US Military 'Hacked' by Emails

An anonymous reader writes "Two of the US Military's most important science labs were apparently 'hacked'. Phishing mail was sent to a pair of research labs, where trojan programs allowed interlopers access to the otherwise secure networks. One of the sites was the infamous Los Alamos, which has been discussed many times here at Slashdot for its string of security breaches. 'Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests. "This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian, executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks.'"

A company I worked for was specifically targetted

[Omnifarious]

People in a company I was working for awhile ago received a phishing email that was targeted to us and our environment. I, and a few other people noticed something weird. I did research and realized it was phishing fairly quickly and got the network people to immediately block that site and send out mail to everybody asking anybody who visited that site before it was blocked to have their computer fully checked for malware.

I think we narrowly avoided disaster that day, and I suspect none of the security people (I was not among them) quite realized exactly what happened. I was immensely surprised by how targeted it was.

I can easily understand why a user might've been taken in, and I don't blame them at all. I found the whole thing very unsettling.

Agreed.

[pavon]

I've worked with a couple of the National Laboratories, and where Los Alamos really shines is basic research, while the others are better at engineering and have (somewhat) better security track records. This makes some sort of sense given the fact that they were operated by a university for so long while Sandia and Livermore have been over-seen by corporate entities. While it may make sense to move some of the more sensitive stock-pile stewardship programs away from there if they can't improve their security, it would be an absolute shame to shut the lab down altogether.

Re:Speaking for the competition...

[wolvesofthenight]

Knowing a large number of people that work at Los Alamos National Lab (LANL) I can tell you that cutting the funding won't solve the problem. That would be a lot like trying to make a football team win games by cutting the legs off of a few team members. It just won't solve the problem. Yes, some projects should not be funded, just as other projects need more funding. And don't forget that many of the wasteful projects are ones that congress told them to work on. Some of the problems: 1) They are a big name. Whenever something bad happens it is all over the news. When something good happens it might or might make the news, and it will never be as big of a news item as a minor bad thing. Fork lift accident at Oak Ridge? Nobody hears about it. At LANL it makes national news. This is a huge factor in everyone saying that LANL is so poorly run. They hear about every bad thing there, but very little about the problems elsewhere. On top of that the news tends to give only part of the story. We hear on the news that someone at LANL buys a sports car on a LANL credit card. What they don't bother mentioning is that the order was a paperwork mix-up when they were ordering something else that cost just as much but was legit business. They also don't tell us that as soon as they found out there was a mix-up they actually corrected the order, returned the car, and got the money back. We hear "your tax dollars wasted by LANL" when the real story was "LANL makes paperwork error and then fixes it." 2) Because of 1 they get micro-managed by the DOE and congress. Congress has no clue how to run a large, secure, scientific lab and the DOE is not much better. 3) Congress & the DOE will tell them to do something and not provide the funding for the proper things. Recently they switched the management contract to a different agency and decided to pay them a lot more to manage the lab. The idea was that paying more would bring in better management. Well, the cost of the contract went from about 10 million to 90 million. Then congress said that the labs budget would stay the same. The net result? A 80 million budget cut. Are there problems at LANL? Yes. Will yelling about how bad things are fix it? No. Congress and the DOE need to get good management there and then give them the power and money to get the job done instead of giving them more rules to follow whenever something makes the news. Don't tell them that a forklift accident can't be allowed. Instead tell them that they have to have 30% fewer construction accidents than industry. Don't tell them that they can never loose a hard drive; tell them that they can never let weapons designs leak. Don't tell them how to run their security. Give them the money for good security and the ability to do it.