February 05, 2013

Energy Department latest to be struck by skilled hackers

The personally identifiable information (PII) of hundreds of U.S. Department of Energy (DOE) employees and contractors was accessed by intruders that breached DOE's networks.

On Monday morning, The Washington Free Beacon confirmed with unnamed government officials that the sophisticated attack indicated nation-state involvement. According to officials, the personal information of several hundred people was compromised in a mid-January breach where attackers infiltrated 14 computer servers and 20 workstations.

“Energy Department officials, along with FBI agents, are investigating the attack on servers at the Washington headquarters,” said the article. “They believe the sophisticated penetration attack was not limited to stealing personal information. There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information.”

No classified information was compromised in the cyber attack, according to the Free Beacon. Government officials spoke with the publication – which also broke news last October that a spear phishing attack breached the White House's computer network – under the condition of anonymity.

The Free Beacon reported in both instances that attacks were likely the work of Chinese hackers, according to government officials. China is also thought to be behind attacks on the computer networks of The New York Times and The Wall Street Journal because of the newspapers' critical coverage of the country, namely the Times reporting on the fortune amassed by relatives of China's prime minister. China's government has denied involvement in the incidents, which came to light last week.

The hacktivist group Anonymous has also been considered as the potential culprit of the DOE attacks. A faction of the collective, called Parastoo, claimed Jan. 21 to dump DOE information on Pastebin. The Parastoo group said its motivation was to spur investigations into Israel's nuclear facilities.

On Monday, The New York Times “Bits” blog published the DOE email sent to employees to notify them of the incident. In the email, DOE confirmed that the breach occurred in mid-January and that more notifications would be sent once “more specific information is gathered regarding affected employees and contractors.”

DOE is working with its Joint Cybersecurity Coordination Center to enhance monitoring and protection of its networks. The agency also advised its employees to implement best practices, like encrypting all files and email containing sensitive information, and not storing or emailing non-government related PII on its network computers.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.