Feeds

US Department of Energy: Which bright spark just hacked us?

Data on hundreds of staffers leaked, but at least it wasn't 'classified' - report

Providing a secure and efficient Helpdesk

Personal information on several hundred employees at the the US Department of Energy has been compromised as the result of a hack attack, according to media reports.

The FBI is reportedly investigating the attack, which was detected around two weeks ago. According to officials quoted in the Washington Free Beacon, the damage appears to have been limited to 14 servers and 20 desktop workstations at the DoE's HQ. Although the breach might have ultimately been aimed at gaining access to classified systems, early indications are that no classified info was compromised, according to an official letter from the agency to its employees seen by Reuters.

For now the identity of the hackers and how they went about accessing vulnerable systems remains unclear. However two months ago, an official government report criticised the Department of Energy for its tardiness in patching desktop systems. More than half of the agency's desktops had failed to apply patches issued months beforehand, according to an assessment by the DoE's inspector general.

This is exactly the sort of basic security mistake - akin to leaving gaps in the fencing around sensitive buildings - that makes life easier for potential intruders. China has unsurprisingly emerged as among the most likely suspects behind the hack attack, at least according to early reports of the breach, which are notably thin in furnishing any evidence to back up this suspicion.

More commentary on the breach can be found in blog posts by Graham Cluley of Sophos here and Rik Ferguson of Trend Micro here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.