Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nuclear Agency Worker Information Hacked

Zonk posted more than 8 years ago | from the does-that-seem-unusually-bad-to-anyone-else dept.

112

Juha-Matti Laurio writes to mention a Reuters report about a fairly worrying case of identity theft. A determined hacker gained access to the U.S. National Nuclear Safety Administration's records and made off with the information for over 1,500 employees and contractors. From the article: "The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA. An NNSA spokesman was not available for comment."

cancel ×

112 comments

Sorry! There are no comments related to the filter you selected.

te (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15510341)

PENIS

Luckily... (5, Funny)

Funkcikle (630170) | more than 8 years ago | (#15510345)

"An NNSA spokesman was not available for comment."

Shouldn't be too hard to track down now, though. Phew!

So wheres the Glowing report on this?? (3, Funny)

RobertLTux (260313) | more than 8 years ago | (#15510358)

just to get the joke out of the way

Re:So wheres the Glowing report on this?? (0)

Anonymous Coward | more than 8 years ago | (#15510424)

It LEAKED out :D

Re:So wheres the Glowing report on this?? (3, Funny)

tacarat (696339) | more than 8 years ago | (#15510515)

I wonder what the fallout will be...

Re:So wheres the Glowing report on this?? (0, Redundant)

hamburger lady (218108) | more than 8 years ago | (#15510544)

i think the issue is pretty radioactive.

Re:So wheres the Glowing report on this?? (3, Funny)

tacarat (696339) | more than 8 years ago | (#15510593)

I'm suprised they didn't just bury the matter completely.

Re:So wheres the Glowing report on this?? (1)

TubeSteak (669689) | more than 8 years ago | (#15511909)

Well, not in my backyard!

What kind of systems were involved? (0)

Anonymous Coward | more than 8 years ago | (#15510366)

What kind of systems were involved? Specifically, what operating system(s) were they running? Is this just a typical case of a Windows-based server being compromised? Or does it involve a Linux or Solaris server that was in some way vulnerable to attack?

Re:What kind of systems were involved? (1)

proudhawk (124895) | more than 8 years ago | (#15510676)

well,
considering that a large part of the government
went to windows 10 years ago (I know, I had family
working in government at the time and they all thought
it was a BAD IDEA because of security risks) it would
not surprise me in the least that this is precisely
how it was done.

I hate to say this, but government should have stayed with
UNIX (SVR4) or converted to BSD (OpenBSD is my favorite
for security stuff).

Still, I think it was a matter of someone paying a
talented skript-kiddie to do this job. IMHO, no
self-respecting hacker would want the trouble that
breaking into a government system would attract.

p. please mod this "informative" as that is pretty much what it is. thnx.

Re:What kind of systems were involved? (0)

Anonymous Coward | more than 8 years ago | (#15511002)

Actually, it was not 10 years ago. Parts switched over the last 20 to windows, but during the time of Clinton, he allowed each department to decide how to handle their computers. With W., the white house has systematically gone through and pushed Windows on all but the NSA and CIA. And even there they tried, but it was shot down by nearly 100% of the employees.

Re:What kind of systems were involved? (1)

proudhawk (124895) | more than 8 years ago | (#15511521)

heheh,
yeah, it figures both CIA and NSA would be able to shoot that down
(they would have MOUNTAINS of evidence pointing to security flaws
in M$ Windows thus making it "unsuitable for use in a secure environment").

I am rather surprised this was allowed to happen in the NNSA and the NRC.

ah well, thats what happens when you get a $100 Billion dollar company
throwing around gobs of cash to have things their way.

Re:What kind of systems were involved? (0)

Anonymous Coward | more than 8 years ago | (#15512477)

You do not need a 100 billion company throwing around gobs of cash. Just simply have to have a highly corrupted admin/congress in place. They will take minor amounts of cash as has been shown by jack Abramoff. In a number of cases, he was able to get buyoffs on very little cash.

Re:What kind of systems were involved? (1)

WaterDamage (719017) | more than 8 years ago | (#15511836)

*NIX isn't any safer than Windows! I've worked in net and OS security for years and I've found that neither one is any safer than the other. The safest route would be completely create your own OS from scratch and then kill all the developers to prevent the source code and internals of the OS from ever leaking. Hackers will still go after it but it will be far much more difficult when they have to learn from scratch and with no knowledge of the OSes internal structure.

Re:What kind of systems were involved? (1)

Bobsledboy (836872) | more than 8 years ago | (#15512027)

Security through obscurity is no better than having no security at all.

Huh? (1)

Doytch (950946) | more than 8 years ago | (#15510367)

Can someone please tell me why employers need all sorts of information about contractors when they're not even technically employing them?

Oh ya, it's the government, I forgot.

Re:Huh? (4, Insightful)

the eric conspiracy (20178) | more than 8 years ago | (#15510406)

Uhhhh.... maybe because these contractors are handling classified information such as the location of various and sundry nuclear waepons and other realtively sensitive information??????

