DoE/NNSA Security Compromised Last September - Official Covered It Up Until Now, page 1

posted on Jun, 9 2006 @ 04:29 PM

link

Last September an (as yet) unknown perpetrator penetrated a database belonging to the National Nuclear Security Administration and made off with the personal information of 1500 DoE contractors involved with the nuclear program. Secretary of Energy, Samuel Bodman, was furious when he was finally informed of the theft..just two days ago. The information came to light in an open session investigating DoE security, and was moved to a closed session after the revelations, due to security concerns.

www.cbsnews.com
The cyber break-in happened last September, reports CBS News correspondent Bob Fuss, but the employees were never told and the Secretary of Energy didn't learn about the theft until this week.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said.

NNSA Administrator Linton Brooks told a House hearing that he learned of the security break late last September, but did not inform Energy Secretary Samuel Bodman about it. The theft had occurred earlier in the month.

Please visit the link provided for the complete story.

Well, this is par for the course, but that doesn't change the fact that it's a serious breach of security. Where's the accountability? Is Bodman telling tales to protect his own skin, or was he really kept out of the loop for reasons unknown?

I'm still reeling, trying to find more information. I get the very real sense that something is going on behind the scenes on this one, but I haven't got a clue what that 'something' might be. More investigation is needed, but details are sketchy at the moment.

According to statements made by the DoE, the database was secured, but not 'secure', meaning it held no classified information pertaining to nuclear technology (just a whole bunch of sensitive information, apparently). Of greater concern than the actual losses, to me anyway, is the fact that this a.)happened in the first place, and b.) was covered up for so long. It boggles the mind - but really this is what happens when there are thousands and thousands of cooks in one cramped kitchen. Anyway, hopefully more about this will be coming out in short order.

[edit on 9-6-2006 by WyrdeOne]

[edit on 9-6-2006 by WyrdeOne]

ADVISOR

posted on Jun, 9 2006 @ 09:55 PM

link

If one looks at this event and the laptop that was stolen, it almost looks like a effort to acquire government data.

But who cares right...

Astronomer70

posted on Jun, 10 2006 @ 01:49 AM

link

If you make the assumption the same group did both, then yes it does. If you do not make that assumption, then it just looks like security is not tight enough.

psyopswatcher

posted on Jun, 12 2006 @ 12:42 PM

link

Originally posted by WyrdeOne

I get the very real sense that something is going on behind the scenes on this one, but I haven't got a clue what that 'something' might be. More investigation is needed, but details are sketchy at the moment.

Indeed, details are sketchy. What the article doesn't say is HOW did Sec. Bodman finally learn of this incident--two days before the congressional hearing on Cyber Security--who was it that ended up clueing him in? Did he read it in a report someone had prepared for the Congressmen?

And, how do they know they were hacked? Did the hacker leave footprints? A big ole note saying "Nya, nya na na na." Obviously they need better cyber security, eh? But how did they know?

Here's more of the take from AP/Wired News:

Brooks blamed a misunderstanding for the failure to inform either Bodman or Deputy Energy Secretary Clay Sell about the security breach. Brooks' NNSA is a semiautonomous agency within the department and he said he assumed DOE's counterintelligence office would have briefed the two senior officials.

"That's hogwash," Rep. Joe Barton (news, bio, voting record), chairman of the Energy and Commerce Committee, told Brooks. "You report directly to the secretary. You meet with him or the deputy every day. ... You had a major breach of your own security and yet you didn't inform the secretary."

Bodman first learned of the theft two days ago, according to his spokesman, Craig Stevens.

"He's deeply disturbed by the way this was handled," Stevens said.

Barton, R-Texas, called for Brooks' resignation because of his failure to inform Bodman and other senior DOE officials of the security failure.

...

The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE's inspector general, told the committee. But he said that while improvements have been made, "significant weaknesses continue to exist," making the unclassified computer system vulnerable to hackers.

Last fall, a so-called "Red Team" of DOE computer specialists -- seeking to test the security safeguards -- succeeded in hacking into and gaining control of a DOE facility's computer system, the panel was told.

"We had access to sensitive data including financial and personal data.... We basically had domain control," said Glenn Podonsky, director of DOE's Security and Safety Performance Assessment. "We were able to get passwords, go from one account to another."

Podonsky did not name the facility.

But in response to questioning, he said that during the test it was learned that an actual penetration of a DOE computer system had occurred, leading to the theft of the files containing information about the 1,500 contract workers.

This is going to go a long way in discrediting computer systems. And make a big point for more and better security. This is what I see going on behind the scenes.