Not just hacked - hacked more than 150 times in four years. From USA Today:
Records: Energy Department struck by cyber attacks
Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds.
Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.
Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department's Joint Cybersecurity Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation's power grid, nuclear weapons stockpile and energy labs.
The records, obtained by USA TODAY through the Freedom of Information Act, show DOE components reported a total of 1,131 cyberattacks over a 48-month period ending in October 2014. Of those attempted cyber intrusions, 159 were successful.
"The potential for an adversary to disrupt, shut down (power systems), or worse … is real here," said Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University. "It's absolutely real."
And some of these are really bad:
Records show 53 of the 159 successful intrusions from October 2010 to October 2014 were "root compromises," meaning perpetrators gained administrative privileges to Energy Department computer systems.
If you have root, you have the entire machine and, by using network password sniffers, the entire network the machine is attached to. There are ways to brute-force root access but they require physical access to the machine and a thumb-drive with software and a re-boot of the machine - to do this remotely means that someone left the default password in place or their choice of password was too simple. If you can recite your root password from memory, it is too simple.
The article closes with these two paragraphs:
The congressional committee's charter for Thursday's meeting, citing USA TODAY's report in March, notes the growing vulnerability of the nation's increasingly sophisticated bulk electric system.
"As the electric grid continues to be modernized and become more interconnected," the charter states, "the threat of a potential cybersecurity breach significantly increases."
What they are talking about here is SCADA or Supervisory Control And Data Acquisition. These systems are a pet peeve of mine. They are what control a factory or a power grid and in the pre-internet days, there was never any intent for this system to be connected to the internet. And then, someone at the central office wanted to log in to see what was happening. The SCADA software engineers added a network port without any attempt at security beyond a simple password. Wait about six months and SCADA systems were being PWNED (here and here) left and right much to the embarrassment of the developers. Now things are better but there are still major security breeches now and then.