Re:Huh? (0)

Anonymous Coward | more than 8 years ago | (#15511145)

Or maybe just because it's hard to cover Social Security payments without their Social Security number? Or to mail a paycheck to someone if you don't know their address?

Re:Huh? (1)

secolactico (519805) | more than 8 years ago | (#15510413)

I dunno. Maybe security clearance? I guess the dept of energy is pretty sensitive when it comes to nuclear plants, so I guess a thorough background check is required to work in them. (Just guessing here).

Of course, the irony would be how security information was stored insecurely enough to be stolen.

Re:Huh? (4, Insightful)

packeteer (566398) | more than 8 years ago | (#15510419)

When dealing with nuclear security (not nucular like bush says) i expect them to have all kinds of background on contractors. When safety is an issue you need to know this stuff. You are right though that sometimes the government is overzelous but in this case i think its warranted.

Re:Huh? (0)

Anonymous Coward | more than 8 years ago | (#15510793)

Don't be so harsh on people who say 'nucular.' I say that and I was a qualified reactor operator. It is not that uncommon in the nuclear industry because we talk about things like reactor startups, valve linups, equipment tagouts (or lockouts in certain places), operating procedure X.Y, etc., but we rarely say the word 'nuclear.'

Also, the fact that I grew up in Montana doesn't help (they still use the word youzeguys there). If you think calling 'nuclear' 'nucular' is bad, then you should try to get an British man to say 'advertisement' correctly (and by correctly, I mean the American way damnit!).

Re:Huh? (0)

Anonymous Coward | more than 8 years ago | (#15510465)

If this post wasn't a troll, you sir are the biggest idiot ever.

Re:Huh? (0)

Anonymous Coward | more than 8 years ago | (#15510526)

The Department of Energy National Lab "employees" are mostly
contractors, and most other DoE facilities have a lot of
contractors working in various roles in the department. It
is the US Government way.

Evil geniuses of the world... (1)

creimer (824291) | more than 8 years ago | (#15510369)

Just when I'm on the verge of downloading the programs to simulate a nuclear bomb on a cluster of Playstation 2's, they booted me out and changed the password. This sucks!

Re:Evil geniuses of the world... (1)

TwilightSentry (956837) | more than 8 years ago | (#15511094)

NTWD (NSA TERRORISM WIRETAP DEAMON) AUTOMATED NOTIFICATION:

Your use of the words:
nuclear
bomb
password
downloading
the

Indicate that you are probably a terrorist. Please report to:
1234 NSA Way
Redmonton, DC

Special thanks to AT&T.

Big Trouble (1)

Umbral Blot (737704) | more than 8 years ago | (#15510372)

I assume, and hope, that the systems broken into were completely independant from launch control.

Re:Big Trouble (3, Funny)

ds_job (896062) | more than 8 years ago | (#15510433)

Yeah. To get access to that you need an acoustic coupler and just dial a load of numbers in Sunnyvale California. I believe the industry standard for back-door passwords is "Joshua"

Re:Big Trouble (1)

Schraegstrichpunkt (931443) | more than 8 years ago | (#15510463)

Ah, but even if you get to launch control, you still have to know the unlock codes [cdi.org] .

Re:Big Trouble (1)

Kent Recal (714863) | more than 8 years ago | (#15510796)

Those are no big obstacle anymore. They were changed to 12345 for dubya. Ya know, he's not so good with remembering things.

Re:Big Trouble (1)

FhnuZoag (875558) | more than 8 years ago | (#15511046)

You'll find out in exactly 15 minutes and 22 seconds.

Heads should roll! (0, Flamebait)

postbigbang (761081) | more than 8 years ago | (#15510378)

Sorry, I forgot. They do that in the Middle East.

Re:Heads should roll! (0)

Anonymous Coward | more than 8 years ago | (#15510690)

Oh, they're pretty good at it in the Far West. The USA is one of the countries who carry out more executions in the world...

Re:Heads should roll! (1)

HappyDrgn (142428) | more than 8 years ago | (#15510774)

Sorry, it's China who does the most executions, not the U.S.:

"China performed more than 3400 executions in 2004, amounting to more than 90% of executions worldwide." http://en.wikipedia.org/wiki/Death_penalty [wikipedia.org]

The US is in third place at 1.6% of all executions, behind Iran. Maybe next time your knee jerk U.S. response will have merit.

Re:Heads should roll! (1)

LegendLength (231553) | more than 8 years ago | (#15511159)

Oh, they're pretty good at it in the Far West. The USA is one of the countries who carry out more executions in the world

Bit different when they've been tried first. Don't let a small technicality like that get in the way of your beliefs though!

