3 min read

US nuclear reactor safety regulators hacked three times in three years

Graham CLULEY

August 20, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US nuclear reactor safety regulators hacked three times in three years

The United States Nuclear Regulatory Commission (NRC) has hacked three separate times in the last three years, with at least two of the attacks believed to have been perpetrated by overseas hackers.

According to NextGov, which obtained information about the attacks after filing an open-records request, NRC employees were duped by an phishing email that asked them to verify their login details by taking them to a “cloud-based Google spreadsheet.”

A dozen of the 215 NRC employees targeted fell for the ruse and clicked on the link. Although it’s not known what information staff may have entered on the webpage, the opportunities for login credentials to have been harvested is obvious.

“Based on the mere fact of clicking on the link, NRC cleaned their systems and changed their user profiles,” said commission spokesman David McIntyre.

In a separate incident, hackers targeted commission employees by sending them emails that linked to malware on a Microsoft Skydrive-hosted webpage. One computer is said to have become compromised as a result of the attack.

In both incidents the attacks were investigated, and traced back to an overseas country – although details of which country has not been made public.

Finally, NextGov’s report reveals that the personal email account of an NRC employee was broken into, and used to send out a malicious PDF file to 16 other workers in the employee’s address book. One recipient’s computer became infected by the malware after opening the attachment.

In that incident, it proved impossible to point a finger in any particular direction as to who might have been responsible, or where in the world they might have been based.

Of course, even if a country was named in these reports it doesn’t necessarily mean that an attack is state-sponsored, or has the support of the intelligence or military services of that nation. It could just as equally be “freelance” hackers working on their own, perhaps with their own motivations.

Furthermore, we shouldn’t forget that it is very easy for criminals to hide their tracks online. So, for instance, it isn’t complicated if you are a hacker based in Uganda to compromise a computer in Uruguay to attack a computer network in the United States.

That said, Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, told NextGov that he suspected a nation would be behind the attacks:

“Clearly, the spearphishing is a technique that we’ve seen the Chinese and the Russians use before. Using the general logic, a nation state is going to be more interested in the NRC than you would imagine common criminals would be.”

Personally, I find the quote that “spearphishing is a technique that we’ve seen the Chinese and Russians use before” pretty rib-tickling. Umm.. isn’t it also the case that we’ve also seen American, British, French, Israeli, Syrian, (I could go on…) hackers use targeted spearphishing emails before too?

After all, it’s hardly a sophisticated technique…

Before you head to the hills, and stock up on cans of baked beans, there’s some thing that should be underlined.

This was the US Nuclear Regulatory Commission which got hacked. It was not an actual nuclear reactor. Safety and control systems used at US nuclear power plants are physically isolated, and aren’t connected to the internet.

The hackers may have been after sensitive information by hacking into the NRC, but there wasn’t any danger of any reactors themselves failing as a direct result.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read