6 Reasons Hackers Would Want Energy Department Data

In Department of Energy breach, what was driving attackers to steal employee data? Stuxnet revenge is one theory.

Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
Why would hackers target the Department of Energy (DOE)?
The obvious answer is to steal nuclear secrets, since the agencys
National Nuclear Security Administration
(NNSA) department is in charge of managing and safeguarding the countrys nuclear arsenal. According to security experts, the agencys laboratories, where the most sensitive work takes place, have long been targeted by attackers.
But the breach of the DOE headquarters network in mid-January, which was disclosed in a Friday memo to employees, appeared only to result in the theft of personally identifiable information (PII) pertaining to a few hundred of the agencys employees and contractors. Although a related investigation by the DOE and FBI remains underway, the memo noted that the findings to date indicate that no classified data was compromised.
[ What is the government doing to crack down on cyber break-ins? Read
FBI Expands Cybercrime Division
. ]
Why would attackers target PII for agency employees? Here are six reasons -- some more likely than others -- why attackers might have come gunning for employee data:
1. Spies Seeking Nuclear Secrets
The story of the DOE breach was first
reported
by the
Washington Free Beacon
, which noted that the NNSA manages, secures and designs the countrys nuclear arsenal. But it offered no evidence that the NSSA was targeted, and again, the DOE said its investigators found no evidence that attackers accessed any classified information.
Other news outlets trumpeted that
China was a possible suspect
in the attacks, which isnt news -- and hasnt been substantiated. Furthermore, if a foreign government was involved, there are many more candidates than just China. China is the noisiest -- the government officials who are fully briefed in on the threat will tell you that several other countries cyber attacks are equally worrisome but much more clandestine, said Alan Paller, director of research for the SANS Institute, via email.
2. Intelligence Services Out To Catalog Real Identities
If a foreign intelligence service was behind the attack, then it was likely meant to gain a foothold in the DOEs network, and then allow attackers to spread malware to other DOE systems. Alternately, the information could be used for more hands-on types of espionage. Lets suppose the hackers were from China, said Sean Sullivan, security advisor at F-Secure Labs, via email. In that case, they may very well be interested in the PII to facilitate real-world spying -- a lot of which still goes on. You need to know names and addresses in order to target somebody with a seductress.
3. Prepping Spear-Phishing Attacks
Or, the personnel information could be used to create more personalized
spear-phishing attacks
. These use emails that appear to be legitimate to trick users into opening malicious attachments, which then infect the targeted system and allow data to be stolen from the PC, as well as use the infected system as a springboard for infecting other servers and PCs.
Thanks to modern-day
crimeware toolkits
, attackers can repack their malware to vary its appearance, thus helping to bypass signature-based antivirus defenses. In the
attack against
The New York Times
that came to light last week, for example, attackers launched 45 malicious files at newspaper PCs over a three-month period, and only saw one piece of malware get stopped and blocked by the Symantec antivirus software used by the
Times
.
4. Hacktivists Promoting A Cause
The
Washington Free Beacon
story quoted an unnamed computer forensic specialist, who said that the DOE breach might have been the work of Anonymous. As evidence, the expert pointed to a Jan. 21, 2013, Pastebin post, since deleted, from a relatively new hacking group called
Parastoo
, which has been demanding that the International Atomic Energy Agency start an investigation into activities at Israels secret nuclear facilities.
To draw attention to that request, Parastoos Pastebin post (later
uploaded again
) -- which signs off with the Anonymous manifesto -- included what it claimed was information about one of the USA Department of Energy (DOE) critical servers we have access to. The timing of the upload would seem to correspond with the DOEs recent breach. But the information contained in the post appears to date from 2010, meaning it was likely assembled from previously published information.
Regardless, the recent DOE breach still could have been the work of hacktivists. Lets suppose the hackers were part of Anonymous, said Sullivan. In that case, Id say they were just scanning all .gov sites for weakness, and PII at the DOE is what they found. And that works for Anonymous, as doxing [releasing information on] government employees is what it enjoys doing.
5. Financial Crime Syndicates Seeking Identity Information
Also on the opportunism front, cybercrime gangs -- or black-market resellers -- seeking information that could be used for financial gain might have hacked into the DOE systems, seeking employees names as well as social security numbers and banking details. That said, trying to nab financial data from a U.S. government agency system seems like a relatively high-risk activity, given that theres arguably much lower-hanging fruit to be had -- and less risk of the
FBI pursuing you
-- by hacking into systems at private businesses.
Furthermore,
Washington Free Press
reported that in the DOE breach, a total of 14 computer servers and 20 workstations at the headquarters were penetrated during the attack, although that information couldnt be verified. Regardless, according to the DOE, the breach apparently resulted in relatively small takings, involving personal information pertaining to just a few hundred employees and contractors. As far as financially motivated cybercrimes -- or
hacktivist-organized doxing campaigns
-- go, thats a very small haul.
6. Revenge For Stuxnet
There might be a Stuxnet angle to the attacks -- someone could be seeking information about specific department personnel. From my very dark place, lets suppose the hackers were from Iran. If you Google for department of energy tennessee stuxnet, the top result will be David E. Sangers
NYT piece on Stuxnet
, said Sullivan. Notably, Sangers story quoted unnamed government officials, who said that the
U.S. government commissioned Stuxnet
as part of a cyber-weapons program.
Whats the Tennessee connection? Its where the DOE had a replica of the equipment used by Natanz. Stuxnet interfered with Natanz. There have also been several assassinations of Iranian nuclear scientists, said Sullivan. So ... perhaps Iran would like to return the favor?
Security isnt necessarily the first thing people think of when they consider enterprise directories. But directories can be used in a number of ways to tighten and extend your organizations security.
A Guide To Security And Enterprise Directories
report, we examine enterprise directories—through the lens of Microsoft Active Directory -- and their potential as a solution for a wide array of security initiatives. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
6 Reasons Hackers Would Want Energy Department Data