Matter of national security? (1)

Reverse Gear (891207) | more than 8 years ago | (#15510392)

This is truly troubeling news
Of course there is the chance that we have some James Bond plot underway and that it is some of the really bad guys that have cracked their way to this information. Chances are that this is not the case, but I'll bet this information is now for sale for whoever would be willing to pay the right price.
Saudi Arabian wealthy people and others might be willing to sponsor those that should not get their hands on information of this kind.
Sure having information on workers does not directly give access to the nuclear warheads, but it brings you one step closer.

I don't understand why the articles focus on why the notification didn't get to whatever comitee fast enough. Unless I get something wrong this is a matter of national security (and since the nation in question is the US that also means worldwide safety) and then those that needs to be notified ASAP is the some military people and the president, which probably has happened.

Re:Matter of national security? (0)

Anonymous Coward | more than 8 years ago | (#15510516)

Unless I get something wrong this is a matter of national security (and since the nation in question is the US that also means worldwide safety)

Well, Ill sleep better at night knowing our security is in the hands of cowboys. Yankie, go home. Become a Nation, get the fuck off our soil then you can cry about "NATIONAL" security all you want on Fox News and preach to the choir 24/7, we are sick of hearing it.

Re:Matter of national security? (1)

retrosurf (570180) | more than 8 years ago | (#15510753)

Troubling indeed. In 2003 the GAO found that their oversight of
contractors was lacking [gao.gov] . The NNSA got a panel together to review the issues mentioned by the GAO, and after a couple of years came up with the Mies report. Here's an overview of that [doe.gov] . Chapter 5, "Cyber System Security" mentions a lack of secure voice and data networks.

If you want to talk about security problems, this is the worst possible
situation. NNSA is responsible for security operations of contractors at
nuclear facilities, and has itself been breached.

It would be ironic if Dr. Rice's "mushroom cloud" smoking gun turned out
to be from nuclear material MADE PROUDLY IN THE USA.

Matter of personal security. (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511561)

The most likely or immediate threat would be to the personal security of the employees and contractors.

Why aren't laws in place.... (4, Informative)

Crasoum (618885) | more than 8 years ago | (#15510393)

Why aren't laws in place that REQUIRE, on a FEDERAL level people to report to the Attorney General, the company(s) involved with the theft, and the actions taken? California has something close to it, but something nation wide would be nice for the FASTEST growing crime in the US. http://www.usps.com/postalinspectors/idthft_ncpw.h tm [usps.com] . (source)

The excuse they used that "We thought they knew" is total crap, you'd figure when the head of NNSA says to the ED "Oh hey, we had a security breach where information on 1500 people was stolen, just so you know" Bodman would say "Woooh there, what have you done about it?" as opposed to you know, saying "Mm kay, how about them bears?" and brushing it off...

Re:Why aren't laws in place.... (0)

Anonymous Coward | more than 8 years ago | (#15510511)

Because that would go against the conservative ideal of smaller government. Of course, this ideal only stands when dealing with accountability. In situations of power expansion or intelligence gathering, the largest goverment possible is the ideal.

Re:Why aren't laws in place.... (0)

Anonymous Coward | more than 8 years ago | (#15510595)

Pls see the comment here: http://it.slashdot.org/comments.pl?sid=188109&cid= 15510565 [slashdot.org] The government has taken an incredible response, with a team of about 50 investigators inside of just DOE itself, nevermind all the interagency cooperation.

Crypto-Gram (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511554)

Bruce Schnier wrote about this in the most recent Crypto-Gram [schneier.com] . The reason is that there is tremendous lobbying pressure being applied to Congress to water down this legislation, and trump the more effective state laws in the process.

Write your Senators and Congresspersons.

9 months!#$ (1)

mikesd81 (518581) | more than 8 years ago | (#15510405)

Why did it take them 9 months to be told of this?

You would think one of the Net Admins would have looked @ those logs in the last 9 months. Or something would have been found out of whack?

The NNSA is a semi-autonomous arm of the Energy Department and also guards some of the U.S. military's nuclear secrets and responds to global nuclear and radiological emergencies.

That's just great. So for 9 months someone that shouldn't has had access? Something just isn't right lately with our gov't security.

Re:9 months!#$ (1)

Cheapy (809643) | more than 8 years ago | (#15510474)

I think they knew of it, just decided it would hurt National Security if they told the people about it. Or whatever the government says is at stake to with hold information from people.

Re:9 months!#$ (2, Insightful)

mikesd81 (518581) | more than 8 years ago | (#15510528)

The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA.

It's different than telling the public.

Re:9 months!#$ (1)

mdfst13 (664665) | more than 8 years ago | (#15510529)

"So for 9 months someone that shouldn't has had access?"

Not as I read it. They cut off the access nine months ago. They're only now telling their bosses that they did it. This snippet from the article explains this, "According to Barton, the NNSA chief knew about the incident soon after it happened in September but did not inform Energy Department officials, including Bodman, until Wednesday."

