Department of Energy hacked 159 times between 2010 and 2014

According to a review of federal records obtained by USA Today, the US Department of Energy is among the most targeted government organizations in the US.

The US Department of Energy manages information of strategic importance for a potential attacker, it oversees the operations of power grid, nuclear arsenal, and national labs. The data show that the Department of Energy has been hacked 159 times between 2010 and 2014, I reported early 2013 a major cyber attack on the networks at headquarters located in Washington DC. The news was published by The Washington Free Beacon, at the time of the announcement a total of 14 servers and 20 workstations at the headquarters were penetrated, it seems that also personal information of hundreds of Department of Energy employees were exposed.

Back to the present, the data acquired by the USA Today through the Freedom of Information Act, demonstrate that the Department of Energy is under constant siege, the experts reported 1,131 attempted cyberattacks during a 48 month period, unfortunately 159 of those attempts appear to have been successful.

The officials at the Department of Energy hasn’t provided further information related to the cyber attacks, in particular of the type and volume of the data related to the nation’s power grid or nuclear weapons stockpile likely accessed or stolen by the attackers.

“The Department of Energy has all the same problems as just about every other agency, the same problems that were highlighted” Tenable Network Security strategist Cris Thomas told Homeland Security Today, referencing the massive hack into OPM computers earlier this summer that saw 22 million Social Security numbers stolen.

“Basic fundamental security practices are either not properly implemented, not enforced or just plain missing,” Thomas continued. “The overall state of insecurity at the DOE was revealed by a report released by the Office of Inspector General just last year which found numerous default or easily guessed passwords on user workstations among other issues. These were some of the same exact problems that were found at OPM.”

The DoE is considerable as a strategic target due the information it manages on the critical infrastructure of the country, the complexity of the techniques adopted by attackers led to thinks that state sponsored APT groups are responsible for the attacks. The data obtained by the USA Today are aligned with the findings of the ICS-CERT MONITOR report related to the period September 2014 – February 2015 issued in March by the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

According to the report, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT. ICS/SCADA system were also targeted by other categories of threat actors, including cyber criminals, insider threats and hacktivists.

Pierluigi Paganini

(Security Affairs – US Department of Energy, security)