Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Government Security

Nuclear Regulator Hacked 3 Times In 3 Years 66 66

mdsolar (1045926) writes with this disconcerting story from CNet about security breaches at the U.S. Nuclear Regulatory Commission, revealed in a new report to have been compromised three times in the last three years: The body that governs America's nuclear power providers said in an internal investigation that two of the hacks are suspected to have come from unnamed foreign countries, the news site Nextgov reported based on a Freedom of Information Act request. The source of the third hack could not be identified because the logs of the incident had been destroyed, the report said. Hackers, often sponsored by foreign governments, have targeted the US more frequently in recent years. A report (PDF) on attacks against government computers noted that there was a 35 percent increase between 2010 and 2013.

Intruders used common hacking techniques to get at the NRC's computers. One attack linked to a foreign country or individual involved phishing emails that coerced NRC employees into submitting their login credentials. The second one linked to a foreign government or individual used spearphishing, or emails targeted at specific NRC employees, to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive. The third attack involved breaking into the personal account of a NRC employee. After sending a malicious PDF attachment to 16 other NRC employees, one person was infected with malware.
This discussion has been archived. No new comments can be posted.

Nuclear Regulator Hacked 3 Times In 3 Years

Comments Filter:
  • Good Job NRC (Score:5, Insightful)

    by Mr D from 63 (3395377) on Tuesday August 19, 2014 @09:30AM (#47702685)
    So, three times in three years, hackers get by the first line of defense (humans) and access some servers. They are identified and stopped each time. Not too bad considering the number of nutjobs out there that target them. It might actually be considered impressive. The NRC hires a lot of contractors, so the human element will always be a challenge, just like any other organization of that nature.

    The funny thing is, most NRC information is publicly available through their on-line document library. There is a very small amount of redacted intellectual property from various vendors that one might get a hold of, but any of those items are not really much different than the public information or useful to competitors. Doubts are any of these hackers would be able to do anything with it, as competitors generally already know what each other really are doing.

    Safeguards & security information could theoretically be of value to a terrorist, but is not kept on any of these common servers. It is kept in isolated, stand-alone file rooms with isolated individual computers & file cabinets and controlled access.

    I don't see really why this is any kind of news.
  • Skydrive? (Score:5, Insightful)

    by jratcliffe (208809) on Tuesday August 19, 2014 @09:39AM (#47702749)

    "to convince them to click a link that led to a malware site hosted on Microsoft's cloud storage site SkyDrive, now called OneDrive"

    Why on earth would the NRC (or any company or government entity, for that matter) not block access to all cloud storage providers, except those which are explicitly authorized?

  • by Anonymous Coward on Tuesday August 19, 2014 @09:39AM (#47702753)

    Hapless government employees fall susceptible to phishing, but OMG NUCLEAR REGULATORS!!!111!!!1eleventyone!!1!

    Why do I have a feeling that if this happened to any other Federal department, we'd never hear about it?

  • Re:mdsolar again? (Score:2, Insightful)

    by mdsolar (1045926) on Tuesday August 19, 2014 @10:37AM (#47703163) Homepage Journal
    Slashdot is powered by your submissions. If you don't want to contribute, maybe it is better to stop trolling all the time.

Beware the new TTY code!