Personally, I don't care if he notified the Secretary of Energy. He should have notified someone like the FBI and the 1500 employees/contractors. The article implies that he did not notify the workers.

Re:9 months!#$ (1)

tacarat (696339) | more than 8 years ago | (#15510552)

Why did it take them 9 months to be told of this?

You would think one of the Net Admins would have looked @ those logs in the last 9 months. Or something would have been found out of whack?


The Net Admins probably informed the correct people as soon as they found out. The issue is that proper notifications weren't made to people higher in the hierarchy. Non-IT management/workers obviously didn't have thier own procedures for dealing with these matters. Even a one page checklist would have done better than the assumputions they were making.

Just Goes to Show You... (1)

repruhsent (672799) | more than 8 years ago | (#15510408)

...Linux is NOT ready for the enterprise.

The REAL Crux of the problem (4, Insightful)

erroneus (253617) | more than 8 years ago | (#15510417)

When a few numbers can be used to perpetrate ID fraud, we have a problem. This problem was made possible by the use of the Social Security Number as a "federal serial number." The abuse of the SSN for anything BUT Social Security accounting purposes needs not only to be "discouraged" as it presently is, it needs to be made ILLEGAL.

If you want credit, go apply to the credit agencies the way they once did and use other companies as a reference the way things used to be in the good ole days. What does getting credit or a bank account have to do with your social security account anyway? Why does supplying my social security number become a requisite for getting a bank account? In some states, your SSN is also your driver's license number.

It's "convenient" for the government and all agencies and companies interested in collecting massive pools of information on single individuals. That's kinda the problem. That's been the argument for decades since the inception of the SSN.

We'll always be vulnerable as individuals because we cannot do anything about anyone else having our information... we don't even know who has it. We're ultimately powerless until we can have the use of the SSN for anything but Social Security accounting made illegal.

Re:The REAL Crux of the problem (1)

dave562 (969951) | more than 8 years ago | (#15510467)

We're ultimately powerless until we can have the use of the SSN for anything but Social Security accounting made illegal.

And then once the use of the SSN becomes illegal, someone is going to have to do some clever coding along the lines of... SELECT sekritinph0 WHERE sekritinph0.IllegalizedSSN = sekritinph0.LegalReplacementIdentifer

Hmmmm, maybe I should get a patent for that while there is still time.

It's not just an ID theft problem (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15510660)

Your company phone book is stamped confidential because some attacks are harder without it. Not at all impossible, but harder. Security through obscurity is lame, if you depend on it you're worse off with it than without it, but it does make sense to add a speed bump to your other security measures.

One question spy recruiters typically ask is "can you get me a list of your coworkers?".

>also guards some of the U.S. military's nuclear secrets and responds to global nuclear and radiological emergencies.

That sounds like it might include the Nuclear Emergency Support Teams, who train to search for and disarm stolen nuclear "devices". To help them with the disarming part, they deploy with PAL codes (if you haven't heard of those, the unclassified literature describes them as kind of like the root password for a "device"). I don't want the names of the team members to be easy to find. I'd like anyone who's aiming for that information to take the risk of being noticed.

The compromise sounds like it won't do direct damage, but in the wrong hands that information could be a stepping stone to something worse.

Re:The REAL Crux of the problem (1)

WalksOnDirt (704461) | more than 8 years ago | (#15510825)

What does getting credit or a bank account have to do with your social security account anyway?

Bank accounts often pay interest, and the bank needs to send that to the IRS with your SSN. It's fairly reasonable to require the SSN to open an account, since even if the account doesn't pay interest now it might in the future.

Some interest paid on debt is deductible, so you run into similar requirements there.

Re:The REAL Crux of the problem (0)

Anonymous Coward | more than 8 years ago | (#15511088)

And I think banks are required to report currency transactions over $10,000 to the feds.

Re:The REAL Crux of the problem (1)

erroneus (253617) | more than 8 years ago | (#15511751)

Tax ID numbers are available to anyone for the asking. That number can be used.

But as for reporting income, interest and deductable expenses, I think the government should do what it used to do -- "trust" its citizens to supply the information requested. Most people would be pretty honest about most things.

The issues of invasion of privacy by our "democratic" government just doesn't feel all that democratic to me.

Re:The REAL Crux of the problem (1)

Firethorn (177587) | more than 8 years ago | (#15511187)

With all these issues, I wish I could put a permanent fraud alert on my file. The sad part is that my information keeps getting compromised enough that the annual alerts don't expire much...

