Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nuclear Regulator Hacked 3 Times In 3 Years

timothy posted about 1 month ago | from the once-a-year-to-keep-in-practice dept.

Government 66

mdsolar (1045926) writes with this disconcerting story from CNet about security breaches at the U.S. Nuclear Regulatory Commission, revealed in a new report to have been compromised three times in the last three years: The body that governs America's nuclear power providers said in an internal investigation that two of the hacks are suspected to have come from unnamed foreign countries, the news site Nextgov reported based on a Freedom of Information Act request. The source of the third hack could not be identified because the logs of the incident had been destroyed, the report said. Hackers, often sponsored by foreign governments, have targeted the US more frequently in recent years. A report (PDF) on attacks against government computers noted that there was a 35 percent increase between 2010 and 2013.

Intruders used common hacking techniques to get at the NRC's computers. One attack linked to a foreign country or individual involved phishing emails that coerced NRC employees into submitting their login credentials. The second one linked to a foreign government or individual used spearphishing, or emails targeted at specific NRC employees, to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive. The third attack involved breaking into the personal account of a NRC employee. After sending a malicious PDF attachment to 16 other NRC employees, one person was infected with malware.

cancel ×

66 comments

Sorry! There are no comments related to the filter you selected.

Good Job NRC (5, Insightful)

Mr D from 63 (3395377) | about 1 month ago | (#47702685)

So, three times in three years, hackers get by the first line of defense (humans) and access some servers. They are identified and stopped each time. Not too bad considering the number of nutjobs out there that target them. It might actually be considered impressive. The NRC hires a lot of contractors, so the human element will always be a challenge, just like any other organization of that nature.

The funny thing is, most NRC information is publicly available through their on-line document library. There is a very small amount of redacted intellectual property from various vendors that one might get a hold of, but any of those items are not really much different than the public information or useful to competitors. Doubts are any of these hackers would be able to do anything with it, as competitors generally already know what each other really are doing.

Safeguards & security information could theoretically be of value to a terrorist, but is not kept on any of these common servers. It is kept in isolated, stand-alone file rooms with isolated individual computers & file cabinets and controlled access.

I don't see really why this is any kind of news.

Re: Good Job NRC (2)

C0R1D4N (970153) | about 1 month ago | (#47702705)

Still, their company email should probably be on an intranet.

Re: Good Job NRC (-1, Flamebait)

Anonymous Coward | about 1 month ago | (#47702863)

Still, their company email should probably be on an intranet.

Exactly.

The people who run the nuclear power industry are their own worst enemy. How can we trust them to run such potentially damaging installations when they can't even secure their own email?

They show us again and again that they are unethical, incompetent and untrustworthy.

Re: Good Job NRC (0)

Anonymous Coward | about 1 month ago | (#47703287)

Because they would never ever have to email anyone not inside the company. Right.

Re: Good Job NRC (2)

Luke has no name (1423139) | about 1 month ago | (#47707885)

Are you saying their email should be completely isolated from the public internet? How are they supposed to... use email?

Unless you think each person should have two email addresses from two domains.

Re: Good Job NRC (1)

AK Marc (707885) | about 1 month ago | (#47707971)

Or perhaps he was saying that they should be through a email gateway such that the users reading emails can't get to the Internet. Any phishing attempt would then fail. Unless they requested you email back your login.

Re: Good Job NRC (0)

Anonymous Coward | about a month ago | (#47715319)

This is a solved problem... there are email firewalls and web proxies that would help block phishing emails and block malicious outbound web traffic.

Hell, this is doable with FOSS software, much less the well known enterprise tools in the arena. I'd actually find it hard to believe they DON'T have at least some of these tools aready, albeit poorly deployed.

Re:Good Job NRC (1)

Joe Gillian (3683399) | about 1 month ago | (#47702719)

So wait, why would the NRC even be a target then, unless the hackers were dumb enough to believe that the NRC would store sensitive information on a public-facing server?

Re:Good Job NRC (0)

Anonymous Coward | about 1 month ago | (#47702755)

So wait, why would the NRC even be a target then, unless the hackers were dumb enough to believe that the NRC would store sensitive information on a public-facing server?

Oh, the irony of calling the hacker dumb here, especially when we find out in a few days that there was in fact sensitive information stored on their internal networked servers (because we all know users do such a good job organizing data into neat little piles of IP).

