US Nuclear weapons R&D labs slammed by massive cyber attack

Schadenfroh

Elite Member
Mar 8, 2003
38,416
4
0
http://www.isssource.com/oak-ridge-fights-off-cyber-attack/
After a sophisticated cyber attack that forced Oak Ridge National Laboratory to shut down its Internet connection for two weeks, employees are now back on line.
...
Laboratory Director Thom Mason has characterized the remotely directed attack as an Advanced Persistent Threat, which takes hold unobtrusively and gradually broadens its reach inside computer networks in an effort to steal technical data and intellectual properties.
...
The lab’s investigation, beefed up by experts from other national labs, federal agencies and computer-related companies, indicated the malware entered ORNL systems April 7 after multiple lab employees clicked on a link in a phishing email disguised to look like benefits information from ORNL’s human resources department. A temporary vulnerability in the Internet Explorer software facilitated the entry.

As many of you know, Oak Ridge and Y-12 manufacturers and researches nuclear weapons and their components. It is also home to some of the most powerful supercomputers in the nation as well as cutting edge energy and climate change research.

Looks like a targeted phishing attack, possibly browser exploit? Somehow, I doubt they were after our nation's climate change research...

Care to place any bets on which nation's "rogue, misguided patriots" committed this attack?
 

PokerGuy

Lifer
Jul 2, 2005
13,650
201
101
Can someone explain to me why the hell critical systems and nuclear weapons research information is connected to the internet at all? With the cost of computers and equipment so low these days, there's no reason you can't segment out all that stuff and make it so that 'everyday use' computers that are hooked up to the internet (and thus exposed to attack) are not connected to the secret good stuff.
 

MotF Bane

No Lifer
Dec 22, 2006
60,801
10
0
Can someone explain to me why the hell critical systems and nuclear weapons research information is connected to the internet at all? With the cost of computers and equipment so low these days, there's no reason you can't segment out all that stuff and make it so that 'everyday use' computers that are hooked up to the internet (and thus exposed to attack) are not connected to the secret good stuff.

Good security is inconvenient and expensive.
 

PokerGuy

Lifer
Jul 2, 2005
13,650
201
101
Good security is inconvenient and expensive.

Yeah, that's true, and if we were dealing with "general" kind of stuff, that would be a good reason to lean more on the cost/convenience side of things, but when it comes to top secret sensitive stuff, it makes absolutely no sense to me why that information is in any way connected to the internet directly.
 

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
Israel could well be in the running too as the hackers.

But I agree, there may be something vastly wrong with the computer security at Oak Ridge. But maybe not if no sensitive data was compromised.

The oak ridge folks were kinda mum on that subject, even if they confessed the hack took a full eight days to clean out.
 

rcpratt

Lifer
Jul 2, 2009
10,433
110
116
Can someone explain to me why the hell critical systems and nuclear weapons research information is connected to the internet at all? With the cost of computers and equipment so low these days, there's no reason you can't segment out all that stuff and make it so that 'everyday use' computers that are hooked up to the internet (and thus exposed to attack) are not connected to the secret good stuff.
I seriously doubt that they allow critical systems to be connected.
 

Pens1566

Lifer
Oct 11, 2005
12,615
9,729
136
Can someone explain to me why the hell critical systems and nuclear weapons research information is connected to the internet at all? With the cost of computers and equipment so low these days, there's no reason you can't segment out all that stuff and make it so that 'everyday use' computers that are hooked up to the internet (and thus exposed to attack) are not connected to the secret good stuff.

If it's a classified system, it isn't connected. I'm guessing the infected machines were personal office pcs used for non critical work.
 

Fear No Evil

Diamond Member
Nov 14, 2008
5,922
0
0
Israel could well be in the running too as the hackers.

But I agree, there may be something vastly wrong with the computer security at Oak Ridge. But maybe not if no sensitive data was compromised.

The oak ridge folks were kinda mum on that subject, even if they confessed the hack took a full eight days to clean out.

Jesus H Fucking Christ, can you NOT bring up Israel in a thread?
 

sao123

Lifer
May 27, 2002
12,653
205
106
Israel could well be in the running too as the hackers.

But I agree, there may be something vastly wrong with the computer security at Oak Ridge. But maybe not if no sensitive data was compromised.