I wouldn't object to a requirement of a witness, identification, and a signed contract for all credit applications.

uhhh..no (0)

Anonymous Coward | more than 8 years ago | (#15511212)

Think about it. That information was not stolen to make illegal credit card purchases, that's really small potatoes and not even close to necessary, breaking into such a server is a very serious breech, full of ramifications. Nukes are the big kahuna now. These people are the bomb makers. Now someone knows who to go to get some secret information-using any means necessary, or to set up a little on purpose monkey wrenching, to get something sabotaged, but my guess is to try and get intel. The people who broke in knew full well what agency and server they were on, they needed and wanted the list of people, and now they got it, that is the important information, not necessarily their SS. All they wanted was names, they can take it from there. Every one of those people is now at serious risk, and not just losing a few dollars type of risk.

Even Blockbuster (1)

woolio (927141) | more than 8 years ago | (#15511281)

I recently noticed that even Blockbuster lists the "SSN" as a *OPTIONAL* field on an rental application form.

WTF!?!! If it isn't required, then why even list it?

Re:Even Blockbuster (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511546)

Some companies like to have the SSN to use for collections and skip-tracing. Other companies just do it from inertia. Customers need to write to management of companies like Blockbuster and demand that they stop requesting this information.

Driver's License - Lobby Your State (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511570)

Some states have recently stopped using the SSN as the Driver's License number. Montana, for example. People 'round here have refused to let the state use their SSN number on the Driver's License, forcing the state to come up with a way to generate and handle another type of number. The State finally either got a clue, or gave up, either way, it was an improvement.

Ok, this is just scary... (1)

Pecisk (688001) | more than 8 years ago | (#15510454)

Seriously, this is real "top secret" info and goverment got it loose to some God damn hacker?

I would bet that again "cool" solutions like Microsoft Windows or Microsoft Office is involved. Or better even, unconfigured and unsecured Linux or BSD server.

Propably will be modded troll, but anyway, it is crazy and scary in same time.

Re:Ok, this is just scary... (1)

tacarat (696339) | more than 8 years ago | (#15510586)

Seriously, this is real "top secret" info and goverment got it loose to some God damn hacker? I would bet that again "cool" solutions like Microsoft Windows or Microsoft Office is involved. Or better even, unconfigured and unsecured Linux or BSD server. Propably will be modded troll, but anyway, it is crazy and scary in same time.

Not a troll :P Anyhow, I'd be willing to bet it was just some social engineering.

"Hello? Personnel? This is Paul in accounting. We just got a memo to about a new tracking item. Some contractor got hired to do some cost analysis study. They need the full details of everybody with NUKEIT clearance. Can you forward them a copy with everybody hired from 1990 to present? I'd really appreciate it."

On the other hand, anything that's actually "secret" shouldn't be on internet accessible computers. There might be issues if the personnel information turns up blackmailable material, though.

Re:Ok, this is just scary... (0)

Anonymous Coward | more than 8 years ago | (#15510834)

Seriously, this is real "top secret" info and goverment got it loose to some God damn hacker?

It's not top secret. If you want to learn what top secret is, read EO 13292 [whitehouse.gov] (which is the amended EO 12958). You'll be a little disappointed in the definition though.

A more practical definition of top secret is this: disclosure of top secret information can start a war. Disclosure of secret information can lose a war that has already been started (or may start). Disclosure of confidential information can get people killed. Generally only intelligence or active secret military operations fall into the top secret category. The list of contractors probably wasn't even classified 'Confidential.' It was probably classified "NOFORN" (as in no foreign nationals can read it), "OFFICIAL USE ONLY" with a destruction statement (so that it isn't disclosed to the public), and "RESTRICTED DATA" (which is a classification that falls under the Atomic Energy Act for anything that relates to nuclear material). Another potential warnings would be the ITAR warning (which just reiterates NOFORN).

Probably not "Top Secret" (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511599)

In most Federal organizations for most employees personnel contact and identity information is not "top secret". For this particular information, perhaps a small number of employees might fall into that category, but the bulk undoubtedly do not.

In fact, personnel contact and identity data is normally considered to be "sensitive but unclassified", which is only one notch above "display it on a public web site" and its security receives very little attention and is not taken seriously by most managers. This might be only my opinion, but it is an opinion backed up by a fair bit of unfortunate circumstantial information in the past few weeks, as well as a history of trying to get customers to take it more seriously.

I don't understand... (1)

PeterBrett (780946) | more than 8 years ago | (#15510458)

...why, when something goes wrong in an organization, does the head of organization get called on to resign, when 90% of the time the incident didn't have anything to do with negligence or error on their part?

Can someone please explain for me?

Re:I don't understand... (0)

Anonymous Coward | more than 8 years ago | (#15510576)

In this case, the NNSA administrator did know something,
but never passed it on to the Secretary of Energy,
because he thought someone else would do it according
to his testimony. But that someone else did not do it
either. Start the finger pointing! Probably the answer
will be something along the lines that many people
*should* have told the Secretary (so he was in the loop),
but that technically the responsibility was not clearly
assigned, so it was no ones fault, it was just an
oversight, or poor judgement.

