US Department of Energy hit by a sophisticated cyber attack

It seems that suddenly US have discovered to be victim of a serious of cyber espionage campaigns that are targeting every sector from media to military and every time seems that is a must to blame the nightmare China.

A report published in 2012 by the U.S. China Economic and Security Review Commission revealed that “U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers, as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions.”

“In 2012, Chinese state-sponsored actors continued to exploit U.S. government, military, industrial, and nongovernmental computer systems,”

The report said Chinese cyber exploitation capabilities last year were “improving significantly.”

But US have many enemies as many allies, we are in the cyber era and the number of state-sponsored attacks are increasing in impressive way due the commitment of governments in the cyberspace. The last alarming cyber attack has hit the systems at United States Department of Energy, in particular the networks at headquarters located in Washington DC. The news has been published this morning on The Washington Free Beacon web site, the attacks is dated two weeks ago and the Department confirmed the incident providing some interesting information of the magnitude of the attack.

A total of 14 servers and 20 workstations at the headquarters were penetrated during the offensive, it seems that also personal information of hundreds of Department of Energy employees were exposed.

DoE is collaborating with FBI to investigate on the cyber attack,first information confirmed that the hackers attempted to deploy a backdoors in the network to allow later to access to the systems and steal sensitive information despite the Free Beacon revealed that no classified information was exposed.

The attackers obtained personally identifiable information such as names, Social Security numbers, digital identities and many other info that can be useful successive spear-phishing and other social engineering campaigns.

The DoE is considerable as a strategic target due the information it manage on the critical infrastructures of the country. Once again the complexity of the technique adopted by attackers led to thinks that China was responsible for the hack.

Security consultant Ed McCallum, who spent 10 years as the Department of Energy’s Office of Safeguards and Security, declared that the security breach “highlights decades of poor security at the department”.

“It’s a continuing story of negligence,”

“[The department] is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters,”.

McCallum reiterated that Chinese hackers have been targeting DoE secrets for a long time, and in the last period also other countries such as Iran, are showing same interest.

“A lot of countries are interested in our secrets and unless security is improved, this is going to happen again,” he said.

A breach notification states:

“The Department’s Cybersecurity Team, the Office of Health, Safety and Security and the Inspector General’s office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors,”.

Employee whose personal information has been exposed have been notified by email, it is suggested them to encrypt all documents and emails containing sensitive information. The personnel has been alerted on possible social engineering attempts using the stolen personal information, a typical scenario after a data breach.

Unfortunately the majority of cyber espionage campaign remain undetected for a long time causing serious problem and the leak of intellectual property, China, Russia, Iran and North Korea are the actors most active in the cyberspace.

Those countries are continuously searching to reduce technological gap with Western powers and cyber espionage in one of most diffused practices and China is considered the most dangerous cyber competitor, the article published by The Washington Free Bacon refers a secret program called Project 863 that “provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information.”

It’s time to approach the problem “cyber security” seriously as many nations are doing, it is necessary the definition of an efficient cyber strategy with a strong commitment of the highest government authorities … before it’s too late.

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.