And just to clarify, if they're public-facing, then they're not really hidden at all, now are they.

Re:Good Job NRC (2)

geekoid (135745) | about 1 month ago | (#47702907)

The same reason people try to hack NASA to find the 'Truth' about aliens?

Re:Good Job NRC (1)

Wootery (1087023) | about 1 month ago | (#47703181)

unless the hackers were dumb enough to believe that the NRC would store sensitive information on a public-facing server?

To be fair, very few organisations take security seriously, even when it's their entire job [explainxkcd.com] .

It's not dumb of a hacker to make the assumption that their target is incompetent. Cynical, maybe, but not unfounded.

Re:Good Job NRC (0)

Anonymous Coward | about 1 month ago | (#47704223)

The hacker's boss is a PHB that thinks NUCLEAR is scary.

Re:Good Job NRC (1)

TheCarp (96830) | about 1 month ago | (#47702759)

Well, I agree there is probably little of value there, however, I think you are missing what documents of value they do have. Specifically, information about their inspection program and any investigations they may be doing. That is data that, at least theoretically, has value to the subjects of any investigation or inspection.

Whether it is of real value or whether they would actually pay for it (or hire someone to get it) is another question entirely. I would have no problem believing that a few times a year someone breaks into their systems hoping to find something like that which they could turn around and sell... I am more doubtful that its a very profitable endeavor.

Re:Good Job NRC (3, Interesting)

jellomizer (103300) | about 1 month ago | (#47702855)

But it is Nuclear! N U C L E A R ! ! ! This words means scary stuff will happen if ever used by Bad Bad Men!

Now the people who broke in may get a lot of good information just like if they broke into any other federal commission. However I would really hope the actual dangerous stuff isn't on the same network that allows any sort of internet access.

Re:Good Job NRC (3, Funny)

fisted (2295862) | about 1 month ago | (#47702987)

It's spelt "Nucular"

Re:Good Job NRC (1)

Vitriol+Angst (458300) | about a month ago | (#47712651)

> However I would really hope the actual dangerous stuff isn't on the same network that allows any sort of internet access.

You spelled Nuclear correctly, but if you want the DOH (Department Of Hope), it's down the hall between the DOWT (Department Of Wishful Thinking) and OMGTWB (Oh My God-That Went Boom!)

Good Job NRC (1)

Anonymous Coward | about 1 month ago | (#47704403)

Thank you.

There's virtually nothing to be gained by illegitimately obtaining information from the NRC -- almost everything they produce is in the public domain. This is just FUD designed to scare anyone easily excited by the combination of the words "hacked" and "nuclear" in the same article.

Re:Good Job NRC (1)

mdsolar (1045926) | about 1 month ago | (#47706687)

"except for meetings on security subjects that include sensitive information" http://www.nrc.gov/security/fa... [nrc.gov]

Re:Good Job NRC (0)

Anonymous Coward | about 1 month ago | (#47704781)

nutjobs, including mdsolar...

mdsolar again? (1)

Anonymous Coward | about 1 month ago | (#47702743)

Why do we get a gloom and doom post on the front page from this guy every day? Besides, this is a non-story:

"The few attempts documented in the OIG (Office of the Inspector General) cyber crimes unit report as gaining some access to NRC networks were detected and appropriate measures were taken," he said.

Re:mdsolar again? (2)

Mr D from 63 (3395377) | about 1 month ago | (#47702885)

Why do we get a gloom and doom post on the front page from this guy every day? Besides, this is a non-story:

He doesn't care about the content, the agenda is to submit items in quantity and hope many just read the headlines. Unfortunately, some of those that accept articles here are willing to oblige that behavior.

Re:mdsolar again? (-1, Flamebait)

mdsolar (1045926) | about 1 month ago | (#47703017)

Why not submit some fanboi stories? Maybe there is no good news about nuclear power....

Re:mdsolar again? (0)

Mr D from 63 (3395377) | about 1 month ago | (#47703131)

I have my own experience, points and opinions, I don't need to copy others', particularly in a mindless fashion. You just sling links, which requires little thought or effort of any kind. Its kind of pathetic in my opinion.

