back to article Nuke regulator hacked three times in three years

The US Nuclear Regulator Commission (NRC) has been hacked three times in as many years, according to documents obtained under freedom of information requests. Unnamed foreign hackers sent hundreds of phishing emails - targeting 215 staff in one incident alone - in what was dubbed a 'credential harvesting campaign', according …

  1. CAPS LOCK Silver badge

    Hahahahahah....

    ""The NRC's computers cannot affect US nuclear power plant operations – the plants' safety and control systems are physically isolated and have no Internet connectivity," Burnell wrote on the NRC website."

    Tell that to the management at Nantaz in Iran.

    1. James Micallef Silver badge

      Re: Hahahahahah....

      "Tell that to the management at Nantaz in Iran"

      Erm... Nantaz was NOT connected to the Internet - Whoever took it down* developed a virus specifically for SCADA systems in Nantaz that was transmittable over USB keys, which is how Nantaz got infected

      *Pretty much assumed it's CIA/Mossad

      1. Rabbit80

        Re: Hahahahahah....

        That is the point the OP is making.. think you missed it.

  2. Ole Juul Silver badge

    wondering

    required operators to meet minimum security standards

    If the "minimum" doesn't include computer use, what does it include?

  3. jake Silver badge

    The mind boggles.

    What kind of moron thinks that a public facing Internet site actually gives access to nuclear anything? I mean, really? Perhaps getting an education would be a better option than demonstrating your religion derived complete lack of real world clues.

    1. Evil Auditor Silver badge

      Re: The mind boggles.

      We can only hope you are right, jake, we can only hope...

    2. Cipher

      Re: The mind boggles.

      " in what was dubbed a 'credential harvesting campaign', "

      Maybe this is phase one: build a list of known user ids. Infect the user's internet facing machine, and see what else they can do from there...

  4. Zog_but_not_the_first Silver badge
    Mushroom

    Flame grilled WOPR

    It's got the codes. It's going to launch.

  5. frank ly Silver badge

    Recruiting the best and the brightest

    "... conning dozens of staff to enter their login details into fake web forums, and by tricking employees to download and execute malware hosted in a Microsoft SkyDrive account, and contained within an attached PDF file."

    The people who fell for this should have their internet access blocked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Recruiting the best and the brightest

      The people who fell for this should have their oxygen access blocked.

      There, fixed it for you.

  6. Aitor 1 Silver badge

    Bullshit

    If you get into their computers, the very least you can get is how they operate.

    Then, you can also infect their computers so their systems place nasty targeted malware into sticks, etc etc.

    It WILL get to the systems.. just ask the Iranians..

  7. Alan Brown Silver badge

    As a civil regulator

    Just about everything would be obtainable via FOIA anyway.

    Sounds like someone got sick of waiting.

    1. Gene Cash Silver badge

      Re: As a civil regulator

      No. As a nuclear safety regulator, a lot is either sensitive or classified.

  8. Paul Crawford Silver badge

    Adobe again?

    The link has a little more info, including "A PDF attachment in the email contained a JavaScript security vulnerability" so it sounds like Adobe is the starting point.

    Again.

  9. chivo243 Silver badge

    Plant operators don't give the NRC access

    A friend worked in the 'Nuke biz' in the states for many years. I think the protocol is to present the NRC with the requested data. I would find it very hard to believe any operator would let any NRC rep near any computers, let alone one with USB access.

    Think of the NRC as an auditor or the tax man, not people you want to see as often your barber. Monty Burns might be a fictional operator, but there is a grain of truth there...

  10. Aaron 10

    Where do I send my CV? I put some blame on the users, but more on the network admins.

    1. FrankAlphaXII Silver badge

      In case you aren't joking

      Try USA Jobs and search for Nuclear Regulatory Commission. Be warned that its an OPM system though and they've had some security issues of their own as of late.

  11. Anonymous Coward
    Anonymous Coward

    "The commission maintained information on the operation, location, and condition of US nuclear plants, including those involved in weapons production, and it requires operators to meet minimum security standards."

    Of which the commission would fail to meet those minimum security standards.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019