2 US Nuke Labs Hacked

[iMav]

Two labs of America's top scientists have fallen for the oldest trick in the hackers' book

Quote:

DailyTech featured a blog yesterday on how the media frequently reports on so called "hacks" with little understanding of what happened, participating in a irresponsible brand of journalism that borders on alarmism. The problem is exacerbated in that people really do fall victim to Internet scams, even rather smart ones, which reporters dubiously dub "hacks."

One such report featured on ABC News concluded that two nuclear labs had been "hacked." The true story is a bit more entertaining and the reveals that there is no threat to the country's nuclear safety. Real threats such as concerted "hacks" conducted by the Chinese against the U.S. government are certainly a concern, but the only thing dangerous about the compromise at these labs is the stupidity of a few scientists and workers at the plants.

The Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Lab in New Mexico have made a habit of collecting the social security numbers, names, and birth dates of scientists who visit the plants. The information is put into a database, which reads like a who's who of America's top scientists.

Unfortunately, nobody thought such a practice might be a bit insecure. Starting October 29, workers at the labs began receiving phishing emails, which followed a traditional attack pattern of containing malicious Trojan-containing attachments.

There is no evidence that the attacks were specifically geared at the lab. If the attacks were just a general Internet attack, those responsible might have been excited at the big fish they caught. The two labs both have reported that the phishing emails gained access to their system, which indicates at least two employees -- one at each plant -- were foolish enough to click the attachment and commence the damage. The result was that the database with the scientists' information was compromised.

The phishers gained access to the records of all visitors at the plant between 1999 and 2004.

Don't blame the news networks solely for sensationalizing the attack and making it sound like a sophisticated assault. Leaders at the labs have gone on record trying to fudge the facts in statements, making the attacks sound more complex than they really are and icing over that the attacks only succeeded due to employee failures.

For example, ORNL director Thom Mason stated that the attacks were, "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," and continued, "Because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack."

Los Alamos has been more silent about what appears to prove the old adage that the greatest hole in security on the average computer network is the network's users.

In 2006 Los Alamos fell victim to social engineering and phishing when its emails were stolen and ended up on the USB stick of a drug dealer found in a police raid. The emails contained data of simulated nuclear weapons tests considered sensitive.

At the time executive director of the Project On Government Oversight (POGO), Danielle Brian blasted Los Alamos for their lax security stating, "This appears to be a new low, even drug dealers can get classified information out of Los Alamos."

Expect more pressure for ORNL and LANL as the smoke of sensationalism begins to blow away, revealing atrocious security due to user stupidity. Looks like some of America's top minds have just fallen for the one of the oldest tricks in the hackers' book.

Source

[naveen_reloaded]

ya dont worry world war 3 is very near...

[dOm1naTOr]

Ive past experience of many World Wars!!!
[COD1, COD2, COD4 etc].
so me no worry

[Gigacore]

hackers are becoming more intelligent then scientists these days!!

[phreak0ut]

hackers!!

[MetalheadGautham]

it was only by chance that they got hacked... it was not actually intended, so no harms done

[iMav]

every1 is not a 'friendly enemy'

[Abhishek Dwivedi]

but y always US mil. systems r hacked so easily...does dat means dey got no security or r running old system n software like da FBI were using few years back....????

[NucleusKore]

Now I am curious. What OS were they running? Microsoft Windows!!!!!!!

[naveen_reloaded]

maybe modified version from NSA !!! ???

[NucleusKore]

Quote:

Unfortunately, nobody thought such a practice might be a bit insecure. Starting October 29, workers at the labs began receiving phishing emails, which followed a traditional attack pattern of containing malicious Trojan-containing attachments.

There is no evidence that the attacks were specifically geared at the lab. If the attacks were just a general Internet attack, those responsible might have been excited at the big fish they caught. The two labs both have reported that the phishing emails gained access to their system, which indicates at least two employees -- one at each plant -- were foolish enough to click the attachment and commence the damage. The result was that the database with the scientists' information was compromised.

Looks like Microsoft Windows systems, I thought all their sensitive installations ran Linux. The US Navy burnt their fingers BADLY with Windows NT and their smart ship. Turned out to be not so smart after all. Some people never learn do they.

And while we're on NT, this is worth a look

[MetalheadGautham]

Quote:

Originally Posted by NucleusKore

Looks like Microsoft Windows systems, I thought all their sensitive installations ran Linux. The US Navy burnt their fingers BADLY with Windows NT and their smart ship. Turned out to be not so smart after all. Some people never learn do they.

And while we're on NT, this is worth a look

exactly. Though hacking as it is manually through the internet is almost equally easy on most systems, for affecting the system with a virus and sucking out information automatedly is next to impossible on a linux machine.

[NucleusKore]

Maybe those scientists were BORED

[praka123]

well US have to suffer with windows,coz after all NSA that "secures" Vista
BTW,SELinux by NSA is better though.

[gxsaurav]

Quote:

Originally Posted by naveen_reloaded

maybe modified version from NSA !!! ???

Quote:

Looks like Microsoft Windows systems, I thought all their sensitive installations ran Linux.

Quote:

exactly. Though hacking as it is manually through the internet is almost equally easy on most systems, for affecting the system with a virus and sucking out information automatedly is next to impossible on a linux machine.

Quote:

well US have to suffer with windows,coz after all NSA that "secures" Vista
BTW,SELinux by NSA is better though.

OMG...none of you kno anything about what computer they use or what OS they use, but no...since they were hacked it must have been Windows..

Stop speculating this much & get a life.

[Batistabomb]

Quote:

Originally Posted by NucleusKore

Now I am curious. What OS were they running? Microsoft Windows!!!!!!!

same question , what OS they are using ano they had no security patches or firewalls

[Tech_Wiz]

As I read in most Forums no software can protect you from a commited hacker. They will find their way in one way or another.

[Batistabomb]

Quote:

Originally Posted by Tech_Wiz

As I read in most Forums no software can protect you from a commited hacker. They will find their way in one way or another.

i won't agree with you because some third party firewalls uses high encrypyion standards, then how they can be hacked ? if so why microsoft and google are not hacked yet ?

[NucleusKore]

See the original post AGAIN. They clicked on an attachment and got a Trojan. Doesn't that sound familiar? I am not speculating, I'm almost 100% sure