Re:mdsolar again? (1, Insightful)

mdsolar (1045926) | about 1 month ago | (#47703163)

Slashdot is powered by your submissions. If you don't want to contribute, maybe it is better to stop trolling all the time.

Re:mdsolar again? (0)

Anonymous Coward | about 1 month ago | (#47703661)

And in your case, Slashdot and their readership is subjected to your tired, rah rahs of self-serving advocacy in the form of content-free FUD denigrating nuclear power. It rises to the level of slashvertising. Did your mom leave your relationship for an NRC employee or something?

Re:mdsolar again? (1)

Mr D from 63 (3395377) | about 1 month ago | (#47704031)

Actually, I have submitted articles. I just don't try to drive the content of this site to fulfill and agenda. Its simply a scummy thing to do.

Re:mdsolar again? (1)

mdsolar (1045926) | about 1 month ago | (#47706339)

So, show us a link? Don't be coy....

Re:mdsolar again? (1)

Mr D from 63 (3395377) | about 1 month ago | (#47706397)

You could have found it on your own;

http://slashdot.org/~Mr+D+from... [slashdot.org]

Re:mdsolar again? (1)

mdsolar (1045926) | about 1 month ago | (#47706813)

You are obviously just exploiting a deep sea disaster for your own ends. How biased!

Re:mdsolar again? (1)

Mr D from 63 (3395377) | about 1 month ago | (#47706873)

If you think that is clever, you are fooling yourself. I hope you are more honest with your solar customers than you are with yourself.

Re:mdsolar again? (0)

Anonymous Coward | about 1 month ago | (#47703401)

I would suspect the hint is in his username,
MD = managing director
Solar = solar company

So he has skin in the game to put Nuclear power down!.

Skydrive? (4, Insightful)

jratcliffe (208809) | about 1 month ago | (#47702749)

"to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive"

Why on earth would the NRC (or any company or government entity, for that matter) not block access to all cloud storage providers, except those which are explicitly authorized?

Re:Skydrive? (1)

Noah Haders (3621429) | about 1 month ago | (#47702861)

they should make it a punishable offense to fall for obvious malicious emails. this would make people pay attention. either a midemeanor of a civil penalty.

Re:Skydrive? (1)

geekoid (135745) | about 1 month ago | (#47702915)

Yes, punish the victim, genius.

Re:Skydrive? (1)

Noah Haders (3621429) | about 1 month ago | (#47703417)

we're all victims when a couple tards let some obvious hackers in the front door. Imagine we're a walled city with nothing but zombies outside. Those at the gates have a responsibility not to let zombies in.

Put some AI out front ... (1)

CaptainDork (3678879) | about 1 month ago | (#47703605)

It's much easier to blame the victim than provide a technical solution?

Anyone heard of, "AI?"

How hard is it to emulate a user and take the phishing/spear phishing bait to conclusion inside a sandbox; make a call to the, "Not by the hair on my chinny chin chin," routine when the predicted results are deemed harmful?

I have to think of everything.

Re:Put some AI out front ... (1)

Noah Haders (3621429) | about 1 month ago | (#47705085)

who is the victim? everybody on the network could fall victim due to a malicious hacker and his accomplice, the witless cubicle drone who takes the bait.

Re:Skydrive? (1)

geekmux (1040042) | about 1 month ago | (#47702993)

"to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive"

Why on earth would the NRC (or any company or government entity, for that matter) not block access to all cloud storage providers, except those which are explicitly authorized?

Blocking access to "all cloud storage providers" will likely cripple actual functionality the business is looking for now or in the future. On top of that, I don't know of many who do this. Hell, the CIA has their own cloud on AWS, so it's a bit funny to think the government would be asking their customers/partners/vendors to stay away.

And with the way data is shifting to cloud hosting solutions, at some point in the near future, it will become impossible to block the "cloud", as it will become part of the very fabric of the internet.

It would be easier to simply create air-gapped systems that serve specific purposes rather than try to tame the wild west of the internet to be nice to your sensitive systems. At some point we will learn that certain systems do not belong on the internet, no matter how secure we think the connection is to them.

Re:Skydrive? (1)

Zontar_Thing_From_Ve (949321) | about 1 month ago | (#47703091)

Why on earth would the NRC (or any company or government entity, for that matter) not block access to all cloud storage providers, except those which are explicitly authorized?

