DOE Hit By Hackers and Covered Up


Ahah! More government cover-ups? This one was a while back too.

Digging on those archives right now yah.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?

The US government security really does scare me sometimes, their internal departments have some of the lowest IT security scores…there are SO many data leaks and successful hacks, I mean I appreciate they have a sprawling infrastructure which makes it hard to maintain, but please, at least try?

For example Homeland Security scored an F again for Internal Security.

And this time it was covered up..

But the incident, somewhat similar to recent problems at the Veterans Affairs Department, was last September yet senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, New Mexico. The file contained information about contract workers throughout the agency’s nuclear weapons complex, a department spokesman said.

NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month.

It was as always blamed on ‘miscommunication’ but it’s bullshit as the people involved meet every day..

The oversight and investigations subcommittee learnt of this and launched their panel into action.

The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE’s inspector general, told the committee. But he said that while improvements have been made, “significant weaknesses continue to exist,” making the unclassified computer system vulnerable to hackers.

Last fall, a so-called “Red Team” of DOE computer specialists — seeking to test the security safeguards — succeeded in hacking into and gaining control of a DOE facility’s computer system, the panel was told.

“We had access to sensitive data including financial and personal data…. We basically had domain control,” said Glenn Podonsky, director of DOE’s Security and Safety Performance Assessment. “We were able to get passwords, go from one account to another.”

Perhaps they really do need some lessons?

Source: Wired

Posted in: Hacking News, Legal Issues

, , , ,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


One Response to DOE Hit By Hackers and Covered Up

  1. fever April 8, 2008 at 6:52 pm #

    too many people who refuse to come into the 21 century as far as IT sec is concerned.