Re:I don't understand... (1)

Apraxhren (964852) | more than 8 years ago | (#15510577)

Well in this case the head of the NNSA knew about the breach and didn't notify anyone of said breach which is negligence. The majority of the time they are guilty of negligence, either they knew something and did nothing or they didn't know something they should. As the head of a corporation or department you are responsible for the entire operation not just signing papers although very few do more than that.

Re:I don't understand... (0)

Anonymous Coward | more than 8 years ago | (#15511533)

Well in this case the head of the NNSA knew about the breach and didn't notify anyone of said breach which is negligence.

Indeed. They ought to be charging him with criminal negligence for keeping this under wraps for so long. So many people want the big bucks for being management but none of the responsibility that comes with it.

Re:I don't understand... (1)

Duhavid (677874) | more than 8 years ago | (#15510686)

Is the head of an organization not responsible for the
correct functioning of that organization?

And if the organization does not function, who should
be held most responsible?

Re:I don't understand... (2, Insightful)

Gary W. Longsine (124661) | more than 8 years ago | (#15511581)

Ask not why some poor little schmuck lost his job for hiring idiots and building a culture of cover-up and deceit in his organization. Ask why some other bigger schmuck did not.

What I don't understand is why we don't hold people accountable more often. It clearly is a tradition that has fallen on hard times in the U.S. In Europe it seems to be more common for government heads to be "held accountable" for the organization they run.

Terror strike team... (5, Interesting)

packetmon (977047) | more than 8 years ago | (#15510462)

The NNSA is a semi-autonomous arm of the Energy Department and also guards some of the U.S. military's nuclear secrets and responds to global nuclear and radiological emergencies. So I wonder... How long will it be before someone actually utilitizes some of the information that's being stolen. We already know the military was hit [informationweek.com] for 26.5 million records, and supposedly the Chinese are ramping up their cyberoffense and defense [fcw.com] . I'm wondering how long will it be before the ultimate "so that's what they wanted that information for" scenario comes about. It's sickening to see a country that can supposedly defend itself and the world, can't even secure their own networks. Last thing that needs to happen is this new NSA snooping database to get owned as well.

So here would be the nightmare scenario in my eyes... Hackers get DoD information from those 26.5 million VA database and slowly poison them... While the US is straddled in Iraq militarily, some country starts kidnapping those on the NNSA's list and either killing them or torturing them for information (schematics to facilities, etc.) while all this is going on, someone strikes inside the US on such a big scale, Hiroshima looks like a mild 4th of July show.... Scary isn't it? ... Luckily for us Americans, the NSA is snooping the planet [google.com] so never fear they will find the culprits... Unless of course they get pwned too.

Re:Terror strike team... (1)

grcumb (781340) | more than 8 years ago | (#15510830)

"It's sickening to see a country that can supposedly defend itself and the world, can't even secure their own networks."

Sickening, I agree, but I hope it doesn't come as a surprise. The all-too-common blindness that states, 'I don't care how it works; just make it work.' is finally exacting its toll. The stupid false alternative that assumes any criticism is an attack has made it downright dangerous for anyone to disagree, and now the price of conflating 'right' with 'agrees with me' is beginning to be felt.

It is sickening, but it's been a long time coming for anyone with eyes to see it.

Re:Terror strike team... (1)

Frightening (976489) | more than 8 years ago | (#15511227)

And the summer movie fest hasn't even started...

What you said is actually possible, but to what end? World domination? Come on now, that's just lame.
Much more likely is a telecom attack where they deliver propaganda through the media and scare everybody shitless, which would be doing G.W a big favor.

And if they ever do that, I hope they use Fox as a HQ.

Oh no! (1)

fuzzyfozzie (978329) | more than 8 years ago | (#15510469)

"We are now entering DefCon Two."

Hmmmmm..... (1)

IHC Navistar (967161) | more than 8 years ago | (#15510484)

"Want to play a game?"

China Syndrome (0)

Anonymous Coward | more than 8 years ago | (#15510532)

Cue old "safe server" jokes,,

Who is running the pool on just when critical mass will be achieved on identity theft and other privacy information related problems will be reached and the meltdown occur? Oh, nvm, you won't be able to collect or even pay the winner, even if you took all your money out of the bank you would just find yourself breaking federal law and having it taken by the DEA or Treasury Department.

Honestly, most of us here make our money with computer systems, but we are building a house of cards, albeit not with our complete approval. A more apt description might be a glass house, perhaps contrary to old proverbs we need to throw some stones.

Oh, how I miss the days when a man's word was good for a loan at the bank, a student's teacher kept records of a students behaviour (read: their opinion of) only in their minds, clerks kept knowledge of your preferences and purchases to themselves,,,,

*note to grammar nazis: instead of attacking the above please either use your blessed skills with the English language to: if you agree with what I've said - rewrite it in a more lucid and convincing fashion,,, if you disagree with it then use your skills to convince myself and other readers that I am wrong. If it makes no sense to you then don't waste your time, AC posted and will languish at 0 if it is that bad or drop to -1.