My first job after college was working for a branch of the Department of Defense as a civilian. I was a programmer at first and then a Unix system admin. You may not know how tight Microsoft is with Uncle Sam so it could be that SkyDrive was or even still is deliberately allowed. I could certainly see Microsoft telling some big shot manager "This can only be a good thing you for you" and they signed off on it. My experience was that security was highly variable and depended on how serious the people responsible for the systems were. It could just be an oversight or they may be operating under the bad "Permit anything not explicitly denied" policy. Both government employees and contractors have wildly varying skill sets and some people in both groups are barely qualified for the jobs they hold. Those people don't do security very well because they don't know enough to consider situations like this.

Re:Skydrive? (1)

smooth wombat (796938) | about 1 month ago | (#47703179)

You would think such stuff would be blocked but there are those in government (our current CIO one of them) who think, "The Cloud! The Cloud! It's wonderful!" without any concept of how insecure the Cloud really is.

People at the top read magazines and are told how wonderful such things are without taking a moment to think things through.

This applies to the private sector as well except you don't normally hear about their missteps.

Re:Skydrive? (0)

Anonymous Coward | about 1 month ago | (#47704595)

Probably because they strip email attachments, leaving few generally accessible options for timely transfer of large amounts of binary data.

Re:Skydrive? (1)

quetwo (1203948) | about 1 month ago | (#47704757)

Because if you block access to SkyDrive, you end up blocking access to being able to run the newest version of Microsoft Office. The servers that it uses to get (stream) content are the same ones that SkyDrive uses.

Another day, another mdsolar anti-nuclear troll (4, Insightful)

Anonymous Coward | about 1 month ago | (#47702753)

Hapless government employees fall susceptible to phishing, but OMG NUCLEAR REGULATORS!!!111!!!1eleventyone!!1!

Why do I have a feeling that if this happened to any other Federal department, we'd never hear about it?

Re:Another day, another mdsolar anti-nuclear troll (0)

mdsolar (1045926) | about 1 month ago | (#47703145)

RTFA: "A report (PDF) on attacks against government computers noted that there was a 35 percent increase between 2010 and 2013." http://www.gao.gov/assets/670/... [gao.gov]

Oblig (2)

binarylarry (1338699) | about 1 month ago | (#47702775)

Nuclear Information Security Inspector could be heard in the background saying "Doh!"

Cnet? (0)

Anonymous Coward | about 1 month ago | (#47702779)

Rise of the dead that is. Not seen a cnet reference in a long, long, long time.

Words matter: email "coerced" someone? (2)

DutchUncle (826473) | about 1 month ago | (#47702913)

"phishing emails that coerced NRC employees" . . . Email doesn't FORCE a person to do something, or COMPEL obedience. Convince, mislead, trick, confuse someone into doing something, sure. My point is, don't blame the emails - assume that something labeled "nuclear" is a tempting target - blame people ignorant enough (or blame training so insufficient) as to fall for such a ruse, and security lax enough to let the action occur.

Post 9-11 (-1, Troll)

mdsolar (1045926) | about 1 month ago | (#47703003)

After 9-11 a lot of information became secret, making public efforts to understand nuclear safety difficult or impossible. TRUST US is the NRC motto. Now hackers have access while the public does not.

Re:Post 9-11 (2)

Mr D from 63 (3395377) | about 1 month ago | (#47703357)

Your ignorance in glaring. In reality, there has been very little change in the way the NRC handles safeguards information since before 9/11. It was of course evaluated like everything, and undergoes occasional refinement, but the basic approach has been adequate and remains the same. If anything, other departments of government took note of how the NRC handles safeguards info.

I suppose, you could explain exactly what changes you think took place in their handling of this information since 9-11? I'm sure you can coherently explain it on your own, without the need to simply sling links, correct?

Re:Post 9-11 (1)

mdsolar (1045926) | about 1 month ago | (#47706585)

"...except for meetings on security subjects that include sensitive information..." TRUST US! Sleeping guards, sweep it under the rug.... http://www.nrc.gov/security/fa... [nrc.gov]

Re:Post 9-11 (1)

Mr D from 63 (3395377) | about 1 month ago | (#47706615)

Yup, just as I figured. No point, a link to go with it.

