DOE Hit By Hackers and Covered Up


Ahah! More government cover-ups? This one was a while back too.

Digging on those archives right now yah.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?

The US government security really does scare me sometimes, their internal departments have some of the lowest IT security scores…there are SO many data leaks and successful hacks, I mean I appreciate they have a sprawling infrastructure which makes it hard to maintain, but please, at least try?

For example Homeland Security scored an F again for Internal Security.

And this time it was covered up..

But the incident, somewhat similar to recent problems at the Veterans Affairs Department, was last September yet senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, New Mexico. The file contained information about contract workers throughout the agency’s nuclear weapons complex, a department spokesman said.

NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month.

It was as always blamed on ‘miscommunication’ but it’s bullshit as the people involved meet every day..

The oversight and investigations subcommittee learnt of this and launched their panel into action.

The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE’s inspector general, told the committee. But he said that while improvements have been made, “significant weaknesses continue to exist,” making the unclassified computer system vulnerable to hackers.

Last fall, a so-called “Red Team” of DOE computer specialists — seeking to test the security safeguards — succeeded in hacking into and gaining control of a DOE facility’s computer system, the panel was told.

“We had access to sensitive data including financial and personal data…. We basically had domain control,” said Glenn Podonsky, director of DOE’s Security and Safety Performance Assessment. “We were able to get passwords, go from one account to another.”

Perhaps they really do need some lessons?

Source: Wired

Posted in: Hacking News, Legal Issues

, , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


One Response to DOE Hit By Hackers and Covered Up

  1. fever April 8, 2008 at 6:52 pm #

    too many people who refuse to come into the 21 century as far as IT sec is concerned.