US Military 'Hacked' by Emails 141
An anonymous reader writes "Two of the US Military's most important science labs were apparently 'hacked'. Phishing mail was sent to a pair of research labs, where trojan programs allowed interlopers access to the otherwise secure networks. One of the sites was the infamous Los Alamos, which has been discussed many times here at Slashdot for its string of security breaches. 'Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests. "This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian, executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks.'"
shut er down! (Score:2, Interesting)
Re: (Score:1, Funny)
Re: (Score:2, Funny)
That there are Aliens among us, and that USA and Iran both know about it.
Listen to Kucinich.
Re:shut er down! (Score:5, Funny)
Re:shut er down! (Score:5, Funny)
Comment removed (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2, Interesting)
Nothing really new about that. Tried and true it is in everything from politics to advertising. They're the same kind of people. You gotta use what works. In fact right now they're trying to convince us that some guy Osama was behind the the WTC attack. And check it out. All those gullible people still believe it. Conspiracy theory is big business. And very profitable [nationalpriorities.org] indeed.
Re: (Score:2)
Nixon, you're back!!!!!!!!!!!!!!!!
And here I thought they just took your head... [wikipedia.org]
Re: (Score:1, Troll)
Re: (Score:2)
Re:shut er down! (Score:4, Funny)
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:2)
Re:shut er down! (Score:5, Informative)
Note that the
More recently, we're moving to some different networking configurations to help cut down on some of these breaches. It may help; it may not. Foreign nationals are losing administrator priveleges on their own (unclassified, mind you) computers, which is causing LOTS of headaches and won't solve a damned thing. Many of them have sent messages saying, "Yeah, remove my access, and see how much work gets done." If we had a moderation system here, those would be +5 Damned Right.
Agreed. (Score:5, Interesting)
Re: (Score:1, Informative)
Huh? LLNL has been managed by UC until this October (LANL went corporate before LLNL).
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re:shut er down! (Score:5, Insightful)
Actually, if you weren't an idiot trolling, you'd realize that the vast majority of foreign researchers in the US are in the country by virtue of the O1 visa, not the H1. This visa requires documentation and proof that the person is a world-renowned expert in their field, possesses world-class skills in the arts or sciences, and in short is nothing short of an absolutely unique and brilliant individual.
Or would you rather leave all those Pakistani, Chinese, and other brilliant scientists in their homelands, helping their repressive regimes?
Re: (Score:1)
Re:shut er down! (Score:4, Insightful)
Re: (Score:1)
Re:shut er down! (Score:4, Funny)
Is it really worth pouring more money into this idiotville if every bit of scientific progress they make is practically public knowledge soon after?
Exactly, because scientific progress is so worthless if it's made public.
Re: (Score:2)
I agree. However, I wouldn't be surprised if it were not already shut down as a research facility and now only exists as a huge honeypot [wikipedia.org]. Well, with all the stuff that's been going on there, I HOPE that is the case.
Re: (Score:3, Insightful)
Some would argue that the purpose of scientific progress is the advancement of the human race. Not just advancement of those members of the human race who happen to live within the borders of the U.S. of A.
Re: (Score:2)
Some would argue that the purpose of scientific progress is the advancement of the human race. Not just advancement of those members of the human race who happen to live within the borders of the U.S. of A.
That may well be the case, but that doesn't account for why U.S. taxpayers should be footing the bill. I'm all for putting the results out in public and letting anybody who wants to use them (because, frankly, it would be difficult and counter-productive to try and restrict them just to U.S. citizens), but I don't think it's in any way improper for a country to take care of its own citizens first. In fact, that's pretty much what I want my government to do. Other people (should) have their own governments
Restricting knowledge doesn't seem a good way. (Score:3, Insightful)
!news (Score:3, Insightful)
Article Clarification (Score:2)
The distinction between "classified" and "unclassified" networks parent is referring to comes from The Register's [theregister.co.uk] coverage of the same story. The PCWorld link in the original submission makes no mention of whether or not the networks were classified or not.
Re: (Score:3, Insightful)
Re: (Score:2, Informative)
Here is an official email to the employees (sorry, but the links don't work outside the lab):
To/MS: All Employees
From/MS: Michael R. Anastasio, DIR, A100
Phone/Fax: 7-5101/5-2679
Symbol: DIR-07-324
Date: November 9, 2007
SUBJECT: RECENT HACKING EVENT A REMINDER TO BE CYBER SECURITY
AWARE
For years the Laboratory has been the target of daily, relentless
attacks by hackers by means of SPAM, random pinging, robotic
campaigns, and various other determined, focused,
Hmph (Score:3, Insightful)
Re: (Score:2, Interesting)
Re: (Score:3, Interesting)
Flipside (Score:3, Funny)
I kid.
Re: (Score:2, Funny)
Re: (Score:2)
If that's how it went down, I don't know what's funnier...that someone would try that or that the dealer accepted.
