Dept. of Energy Compromised 159 Times Over Four-Year Period

An anonymous reader writes: USA TODAY obtained records through a Freedom of Information Act request indicating that the U.S. Department of Energy was targeted by over a thousand cyberattacks between October 2010 and October 2014. 159 of the attacks were successful in compromising some level of security. "Energy Department officials would not say whether any sensitive data related to the operation and security of the nation's power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved. ... The National Nuclear Security Administration, a semi-autonomous agency within the Energy Department responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period, records show. ... Records show 53 of the 159 successful intrusions from October 2010 to October 2014 were 'root compromises,' meaning perpetrators gained administrative privileges to Energy Department computer systems."

Really?

[freeze128]

They should really install a UTM appliance

Re:

[iggymanz]

oh my sides hurt!

usually UTM from big network iron vendor == very poorly maintained Linux system with more holes than a fishnet

rooted or Administratored?

[iggymanz]

eom

Re:

[coolmoe2]

If you think that the govt has ever had security under any administration clearly you have never dealt with govt IT systems. Do you seriously think that any administration has the time or effort to micromanage their IT staff when they can barely get things like department heads in place. Obama has a lot of problems but this one is not one of his exclusively.

Re:The Obama administration

[HiThere]

Well, Obama promised that his administration would be more open. He just didn't mention that this would be due to non-US governmental agents. (OK, Snowden used to be a government agent, but he hasn't been since he started making Obama's promise true.)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Tablizer]

Like the private sector has had a good record on this?

Re:

[coolmoe2]

Whats next? perhaps if Trump plays his cards right he can get Ann Coulter to be secretary of state. I think he can help us win the race to the bottom.

Re:

[Tablizer]

She can peak out her window to see if Putin is trying to log in.

Ran by the same government?

[Opportunist]

I that run by the same government that wants to collect all our private data for security reasons?

Re:

[cascadingstylesheet]

I that run by the same government that wants to collect all our private data for security reasons?

Yes, that's right, by Obama's government. He's been the chief executive since 2009.

That's what people wanted right, "progressive"-ly more Orwellian?

Re:

[Opportunist]

Yeah, because every government worker got replaced in 2009, all the awesome officials we had before have been replaced by the idiots we have now. But luckily we will be getting the awesome ones back come next election.

Please. Don't pretend elections would change jack shit here.

Wooo Over a 1000!

[TechyImmigrant]

I log in a root to the server of my HOA:

Last failed login: Sat Sep 12 11:52:54 PDT 2015 from 43.229.53.41 on ssh:notty
There were 59462 failed login attempts since the last successful login.

So over 59000 attempts since last week, on a server with nothing of interest to anyone.

Re:

[shanec]

just move the listening port to something other than 22 for fucks sake.

Which will move their attempts to another port. ...Oops, sorry. Forgot to say "for fucks sake."

The way you solve this, is by installing Fail2Ban (and change the default time) or other similar products. Automatically utilizing the system firewall (iptables and the like) to prevent them from even trying.

And yes, 59,000 attempts is a problem that needs to be addressed. If for no other reason, than it's stealing bandwidth, and slowing down the entire server / connection.

Re:

[TechyImmigrant]

Well strong passwords solve the primary problem.

The connection can handle it. But Fail2Ban is just one of the things in my life I haven't got around to yet.

Re:

[TechyImmigrant]

I am a cryptography goon for a big company. I suspect it's more than just normal probe attempts and someone thinks there's more in my servers than there really is.
 

Re:

[Anonymous Coward]

Moving the service to another port does help. The chinese scanners et al don't scan all of the ports, only some (the way nmap does by default). Just choose one that's not on /etc/services and if it doesn't help, try another one. I've changed to an alternate port and haven't gotten a single failed attempt on the server for over 2 years (as opposed to the previous hundreds per hour).

I do also rate-limit new connections to the port with the system firewall and don't allow password authentication. Also, since I

Re:

[TechyImmigrant]

Burn in hell HOA Nazi

While I tend to agree. I'm the anti-HOA Nazi. I work to prevent the HOA doing anything beyond cutting the grass and maintaining insurance.

Talking heads ..

[nickweller]

A talking head telling us what we could read below. Is this the future of the Internet - TELEVISION ..

Dept. of Energy compromised by cyber attackers ..

[nickweller]

"Incident reports .. shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation's power grid, nuclear weapons stockpile and energy labs."

Have you considered not connecting your critical infrastructure directly to the Internet. The fact that the 'Cyber attackers' can even see your computers shows extreme complacency by whoever is in charge of your 'computers'.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[nickweller]

@toejam13: "For all we know .. there was an air gap between it and the outside .. In many cases, you just need a wireless adapter and the proper software" ..

a) We do know there wasn't an 'air gap' as the compromised servers were connected to the Internet. That's the meaning behind the words 'cybersecurity breach'.

b) An air gaped computer with a wireless adapter isn't really air gapped.

c) I never mentioned 'air gap'ed ...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Sounds like they weren't follwoing their own

[Bob the Super Hamste]

Sounds like they weren't following the guidelines that they recommend for the energy industry [energy.gov].