P.S. Department of Energy = nuclear power plants, U.S. National Nuclear Safety Administration is under them, not the Department of Defense = nuclear missiles etc.

Re:China Syndrome (1)

Pizaz (594643) | more than 8 years ago | (#15510645)

"Oh, how I miss the days when a man's word was good for a loan at the bank, a student's teacher kept records of a students behaviour (read: their opinion of) only in their minds, clerks kept knowledge of your preferences and purchases to themselves,,,," Wow, I didnt realize 90 year old people read Slashdot. Way to be hip grandpa!

Re:China Syndrome (0)

Anonymous Coward | more than 8 years ago | (#15510681)

P.S. Department of Energy = nuclear power plants, U.S. National Nuclear Safety Administration is under them, not the Department of Defense = nuclear missiles etc.

You don't know what you're talking about. The energy department has several functions, nuclear energy being one, nuclear weapons being another, nuclear propulsion being yet another. The NNSA is the National Nuclear Security Administration. The NNSA is a sub-division of the DOE, specifically tasked with maintaining the reliability and security of the nations nuclear weapon stockpile, along with other tasks. The NNSA comprises of the national labs, which design the weapons, assembly and disassembly facilities, which take those designs and build the bombs and do limited testing of the devices, and then places like the test site which actually detonate the bombs where necessary (although this has become rare). Then where applicable they are handed over to DOD.
Before you post and claim to know your head from your ass, it might help to visit the websites of the agencies in question: http://www.nnsa.doe.gov/aboutnnsa.htm [doe.gov]

Confessions of an NNSA contractor (5, Informative)

Anonymous Coward | more than 8 years ago | (#15510565)

This story reports things quite out of context, the more I find myself directly involved with things in the news, the more I realize its all bullshit.

Here's the actual scoop, I work as an incident response investigator for the NNSA. There are two issues being confused and placed into one, there was an incident last September, it continues on now as a series of incidents that all mesh together as being from the same source- why haven't there been arrests and such? because it requires the cooperation of the foreign nation in question. Last month a service center in new mexico was broken into as part of the larger incident. This was a result of an attack using zero-day that at the moment is still unpatchable (no patch exists).

This is what is now being reported as a result of congressional hearings that took place. The information itself was not stolen almost a year ago, but rather less than a month ago, but the incident as a whole has been going on much longer than that. Alarms went up all over the place when this occured and everyone with a need to know was informed.

So to summarize, two related incidents, the first starting last September, and one occuring last month. The personal data was taken last month as part of the larger incident but is being reported as the data was stolen in september, which is incorrect.

Re:Confessions of an NNSA contractor (0)

Anonymous Coward | more than 8 years ago | (#15510630)

don't let the story or words of politicians fool you, everyone in the right places knew. Tom Pyke was only made CIO in April, this was the result of, among other things, his predecessor handling these series of incidents horribly. Then we also have William Hunteman who made CISO around the same time for some of the same reasons.

So let me ask you, how do you replace CIOs and CISOs without any top brass knowing?

Re:Confessions of an NNSA contractor (1)

grcumb (781340) | more than 8 years ago | (#15510845)

"Last month a service center in new mexico was broken into as part of the larger incident. This was a result of an attack using zero-day that at the moment is still unpatchable (no patch exists)."

What are you talking about? If there's no readily available patch, then you inspect the source and assign someone to patch the flaw. Sheesh!

And what was sensitive information doing sitting on a system which is breakable via a single exploit?

Re:Confessions of an NNSA contractor (0)

Anonymous Coward | more than 8 years ago | (#15510887)

You must live in a small and unrealistic/idealistic world. First you presume the source is readily available, which is incorrect. First what must happen is the exploit has to be analyzed to figure out what the bug is exactly and where it occurs, then you have to inspect the flow of the affected program to see what can be patched exactly (this is more complex than it initially sounds), then the patch must be created, which because it is a binary patch is a little more involved than a source level patch, then the patch must be tested, if it fails then repeat loop, otherwise you now get to start the process of getting the patch approved, and then even once it has been validated, the individual sites may not want the patch nor apply it.

This makes a rather long process, and often by the time its done a vendor supplied patch has been provided, which there is a scheduled patch coming out in a few days for this bug, which would make most of that work moot, go figure.

And what was sensitive information doing sitting on a system which is breakable via a single exploit?

I suppose you would have your secretaries, hr and background investigative departments guess at the various numbers and data they need. 'hrm this guy looks like a Fred, and he looks like he is from Colorado..'. *ALL* systems are 'breakable via a single exploit' provided you have the correct exploit under the right conditions.

You can return to your idealistic world now.

Re:Confessions of an NNSA contractor (1)

grcumb (781340) | more than 8 years ago | (#15511169)

"You must live in a small and unrealistic/idealistic world."