Re: (Score:1)
Anyway, I believe these types of incidents are due to a technologically defunct generation working in a technologically advanced world, and soon the iGeneration will take the reins and bring to the work force basic computing knowledge (and no, knowing how to use MS Word is NOT enough). I work as a student tech to get me through college and all I ever find are 40+ year old staffies with absolutely no idea about what is going on. I literally have to force
Re: (Score:2)
It may take you 5 or 10 years or more, but eventually you'll realize how far from reality that statement was.
Re: (Score:1)
Thank god.... (Score:4, Funny)
Minor bureacratic technicality to point out... (Score:5, Insightful)
Both labs in question are actually U.S. Department of Energy, not Department of Defense. Technically, they're not "military" labs.
More to the point, if they were military labs, the schlubs responsible for the security cockups would have been in the brig and awaiting a court-martial long ago. The knowledge that your "employer" can clap you in prison and then have you shot for almost a trivial incident is, to borrow a phrase, tremendously attention-focusing.
Yeah, yeah, I know, nuclear weapons and technology, blah, blah, blah... but really. Historically, these labs have always been run a little bit like the average academic research lab at any mainline university, and the stereotypes about egghead scientist types hating military-style regimentation (including security processes) rings very true. Read up about the Manhattan Project. (Which is fitting, since these labs are the direct descendants of that program.)
Re:Minor bureacratic technicality to point out... (Score:5, Informative)
I've worked at Oak Ridge -- it's not a weapons lab. A huge fraction of the work that goes on there is related to energy sustainability and production. This includes materials research and reactor simulation for next-generation nuclear reactors, but it also includes solar energy, wind power, coal, oil, hydrogen, etc. It does do homeland security-related stuff, specifically with detectors (to monitor ports for incoming reactor materials, etc.) but it's definitely not a military lab. I've worked at a weapons lab before -- it's a completely different environment. There was no military-style regimentation at ORNL.
Re: (Score:2)
Regarding loading firmware into ICBMS, I was a Missileer
Re:Minor bureacratic technicality to point out... (Score:4, Insightful)
My personal experience with the NMCI project (Navy-Marine Corps Intranet) is that it isn't very secure. A cheap social engineering hack such as a phone call to the tech guys will pretty much guarantee you a password to access the network. No ones getting shot or being court-martialed because the government in question is fairly incompetent to begin with.
Didn't we also have a story a little while back about Homeland Security's networks getting hacked a couple hundred times in the last two years. This isn't just a few labcoats who don't value security, the military fares no better, and neither do the Homeland Security guys.
Re: (Score:1)
Re: (Score:1)
I believe this is incorrect. As far as I know, only military personnel can be court martialled. Many, if not most, employees at military labs are PhD researchers or engineers. A mix of civil servants and contractors. There are military personnel there as well, of course.
A company I worked for was specifically targetted (Score:5, Interesting)
People in a company I was working for awhile ago received a phishing email that was targeted to us and our environment. I, and a few other people noticed something weird. I did research and realized it was phishing fairly quickly and got the network people to immediately block that site and send out mail to everybody asking anybody who visited that site before it was blocked to have their computer fully checked for malware.
I think we narrowly avoided disaster that day, and I suspect none of the security people (I was not among them) quite realized exactly what happened. I was immensely surprised by how targeted it was.
I can easily understand why a user might've been taken in, and I don't blame them at all. I found the whole thing very unsettling.
Re:A company I worked for was specifically targett (Score:3, Informative)
Re:A company I worked for was specifically targett (Score:1, Funny)
My dearest Omnifarious.
Compliments of the day. My name is Mr.Moses Odiaka.I work in the credit and accounts department of Union Bank of NigeriaPlc,Lagos, Nigeria. I write you in respect of a foreign customer with a Domicilliary account. His name is Engineer Manfred Omnifarious. He was among those who died in a plane crash here in Nigeria during the reign of late General Sani Abacha.
Since the demise of this our customer, Engineer Manfred Omnifarious, who was an oil merchant/contractor, I have kept a clos
Re:A company I worked for was specifically targett (Score:2)
People in a company I was working for awhile ago received a phishing email that was targeted to us and our environment. I, and a few other people noticed something weird. I did research and realized it was phishing fairly quickly and got the network people to immediately block that site and send out mail to everybody asking anybody who visited that site before it was blocked to have their computer fully checked for malware.
Check each computer to see if it is running Windows, and it it is, remove it. There you go, no more phishing problems.
Re: (Score:2)
Actually, that isn't a solution. People working on Linux desktops can be tricked into entering their logins and passwords just as readily as people working on Windows desktops. Also, if you know the environment well enough, Firefox has enough holes that PCs can still become infected with malware. With the way most corporations standardize applications and rollout you can learn what version of various things everybody's desktop is likely to have and specifically target your malware at it.
Something you ca
Guns just not enough to defend their turf (Score:5, Funny)
Mushroom clouds be in order, beeyach!
Re: (Score:1, Funny)
Re: (Score:1)
This wouldn't have happened if (Score:1, Offtopic)
the information almost certainly wasn't classified (Score:5, Informative)
Brett
Re:the information almost certainly wasn't classif (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Oh, and I have full access to it.
Re: (Score:2)
And I guarentee that unclassified laptop n
Re: (Score:2)
He said secret or above (Score:2)
But most likely the article is some activist trying to stir up FUD, or just the usual sloppy, lazy journalism.
