Department of Energy 'negligent' security? 1 breach by hacking, 1 by 82-yr-old nun

14 computer servers and 20 workstations at the U.S. Department of Energy headquarters were hacked in January, but unlike the New York Times, Wall Street Journal and the Washington Post, the DOE did not say that Chinese hackers were behind the cyberattack. The Washington Free Beacon, which broke the story, reported that “the relative sophistication of the cyberattack is an indication of nation-state involvement.”

Security breach at United States Department of Energy headquarters

The DOE confirmed that “personal information about several hundred employees and contractors was stolen,” but that no classified info was compromised. An internal DOE email stated that the Department is “leading an aggressive effort to reduce the likelihood of these events occurring again.” It is also “working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident.”

DOE ‘negligent’ cybersecurity

The security breach is “a continuing story of negligence,” according to Ed McCallum, a security consultant who formerly spent a decade at the DOE’s Office of Safeguards and Security. McCallum also told the Free Beacon that both the Chinese and the Iranians target the DOE to steal secrets. The DOE “is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters.” He added, "A lot of countries are interested in our secrets and unless security is improved, this is going to happen again."

SANS' Ed Skoudis previously stated such "attacks have been going on for many years." Skoudis said that SANS has "seen detailed evidence of foreign nation states deep inside computer networks of financial services companies, critical infrastructure systems, and manufacturing companies. We not only see the streams of packets going to and from other countries, we can also watch the attackers' activities on the computer systems, as they search for sensitive information to gain competitive economic advantage, as well as to plan command-and-control software."

When U.S. Energy Secretary Steven Chu announced his decision to resign, he reminded us that “The Department of Energy serves the country as a Department of Science, a Department of Innovation, and a Department of Nuclear Security.” That alone should be reason enough to tighten DOE security hatches. Chu added that the Department “reclaimed the lead in high performance supercomputing” and it has. The DOE's Oak Ridge National Laboratory stated that Titan supercomputer is “the world’s most powerful supercomputer for open science with a theoretical peak performance exceeding 20 petaflops (quadrillion calculations per second).”

Previous cyberattack on DOE’s Oak Ridge National Lab

That same Oak Ridge National Lab was previously targeted by an Advanced Persistent Threat (APT) designed “to gain a foothold on the lab's networks and then to quietly looking for and steal specific types of information." After about 1GB of data was stolen, ORNL had to “shut down its Internet connectivity.” The cyberattack was a result of spear-phishing emails sent to about 573 lab employees; the emails appeared to come from the lab’s HR department and included a link to supposed benefit changes. In the end, any employee who clicked on the link had their machine infected with malware that exploited an IE zero-day vulnerability. Microsoft had just issued a patch three days before the attack.

82-year-old nun defeated security at DOE nuclear weapon complex

Aerial photo of the DOE's Oak Ridge nuclear Y-12 plant breached by 82-yr-old nun

But social engineered spear-phishing attacks are not the only vulnerability that has exploited shortcomings in DOE security. An 82-year-old nun and two other protestors, "the youngest of whom was 57," managed to compromise security at a nuclear weapons complex. The Y-12 National Security Complex is a “Department of Energy National Nuclear Security Administration facility located in Oak Ridge, Tennessee, near the Oak Ridge National Laboratory.” The break-in to the “plant’s inner sanctum, known as the Protected Area,” was “an embarrassment to the plant’s vaunted security force and sent shock waves throughout the nation’s nuclear weapons complex.” The Oak Ridger reported the “security breach at the Y-12 nuclear weapons plant has cost taxpayers about $15 million so far.”

In the pre-dawn hours of Saturday, July 28, the three traversed a wooded ridge on the plant’s North Side, cut through high-security fences and — without being detected or deterred — reached the outside of the plant’s storage center for bomb-grade uranium. Once there, they spray-painted peace messages, strung crime-scene tape around the premises, splashed “human blood” on an external wall of the uranium facility, and completed all of their protest acts before guards arrived to detain them.

Reportedly because of the Y-12 security breach, Babcock & Wilcox lost the Y-12 contract. B&W has filed a grievance with the Government Accountability Office.

Super Bowl blackout

Lastly, a freak blackout resulted in people speculating about the DOE, power grid and our infrastructure. Shawn Henry, the FBI's former 'top cyber cop' said a major cyberattack against the electric grid or water supply could "ultimately kill people." Such a disastrous and deadly scenario was precisely what senators witnessed in a classified demo of a mock cyberattack on New York City's power grid during a heat wave. So it is little surprise that some people wondered if America’s aging infrastructure or a hacked power grid were behind the power outage during the Super Bowl. That was not the case according to local utility company Entergy.

Entergy’s statement blamed malfunctioning equipment. “Shortly after the beginning of the second half of the Super Bowl in the Mercedes Benz Superdome, a piece of equipment that is designed to monitor electrical load sensed an abnormality in the system. Once the issue was detected, the sensing equipment operated as designed and opened a breaker, causing power to be partially cut to the Superdome in order to isolate the issue.” Additionally, “the fault-sensing equipment activated where the Superdome equipment intersects with Entergy’s feed into the facility.”

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon