DOE Hit By Hackers and Covered Up


Ahah! More government cover-ups? This one was a while back too.

Digging on those archives right now yah.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?

The US government security really does scare me sometimes, their internal departments have some of the lowest IT security scores…there are SO many data leaks and successful hacks, I mean I appreciate they have a sprawling infrastructure which makes it hard to maintain, but please, at least try?

For example Homeland Security scored an F again for Internal Security.

And this time it was covered up..

But the incident, somewhat similar to recent problems at the Veterans Affairs Department, was last September yet senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, New Mexico. The file contained information about contract workers throughout the agency’s nuclear weapons complex, a department spokesman said.

NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month.

It was as always blamed on ‘miscommunication’ but it’s bullshit as the people involved meet every day..

The oversight and investigations subcommittee learnt of this and launched their panel into action.

The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE’s inspector general, told the committee. But he said that while improvements have been made, “significant weaknesses continue to exist,” making the unclassified computer system vulnerable to hackers.

Last fall, a so-called “Red Team” of DOE computer specialists — seeking to test the security safeguards — succeeded in hacking into and gaining control of a DOE facility’s computer system, the panel was told.

“We had access to sensitive data including financial and personal data…. We basically had domain control,” said Glenn Podonsky, director of DOE’s Security and Safety Performance Assessment. “We were able to get passwords, go from one account to another.”

Perhaps they really do need some lessons?

Source: Wired

Posted in: Hacking News, Legal Issues

, , , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


One Response to DOE Hit By Hackers and Covered Up

  1. fever April 8, 2008 at 6:52 pm #

    too many people who refuse to come into the 21 century as far as IT sec is concerned.