News Data stolen from National Nuclear Security Administration

[edward]

Government workers are sleeping at the wheel. Why in Gods name would information on a National Nuclear Security Administration's computer be hackable? Perhaps the NSA should use their high tech equipment to take a closer look at other federal government agencies.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department's nuclear weapons agency.

But the incident last September, somewhat similar to recent problems at the Department of Veterans Affairs, was not reported to senior officials until two days ago, officials told a congressional hearing yesterday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said.

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/09/AR2006060901505.html



This data theft goes far beyond the possibility of identiity theft. By showing who and where the Nuclear weapons contract workers are, it shows where the weapons complexes are.

 

[Hurkyl]

Perhaps the NSA should use their high tech equipment to take a closer look at other federal government agencies.

http://www.computerworld.com/securitytopics/security/story/0,10801,83841,00.html

 

[Rach3]

Government workers are sleeping at the wheel. Why in Gods name would information on a National Nuclear Security Administration's computer be hackable? Perhaps the NSA should use their high tech equipment to take a closer look at other federal government agencies.

Err, the http://www.nsa.gov/. The former is under the DoD (I think) and does communications and cryptography stuff, the latter is under the DOE and mainly oversees nuclear weapons.

Just to get that straight...

 

[Integral]

Yet another! In the last 2 months my SS info and more has been in 2 different stolen laptops. A Fidelity employee lost a laptop with ALL of HP employes info and sepetely a VA emploee lost a laptop with Vets info.

What is going on?

 

[edward]

Err, the http://www.nsa.gov/. The former is under the DoD (I think) and does communications and cryptography stuff, the latter is under the DOE and mainly oversees nuclear weapons.

Just to get that straight...

I always had that straight. And that is part of the problem; too many agencies who can't communicate with each other, and each of them using their own data (or lack of) sucurity methods. Having information stolen from the National Nuclear Security Administration (DOE), should be a high priority for the National Security Agency (DOD).

This information stolen pertained to nuclear weapons belonging to the DOD not nuclear energy. The security of nuclear weapons is every bit as important as domestic surveillance.

If the DOE can't keep its own national nuclear security information secret and untouched by outside hands, perhaps they need some supervision.

Hurky's link indicated that the NSA had started probing the DOD computers for weaknesses as early as 1997. Apparently they ignored the DOE. And once again someone dropped the ball and waited over six months to report it.

 

[Pengwuino]

Yah this was already posted a week ago...

This information stolen pertained to nuclear weapons belonging to the DOD not nuclear energy. The security of nuclear weapons is every bit as important as domestic surveillance.

false, read the article.

https://www.physicsforums.com/showthread.php?t=123375

I don't know if it really required a lock however...

 

[edward]

Yah this was already posted a week ago...



false, read the article.

https://www.physicsforums.com/showthread.php?t=123375

I don't know if it really required a lock however...

Nuclear weapons definately belong to the DOD! Did you ever see a recall run the 52's used to make. I have. There were planes in the air headed for Russia at all times. They turned around at the last minute and headed back provided they got the radio recall.

They were'nt carrying candy bars from the DOE. They were carrying nukes from the DOD. Either way it is a matter of semantics, The DOE lost information.

And the fact that the information was lost is the real point. Have the boy scouts take care of it if you wish. I personally would rather see a more capable agency take charge of the situation.

Bear in mind anyone with the name, social security number, and location of a contract worker could possibly take that persons work identity and gain access to nuclear weapons.

When I worked for Martin in the 80's I had to sign a vow that I would sacrifice myself and/or my family to prevent this type of incident from happening. God you kids have it made. You just go ahead and play your own little version of "who's on first".

But in the end, the data was still lost by an agency who should have done a better job of protecting it. OK so pick it apart! The data will still be lost!

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said.

 

[Pengwuino]

They have names and SSN's, hardly the information necessary to gain access to nuclear weaponry and national secrets. Stay on topic.

 

[edward]

They have names and SSN's, hardly the information necessary to gain access to nuclear weaponry and national secrets. Stay on topic.

I am on topic. Give me your name and SS number and I will easily find you. It wouldn't mean diddlly squat if just another 1500 ordinary people had lost personal info. The VA lost the data of 25 million. Many of the people in the DOE incident will be carrying identification cards that give them access to nuclear information and weapons. Dam I have been there and done that.

OH God forget it. I can see now how these things happen.

 

[edward]

Yet another! In the last 2 months my SS info and more has been in 2 different stolen laptops. A Fidelity employee lost a laptop with ALL of HP employes info and sepetely a VA emploee lost a laptop with Vets info.

What is going on?

I think what is going on with ordinary people is that our personal info is spread so widely. A lot of banks are outsourcing their data processing and billing, both in and out of the country. Employers are outsourcing payroll to companies that do only payroll. Even my credit union has started outsouricng their data processing and credit card billing. I originally went with the Credit union to avoid just that.

But it is more than just that. We seem to have a generation of workers who don't have a clue about security, and employers who are trying to save a buck. When my wife was a bank employee all personal information files had to have two persons present to be opened. Security procedures like "Single point of entry" and "Dual control" have dissappeared and individuals are running around out there with their laptops full of our personal data.

 

[edward]

It is getting to the point where government computer information access or theft hardly makes the news. The little tidbit below was on page nine of my local paper.

WASHINGTON — An FBI computer consultant gained access to the secret passwords of Director Robert Mueller and others using free software found on the Internet, the latest embarrassment in the bureau's long struggle to modernize its computers.

http://www.foxnews.com/story/0,2933,202406,00.html

Again I think that our personal information is too widely spread. This particular case is an incident that is a great example of what can happen when a single person has access to vital information. This guy was working for an outsourced civialian contractor. The FBI used to be capable of doing this type of work in house.

Once the outsourcing starts the skills are lost, and that goes for the federal government as well as industry in general.

When everything was hard copy there was always dual control on classified information. Two people should have been working in close proximity to each other on this project. And yes that means two people with security clearances.

 

[Astronuc]

Administrative stuff as NNSA is apparently on unsecure systems, possibly in computers which are connected a network, which is connected to the Internet.

The nuclear weapons designs and technology are supposed to be on isolated computers in specially designed vaults, and generally one does not transport anything in or out of that vault without approval. Clearly data/reports have to be transported in and out.

Knowing who does what could be valuable to someone.

While DOD controls the disposition of nuclear weapons, the design and construction is handled by DOE/NNSA, which appears to be much less secure than it should be.