Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dept. of Energy Compromised 159 Times Over Four-Year Period

Posted by Soulskill on from the going-for-the-high-score dept.

An anonymous reader writes: USA TODAY obtained records through a Freedom of Information Act request indicating that the U.S. Department of Energy was targeted by over a thousand cyberattacks between October 2010 and October 2014. 159 of the attacks were successful in compromising some level of security. "Energy Department officials would not say whether any sensitive data related to the operation and security of the nation's power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved. ... The National Nuclear Security Administration, a semi-autonomous agency within the Energy Department responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period, records show. ... Records show 53 of the 159 successful intrusions from October 2010 to October 2014 were 'root compromises,' meaning perpetrators gained administrative privileges to Energy Department computer systems."

23 of 35 comments (clear)

  1. rooted or Administratored? by iggymanz · · Score: 1

    eom

  2. Re:Really? by iggymanz · · Score: 2

    oh my sides hurt!

    usually UTM from big network iron vendor == very poorly maintained Linux system with more holes than a fishnet

  3. Re:The Obama administration by coolmoe2 · · Score: 1

    If you think that the govt has ever had security under any administration clearly you have never dealt with govt IT systems. Do you seriously think that any administration has the time or effort to micromanage their IT staff when they can barely get things like department heads in place. Obama has a lot of problems but this one is not one of his exclusively.

  4. Re:The Obama administration by HiThere · · Score: 3, Funny

    Well, Obama promised that his administration would be more open. He just didn't mention that this would be due to non-US governmental agents. (OK, Snowden used to be a government agent, but he hasn't been since he started making Obama's promise true.)

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  5. Re:The Obama administration by reboot246 · · Score: 1

    As much as I detest Obama, it's not just his administration. Incompetence and government go together like peanut butter and jelly.

    The problem is an over-bloated bureaucracy that doesn't know its ass from a hole in the ground. And for that we can blame both parties and 99.9% of all politicians.

  6. Re:Sarah Palin Will Fix It! by coolmoe2 · · Score: 1

    Whats next? perhaps if Trump plays his cards right he can get Ann Coulter to be secretary of state. I think he can help us win the race to the bottom.

  7. Ran by the same government? by Opportunist · · Score: 2

    I that run by the same government that wants to collect all our private data for security reasons?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Ran by the same government? by cascadingstylesheet · · Score: 1

      I that run by the same government that wants to collect all our private data for security reasons?

      Yes, that's right, by Obama's government. He's been the chief executive since 2009.

      That's what people wanted right, "progressive"-ly more Orwellian?

    2. Re:Ran by the same government? by Opportunist · · Score: 1

      Yeah, because every government worker got replaced in 2009, all the awesome officials we had before have been replaced by the idiots we have now. But luckily we will be getting the awesome ones back come next election.

      Please. Don't pretend elections would change jack shit here.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Wooo Over a 1000! by TechyImmigrant · · Score: 3, Interesting

    I log in a root to the server of my HOA:

    Last failed login: Sat Sep 12 11:52:54 PDT 2015 from 43.229.53.41 on ssh:notty
    There were 59462 failed login attempts since the last successful login.

    So over 59000 attempts since last week, on a server with nothing of interest to anyone.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:Wooo Over a 1000! by shanec · · Score: 1

      just move the listening port to something other than 22 for fucks sake.

      Which will move their attempts to another port. ...Oops, sorry. Forgot to say "for fucks sake."

      The way you solve this, is by installing Fail2Ban (and change the default time) or other similar products. Automatically utilizing the system firewall (iptables and the like) to prevent them from even trying.

      And yes, 59,000 attempts is a problem that needs to be addressed. If for no other reason, than it's stealing bandwidth, and slowing down the entire server / connection.

    2. Re:Wooo Over a 1000! by TechyImmigrant · · Score: 1

      Well strong passwords solve the primary problem.