Re:Post 9-11 (1)

mdsolar (1045926) | about 1 month ago | (#47706829)

As I say, you are a denier. You even deny what comes straight from the horse's mouth, which is what makes your posts what comes from the other end of the horse,

Re:Post 9-11 (1)

Mr D from 63 (3395377) | about 1 month ago | (#47706883)

The public was never allowed to attend portions of meetings where safeguards info was presented. That has not changed. The fact that something so obvious eluded you gives me a better understanding of your behavior. You are as predictable as the nightly shutdown of solar power.

Re:Post 9-11 (1)

mdsolar (1045926) | about a month ago | (#47709401)

As a recent example, people around the Limerick plant don't know how serious a big security problem is because of post 9-11 secrecy. http://www.mainlinemedianews.c... [mainlinemedianews.com] Obviously you don't know what you are talking about.

Re:Post 9-11 (1)

Mr D from 63 (3395377) | about a month ago | (#47711071)

You said there were changes due to 9-11, but you haven't identified any. And, of course they don't release to the public details of safeguards information, be that issues found at site, designs, or other. They never have, and never will, for obvious reasons. There has been no change in this as you claimed. In your haste to google stuff to make a point, because you don't have the insight yourself, you repetitively fail to stop and think. Why would you want think they would ever release safeguards information to the public?

Re:Post 9-11 (1)

mdsolar (1045926) | about a month ago | (#47711585)

As usual you deny the plain facts.

Re:Post 9-11 (1)

Mr D from 63 (3395377) | about a month ago | (#47711831)

I see you cannot answer the question.

Some details (3, Informative)

Charliemopps (1157495) | about 1 month ago | (#47703111)

I thought I'd provide some anecdotal evidence for the sake of argument. I've worked at 3 major telephone companies/ISPs over the years and have been involved in installing phone and data lines at multiple power companies across the country including 1 reactor. In every case the power company had a standing police that basically boiled down to "No data enters the facility" It used to be a rule that "no copper entered the facility" but that changed with the advent of fiberoptics. I don't know if this is a law, or just a common security practice, but in the dozens of facilities I've worked with they were all air-gaped. Again, this is anecdotal, I don't know if this is done everywhere, but I certainly found it reassuring when I saw it.

On the other hand, I did work with a local municipality once that opened and closed the local damn with a single copper pair running between the control house and the damn. When the damn overflowed and flooded that copper pair rendering it inoperable, they were furious with us because we wouldn't "fix it" I had to explain to a local community leader that our field techs are not trained to use scubba gear and had we known the safety of the entire community was riding on a single $12/month copper pair we'd have likely suggested an alternative solution.

unnamed foreign countries???? (2)

Squidlips (1206004) | about 1 month ago | (#47703569)

So why are they unnamed? Makes me think it was China...

Re:unnamed foreign countries???? (0)

Anonymous Coward | about 1 month ago | (#47706079)

Germany and France, probably. Since the NRC deals with commercial uses and those two countries do a surprising amount of nuclear business, it would be in their best interest to see the non-public filings with the commission. It lets them know who their Big Business should talk to about control systems and service contracts and such.

Re:unnamed foreign countries???? (1)

mdsolar (1045926) | about 1 month ago | (#47706493)

Iran, North Korea? A dirty bomb with no return address sits in Buchanan, NY.

Hey you dumb asshats (1)

Anonymous Coward | about 1 month ago | (#47705521)

Most American Blackhats use foreign country's connections to infiltrate American systems.

This is why every single fucking time they appear to come from "unnamed foreign countries" . Because wouldn't you want to appear like you are coming from China when in actuality you are sitting at a desk in new york city when owning these poor bastards?

I bet they paid a lot of money to "security professionals" to fix this though. lolololololol

USA, USA (0)

Anonymous Coward | about 1 month ago | (#47705599)

Still hearing those Americans shouting USA, USA, USA...
Yeah, you're so not the backwards soviet union of the world this time around...

Microsoft Windows Hacked 3 Times In 3 Years .. (1)

lippydude (3635849) | about 1 month ago | (#47707203)

Corrected Title ..

Pure Genius (0)

Anonymous Coward | about 1 month ago | (#47708393)

Who is the genius that wired up the nuclear power plant to the internet!!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>