The oak ridge folks were kinda mum on that subject, even if they confessed the hack took a full eight days to clean out.



lollerskates... you couldnt resist could you.
israel already has nukes... they dont need our nuclear secrets.
 

ElFenix

Elite Member
Super Moderator
Mar 20, 2000
102,373
8,497
126
1st rule of security is never click on links in email.
 

davmat787

Diamond Member
Nov 30, 2010
5,512
24
76
This news seems relevant, although it could deserve its own thread.

US warns: hack us, and we might bomb you

“Certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners,” says the document. “When warranted, the United States will respond to hostile acts in cyberspace as we would any other threat to our country.”

Military force will only be used as a last resort after other diplomatic and economic remedies are attempted, but the US government has certainly realized the value of the Internet and has no intention of sitting quietly while corporate and governmental computer systems are attacked with impunity.

http://arstechnica.com/tech-policy/...-military-response-to-severe-cyberattacks.ars
 

MotF Bane

No Lifer
Dec 22, 2006
60,801
10
0
We have 300 million people; including multiple generations of computer-savvy users. And yet we'd have to resort to bombing people, instead of just magically fragging their entire networks from home? :/
 
May 11, 2008
20,868
1,197
126
Israel could well be in the running too as the hackers.

But I agree, there may be something vastly wrong with the computer security at Oak Ridge. But maybe not if no sensitive data was compromised.

The oak ridge folks were kinda mum on that subject, even if they confessed the hack took a full eight days to clean out.

I doubt that Israel is behind the attack. Are Israel and the US not technological partners ? If i recall correctly, a lot of US tech beasts have research facilities in Israel. Why would there not be shared research when it comes to nuclear research ? It does not make sense.

But i agree, that kind of research should be locked out.
 

wuliheron

Diamond Member
Feb 8, 2011
3,536
0
0
We have 300 million people; including multiple generations of computer-savvy users. And yet we'd have to resort to bombing people, instead of just magically fragging their entire networks from home? :/


One such hostile act would be if a country attacked our infrastructure such at he electric grid. Bring down the grid is definitely an act of war and a possible prelude to invasion that requires swift and immediate countermeasures beyond merely hacking them back.
 

irishScott

Lifer
Oct 10, 2006
21,562
3
0
We have 300 million people; including multiple generations of computer-savvy users. And yet we'd have to resort to bombing people, instead of just magically fragging their entire networks from home? :/

Why not a combo? Trace the attack, figure out where the "misguided patriots" are hacking from and send in a couple of B-2s. Nice and targeted, sends a clear message.
 

wuliheron

Diamond Member
Feb 8, 2011
3,536
0
0
China's just fishing again boys. A few years ago they proved so competent and sneaky at stealing secrets from the government they helped rewrite the book on security. Now they're trying computer hacking and by all accounts they aren't terribly good at it and haven't gotten much of any use. The real experts at hacking foreign computers is likely the US.
 

rudder

Lifer
Nov 9, 2000
19,441
86
91
We have 300 million people; including multiple generations of computer-savvy users. And yet we'd have to resort to bombing people, instead of just magically fragging their entire networks from home? :/

Not everyone is patriotic enough to join in on counter attacking a cyber threat. A counterattacks effectiveness would be diminished because the participants would be too busy arguing dem vs rep.

Bomb them so bad the only way they can use a computer is one of those $100 hand cranked laptops.
 

MotF Bane

No Lifer
Dec 22, 2006
60,801
10
0
Not everyone is patriotic enough to join in on counter attacking a cyber threat. A counterattacks effectiveness would be diminished because the participants would be too busy arguing dem vs rep.

Bomb them so bad the only way they can use a computer is one of those $100 hand cranked laptops.

My point is not to bury them with numbers, but that with such a large computer-literate pool, we should have some people as skilled or more so than the attackers.
 

rudder

Lifer
Nov 9, 2000
19,441
86
91
China's just fishing again boys. A few years ago they proved so competent and sneaky at stealing secrets from the government they helped rewrite the book on security. Now they're trying computer hacking and by all accounts they aren't terribly good at it and haven't gotten much of any use. The real experts at hacking foreign computers is likely the US.

http://www.zdnet.com/news/report-us-net-traffic-was-hijacked-through-china/485082

Not terribly good at it.. hmm.