      The connection can handle it. But Fail2Ban is just one of the things in my life I haven't got around to yet.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    3. Re:Wooo Over a 1000! by TechyImmigrant · · Score: 2

      I am a cryptography goon for a big company. I suspect it's more than just normal probe attempts and someone thinks there's more in my servers than there really is.
       

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:Wooo Over a 1000! by Anonymous Coward · · Score: 1

      Moving the service to another port does help. The chinese scanners et al don't scan all of the ports, only some (the way nmap does by default). Just choose one that's not on /etc/services and if it doesn't help, try another one. I've changed to an alternate port and haven't gotten a single failed attempt on the server for over 2 years (as opposed to the previous hundreds per hour).

      I do also rate-limit new connections to the port with the system firewall and don't allow password authentication. Also, since I only need access to this server from networks assigned to two different ISPs (both of which I have remote access to via VPN from anywhere), I got the address assignments for their ASs and only allow connections from those networks.

      Fail2Ban is redundant and the approach of watching log files and having one more daemon running to do this is ugly.

    5. Re:Wooo Over a 1000! by TechyImmigrant · · Score: 1

      Burn in hell HOA Nazi

      While I tend to agree. I'm the anti-HOA Nazi. I work to prevent the HOA doing anything beyond cutting the grass and maintaining insurance.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  9. Talking heads .. by nickweller · · Score: 1

    A talking head telling us what we could read below. Is this the future of the Internet - TELEVISION ..

  10. Dept. of Energy compromised by cyber attackers .. by nickweller · · Score: 2

    "Incident reports .. shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation's power grid, nuclear weapons stockpile and energy labs."

    Have you considered not connecting your critical infrastructure directly to the Internet. The fact that the 'Cyber attackers' can even see your computers shows extreme complacency by whoever is in charge of your 'computers'.

  11. Re:Sarah Palin Will Fix It! by Tablizer · · Score: 1

    She can peak out her window to see if Putin is trying to log in.

    --
    Table-ized A.I.
  12. Re:The Obama administration by Tablizer · · Score: 3, Insightful

    Like the private sector has had a good record on this?

    --
    Table-ized A.I.
  13. Light on details by toejam13 · · Score: 2

    The problem with the article is that it is very light on details. How is an attack defined? Does it include a simple port scan or does it require something more targeted and defined? Of systems that were compromised, how many of them were non-sensitive public web servers in a DMZ/TZ and how many of them were internal servers containing sensitive data?

    Using the weakest metrics, my employer's external facing network is attacked thousands of times a day. It isn't a matter of if we're being hit by a traffic flood at any given time, but by how many clients and at what rate.

    Would be nice if they actually tallied the incidents by severity and general attack type.

  14. Re:Dept. of Energy compromised by cyber attackers by toejam13 · · Score: 1

    Have you considered not connecting your critical infrastructure directly to the Internet. The fact that the 'Cyber attackers' can even see your computers shows extreme complacency by whoever is in charge of your 'computers'.

    For all we know, their network wasn't attached to the Internet and that there was an air gap between it and the outside. Problem is, it isn't terribly difficult to insert your own back door. In many cases, you just need a wireless adapter and the proper software. Even if they're not running an IP network, you can encapsulate their traffic and send it through your eavesdropping device.

  15. Re:Dept. of Energy compromised by cyber attackers by nickweller · · Score: 1

    @toejam13: "For all we know .. there was an air gap between it and the outside .. In many cases, you just need a wireless adapter and the proper software" ..

    a) We do know there wasn't an 'air gap' as the compromised servers were connected to the Internet. That's the meaning behind the words 'cybersecurity breach'.

    b) An air gaped computer with a wireless adapter isn't really air gapped.

    c) I never mentioned 'air gap'ed ...

  16. Sounds like they weren't follwoing their own by Bob+the+Super+Hamste · · Score: 1

    Sounds like they weren't following the guidelines that they recommend for the energy industry.

    --
    Time to offend someone