Re: (Score:2)
Now, who knows what kind of stuff is rated less than secret. It's probably somewhere in sensitivity between the bills for the Coke machines and Osama bin Laden's cell phone number.
But most likely the article is some activist trying to stir up FUD, or just the usual sloppy, lazy journalism.
Actually Osama's satellite phone number is not secret at all. But he has not used it in a long time, some sources indicate it was last used in 1998. The number is 00 873 682 505 331. He may have a regular cell phone that he uses now (assuming he is still alive) but if so, I'm not sure even the DoD knows it.
Re:the information almost certainly wasn't classif (Score:2)
Of course it takes just one wise guy to bring his laptop home, hook it up to the Internet, get pwned, then re-attach it to the classified network again, and presto -- your malware has access to the classified network! Now it can collect "interesting" information to its heart's content, and the next time the guy brings his
Re:the information almost certainly wasn't classif (Score:1, Interesting)
I think you mean:
*because classified networks are supposed not connected to the outside world*
As other people have already said, policy and reality are 2 different things. I've done some contract work for my state police headquarters and was shocked to find an unsecured, dhcp enabled wireless gateway accessible from outsid
Re: (Score:2)
Maybe it's just a clever ploy (Score:2, Funny)
Speaking for the competition... (Score:4, Informative)
The Oak Ridge labs safety and security records are both far superior to Los Alamos. (While neither location has a perfect record, even non-serious rated incidents at ORNL have averaged many years apart. There has never been a security incident involving the ORNL facilities that didn't end up with the FBI at least knowing exactly what information was compromised, who did it, and who got it in the end, while there are three incidents on record for LA that no investigator can tell the congressional oversight committee just what may have been stolen, if they are confident they found everyone who did it or not, or if a particular hostile foreign government may possibly have ended up getting the info.).
There's also the Argonne labs in the Chicago area. Arguably, if there's some reason not to transfer more of LAs work to OR, they are also a better prospect if the US really cares about security. Los Alamos has had several opportunities to clean up their act - the problems are apparently systemic, and nothing short of major funding losses seems at all likely to motivate them at this point.
Mod Asshat down (Score:1)
Re: (Score:1)
Re: (Score:2)
Re:Speaking for the competition... (Score:5, Interesting)
Is social engineering hacking? (Score:2)
Re: (Score:2)
Re: (Score:2)
A call for a bit of sanity (Score:4, Informative)
Re: (Score:1)
Re: (Score:1)
Who the hell needs (Score:2)
So easy a drug dealer could do it. (Score:2)
A Navy perspective. (Score:2, Funny)
Hey, where I work we don't talk like that. I interpret that to be a politically correct, human resources filtered, public official sanctioned version of the statement: "They're about as secure as a hooker's panties on New Years Eve in Times Square."
I could be wrong, of course.
Re: (Score:1)
Sloppy Journalism (Score:1)
Re: (Score:1)
---
LANL and ORNL aren't "military" labs.
They are Department of Energy labs. ORNL doesn't even deal with weapons.
>
> classified information out of Los Alamos
Jessica the Q wasn't a drug dealer. It was her roomate.
Apt Acronym (Score:1)
Not defense labs (Score:3, Informative)
These labs are run by the Department of Energy, not Defense.
They are not defense labs, they are scientific research institutes.
They also provide several large experimental facilities (>$200M) that universities could never afford to run, that give free access to profs who want to use them.
Re: (Score:2)
DOE labs have more important secret GOV info than the DOD does. These are the people who test and design our Nukes and create other technologies most of us will never hear about.
Our enemies would much rather hack the DOE than the DOD.
POGO not trustworthy source. (Score:2, Informative)
Don't you guys know?! (Score:2)
With top secrets spilling left and right (Score:2, Interesting)
UFO Conspiracies?, Kennedy Assassination Conspiracy?, Secret Commissions Directing Foreign Policy?, Bah phoey!
Lets face it, nothing as big as the Atomic bomb, or as small as Monica Lewinsiki's cigar stays secret for long.
We might as well do nuclear research live on CSPAN, at least then only 5 or 6 people will see it.
Re: (Score:1)
What I don't understand is ... (Score:2)
The Chinese are behind it (Score:2)
According to ABC News and several other news outlets, authorities have tracked the hacker attacks [go.com] back to China.
This is not too surprising, since several recent high profile hacker attacks have originated from china targeting [arstechnica.com] various countries [timesonline.co.uk] around the world. [news.com.au] It's nothing new that China is continuing to hack into our top secret and sensitive installations.
In the coming days, you can expect China to adamantly deny any involvment, just as they have when earlier this year the German, UK, Australian and US
Why any IT security person still have their job? (Score:2)
The offices I'm tasked with securing have 2+ unconnected networks - 1+ for LAN access, and 1 for Internet access. NONE of the computers are connected to the LAN(s) and the Internet. Bridging your network to the outside World is how all these fools get hacked.
This is NOT Rocket Science.
Hackers: Please do area 51... (Score:1)
Great..... (Score:1)