Nuclear Regulatory Commission Computers Hacked

Nuclear Regulatory Commission Computers Hacked

An internal investigation has discovered that for the past three years, Nuclear Regulatory Commission (NRC) computers have been successfully hacked, twice by foreigners and once by an unidentifiable individual.Nuclear Regulatory Commission Computers Hacked

Incident #1 – Phishing emails were sent to about 215 NRC employees, baiting personnel to verify their user accounts by clicking on an embedded link and logging in. The link took victims, about 12 total, to a cloud-based Google spreadsheet.

NRC was able to track the originator of the spreadsheet to a foreign country; however, the nation was not identified publicly.

Incident #2 – Spearphishing emails were sent to NRC employees with a URL embedded into the email, connected to a cloud-based Microsoft Skydrive storage site that housed malware.

Again, NRC was able to track the sender of the emails to a foreign country that is remaining nameless at this time.

Incident #3 – The personal email account of an NRC employee was hacked and sent malware to other personnel from the employee’s contact list. There was a PDF attachment within the email that contained a JavaScript security vulnerability.

Investigators subpoenaed an Internet Service Provider for records, but apparently the provider did not have log records for the date of the incident, rendering it was impossible to identify the sender without the logs.

Because NRC oversees the U.S. nuclear power industry, it maintains records of oversea aggressors, including databases detailing the locations and condition of nuclear reactors, and relies on plants that handle weapon-grade materials to submit information detailing their inventories.

According to commission spokesman David McIntyre, NRC is always concerned about potential computer intruders, so much so, that every NRC employee must complete annual cyber training that teaches about phishing, spearphishing and other ways hackers can infiltrate agency systems.

About the Author

Ginger Hill is Group Social Media Manager.

Digital Edition

  • Security Today Magazine - March 2020

    March 2020

    Featuring:

    • Transforming the Industry
    • The Open Platform
    • Creating a Standardized Platform
    • Common Mistakes
    •The Next Victims

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety