US Nuclear Watchdog Hacked Three Times In Three Years

The US Nuclear Regulatory Commission (NRC) was successfully hacked three times in the past three years, according to documents seen by Nextgov.com.

Two of the attacks are believed to have been carried out by foreign hackers, and another one by an unidentified individual. All three used phishing emails to compromise employee computers.

Attacks against critical national infrastructure are an increasingly important topic, with security experts warning that the number of such incidents will keep growing.

About that plutonium

Details of the attacks were found in a report by NRC’s office of the Inspector General, obtained through a Freedom of Information request. In total, there were 17 suspected braches at NRC from 20010 to 2013. Three of them were successful, at least in getting into the agency’s network.

There are no details on what kind of information, if any, was stolen, but NRC typically deals with reactor safety and security, licensing of radioactive materials, radionuclide safety and spent fuel management. According to a report quoted by Nextgov, some of the agency’s work involves monitoring the stockpile of weapons-grade plutonium and enriched uranium.

In one of the cases, phishing emails were sent to around 215 NRC employees and 12 were infected after clicking a link and logging into a fake website.

In another, attackers compromised a single work PC, and then used it to send further emails with a malware-ridded attachment across the organisation. According to the report, only one staff member was successfully tempted into opening the infected PDF document.

The commission spokesman David McIntyre told Nextgov that every NRC employee is required to complete annual cyber training that deals with phishing and other attempts to obtain illicit entry into agency networks.

Security researchers from FireEye suggest that the breaches could be the work of a state-sponsored hacker group, since average cyber criminals would have little interest in nuclear watchdog’s data.

The energy sector is thought to present a particularly critical target to a certain kind of attacker, since disrupting its digital systems would have a direct impact on the physical world.

In May, the US Department of Homeland Security warned organisations running Industrial Control Systems (ICS) that an unnamed utility service was compromised, although its operations were not affected. Last year, “sophisticated” malware kept a US power plant out of commission for three weeks.

In February, business secretary Vince Cable met with the representatives of the UK’s financial, water, energy, communications and transport sectors to highlight the need to protect critical national infrastructure against Internet-based attacks.

What do you know about famous hackers? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

15 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

16 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

17 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

19 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

22 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

22 hours ago