Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nuclear Regulator Hacked 3 Times In 3 Years

Posted by timothy on from the once-a-year-to-keep-in-practice dept.

mdsolar (1045926) writes with this disconcerting story from CNet about security breaches at the U.S. Nuclear Regulatory Commission, revealed in a new report to have been compromised three times in the last three years: The body that governs America's nuclear power providers said in an internal investigation that two of the hacks are suspected to have come from unnamed foreign countries, the news site Nextgov reported based on a Freedom of Information Act request. The source of the third hack could not be identified because the logs of the incident had been destroyed, the report said. Hackers, often sponsored by foreign governments, have targeted the US more frequently in recent years. A report (PDF) on attacks against government computers noted that there was a 35 percent increase between 2010 and 2013.

Intruders used common hacking techniques to get at the NRC's computers. One attack linked to a foreign country or individual involved phishing emails that coerced NRC employees into submitting their login credentials. The second one linked to a foreign government or individual used spearphishing, or emails targeted at specific NRC employees, to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive. The third attack involved breaking into the personal account of a NRC employee. After sending a malicious PDF attachment to 16 other NRC employees, one person was infected with malware.

14 of 66 comments (clear)

  1. Good Job NRC by Mr+D+from+63 · · Score: 5, Insightful

    So, three times in three years, hackers get by the first line of defense (humans) and access some servers. They are identified and stopped each time. Not too bad considering the number of nutjobs out there that target them. It might actually be considered impressive. The NRC hires a lot of contractors, so the human element will always be a challenge, just like any other organization of that nature.

    The funny thing is, most NRC information is publicly available through their on-line document library. There is a very small amount of redacted intellectual property from various vendors that one might get a hold of, but any of those items are not really much different than the public information or useful to competitors. Doubts are any of these hackers would be able to do anything with it, as competitors generally already know what each other really are doing.

    Safeguards & security information could theoretically be of value to a terrorist, but is not kept on any of these common servers. It is kept in isolated, stand-alone file rooms with isolated individual computers & file cabinets and controlled access.

    I don't see really why this is any kind of news.

    1. Re: Good Job NRC by C0R1D4N · · Score: 2

      Still, their company email should probably be on an intranet.

    2. Re:Good Job NRC by jellomizer · · Score: 3, Interesting

      But it is Nuclear! N U C L E A R ! ! ! This words means scary stuff will happen if ever used by Bad Bad Men!

      Now the people who broke in may get a lot of good information just like if they broke into any other federal commission. However I would really hope the actual dangerous stuff isn't on the same network that allows any sort of internet access.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Good Job NRC by geekoid · · Score: 2

      The same reason people try to hack NASA to find the 'Truth' about aliens?

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    4. Re:Good Job NRC by fisted · · Score: 3, Funny

      It's spelt "Nucular"

      --
      CLI paste? paste.pr0.tips!
    5. Re: Good Job NRC by Luke+has+no+name · · Score: 2

      Are you saying their email should be completely isolated from the public internet? How are they supposed to... use email?

      Unless you think each person should have two email addresses from two domains.

  2. Skydrive? by jratcliffe · · Score: 4, Insightful

    "to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive"

    Why on earth would the NRC (or any company or government entity, for that matter) not block access to all cloud storage providers, except those which are explicitly authorized?

  3. Another day, another mdsolar anti-nuclear troll by Anonymous Coward · · Score: 4, Insightful

    Hapless government employees fall susceptible to phishing, but OMG NUCLEAR REGULATORS!!!111!!!1eleventyone!!1!

    Why do I have a feeling that if this happened to any other Federal department, we'd never hear about it?

  4. Oblig by binarylarry · · Score: 2

    Nuclear Information Security Inspector could be heard in the background saying "Doh!"

    --
    Mod me down, my New Earth Global Warmingist friends!
  5. Re:mdsolar again? by Mr+D+from+63 · · Score: 2

    Why do we get a gloom and doom post on the front page from this guy every day? Besides, this is a non-story:

    He doesn't care about the content, the agenda is to submit items in quantity and hope many just read the headlines. Unfortunately, some of those that accept articles here are willing to oblige that behavior.

  6. Words matter: email "coerced" someone? by DutchUncle · · Score: 2

    "phishing emails that coerced NRC employees" . . . Email doesn't FORCE a person to do something, or COMPEL obedience. Convince, mislead, trick, confuse someone into doing something, sure. My point is, don't blame the emails - assume that something labeled "nuclear" is a tempting target - blame people ignorant enough (or blame training so insufficient) as to fall for such a ruse, and security lax enough to let the action occur.

  7. Some details by Charliemopps · · Score: 3, Informative

    I thought I'd provide some anecdotal evidence for the sake of argument. I've worked at 3 major telephone companies/ISPs over the years and have been involved in installing phone and data lines at multiple power companies across the country including 1 reactor. In every case the power company had a standing police that basically boiled down to "No data enters the facility" It used to be a rule that "no copper entered the facility" but that changed with the advent of fiberoptics. I don't know if this is a law, or just a common security practice, but in the dozens of facilities I've worked with they were all air-gaped. Again, this is anecdotal, I don't know if this is done everywhere, but I certainly found it reassuring when I saw it.

    On the other hand, I did work with a local municipality once that opened and closed the local damn with a single copper pair running between the control house and the damn. When the damn overflowed and flooded that copper pair rendering it inoperable, they were furious with us because we wouldn't "fix it" I had to explain to a local community leader that our field techs are not trained to use scubba gear and had we known the safety of the entire community was riding on a single $12/month copper pair we'd have likely suggested an alternative solution.

  8. Re:Post 9-11 by Mr+D+from+63 · · Score: 2

    Your ignorance in glaring. In reality, there has been very little change in the way the NRC handles safeguards information since before 9/11. It was of course evaluated like everything, and undergoes occasional refinement, but the basic approach has been adequate and remains the same. If anything, other departments of government took note of how the NRC handles safeguards info.

    I suppose, you could explain exactly what changes you think took place in their handling of this information since 9-11? I'm sure you can coherently explain it on your own, without the need to simply sling links, correct?

  9. unnamed foreign countries???? by Squidlips · · Score: 2

    So why are they unnamed? Makes me think it was China...