I do, and my small, idealised world has been attacked, but never 0wned. Which is why I'm happy I'm here.

Bullshit (was: Confessions of an NNSA contractor) (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15511621)

Bullshit.

An incident response investigator for the NNSA would be fired for posting something like this to Slashdot. Furthermore, they probably wouldn't take the risk, because they would be smart enough to know that it wouldn't be hard for someone familiar with the group's writings to figure out who you are, if in fact you do work for them. So expect to be fired any day now, in the unlikely event that you were not posting crap.

Identity theft (1)

RedHatChilliPeppers (980675) | more than 8 years ago | (#15510604)

Identity theft is rampant in the US that I believe the way they handle transactions should be changed, however changing the current system doesn't guarantee security especially when people within the said organization body has a mole that will duplicate the form of identity (fake ids). If man made a thing, man can replicate the thing. thank goodness that in some countries where I'm at at the moment, Doesn't rely fully on verbal confirmation but rather a combination of three methods. Verbal, actual, & paperworks. Perhaps because US too is too big now to handle having these additional security makes the productivity worsten and lose the security.

The solution is simple (2, Funny)

Pizaz (594643) | more than 8 years ago | (#15510611)

I say we take off and nuke the entire site from orbit. It's the only way to be sure.

"Doh!" (0)

Anonymous Coward | more than 8 years ago | (#15510643)

...one power plant worker's reaction upon hearing the news.

New US GOV page to check if you info was stolen (3, Funny)

malraid (592373) | more than 8 years ago | (#15510654)

This new page is just comming online. You can check if your info was stolen. You just need to type your full name, SSN, birthdate, and address. It's really useful. US Goverment Identity Theft Agency Homepage [mafia-ident.ru]

Re:New US GOV page to check if you info was stolen (1)

A Nun Must Cow Herd (963630) | more than 8 years ago | (#15511713)

That link seems to be broken, but I'll keep trying.

I'm impressed that it can be done without my bank account details now! Those other guys needed all my bank account info to check for identity theft last time (and it was lucky I checked, because it turned out that my identy had been stolen!).

Identity Theft Protection here (0)

CrazyJim1 (809850) | more than 8 years ago | (#15510656)

First the Veterans now this. They can fight back by getting identity shield protection. If anyone uses their credit, the money is returned and the credit level returns to its previous state. Anyone who's worried about identity theft and wants protection should check out this website [pppaulson.com]

Take it easy on the guy... (4, Funny)

nickthecook (960608) | more than 8 years ago | (#15510668)

He probably just wanted to find out, once and for all, what state Homer lives in.

Can you blame him?

Damnit... (2, Funny)

Stormwatch (703920) | more than 8 years ago | (#15510674)

Lightman, you just don't learn, do you? Stop hacking the WOPR!

Re:Damnit... (1)

pcnetworx1 (873075) | more than 8 years ago | (#15510883)

He stopped that way, way back in the 1980s; this is a DOUBLE WOPR with CHEESY US Government Security!

Would you like a quote of FRY'S with that?

*head bursts from pun overload*

BURN KARMA BURN! (1)

Zaphod2016 (971897) | more than 8 years ago | (#15510750)

To everyone who claimed I was a "paranoid" in describing the value of "privacy" over vague promises of "security":

<font size=4> told ya' so </font>

Re:BURN KARMA BURN! (0)

Anonymous Coward | more than 8 years ago | (#15511577)

deprecated tags man, get with it

Just one? (1)

Vo0k (760020) | more than 8 years ago | (#15510784)

"prompting (...) to demand the resignation of the head of the NNSA"

Demand resignation of the remaining 1499 employees on the list, and the list will become useless. Problem solved.

If you know the enemy captured the plans of your attack, change the plans.

Committee transcript (1)

awtbfb (586638) | more than 8 years ago | (#15510909)

...prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA...

"You're fired. Your soooo fired!"

Feel Safer? (1, Insightful)

Doc Ruby (173196) | more than 8 years ago | (#15511613)

The Department of Homeland Security is busy spying on every American's phonecalls and email. The Republican government is furiously working to fail to pass Homophobia Amendments to the Constitution. Meanwhile, our nuclear workers can now be blackmailed on an unprecedented scale.

Do you feel safer?

Re:Feel Safer? (0)

Anonymous Coward | more than 8 years ago | (#15511625)

its called the NSA, not DHS. you should probably read the news instead of propagating false pretenses.

Re:Feel Safer? (1)

Doc Ruby (173196) | more than 8 years ago | (#15511666)

The FBI is the DHS agency actually listening to your phonecalls, after NSA passes them on. So Bush can say on TV that the NSA program doesn't listen to your phonecalls.

Does that kind of hairsplitting make you feel safer, Anonymous Bush worshipper Coward?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>