon but Id rather continue getting government work.
You'd think that, but there are plenty of viruses that end up on the classified network. True, they can't "phone home", but they can be destructive (if programmed as such) or suck up network bandwidth just the same.