China Suspected in Cyber Attack on U.S. Department of Energy

china cyber attack dept of energy

Chinese hackers are suspected in a major new cyber-security breach at the U.S. Department of Energy that compromised personal information of hundreds of employees.

The Washington Free Beacon reports that the hackers, who struck the department two weeks ago, harnessed no classified information but may have more insidious aims:

There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information.

The department includes the National Nuclear Security Administration, which oversees the “safety, security and reliability of the U.S. nuclear weapons stockpile.”

There’s no clear evidence pointing to China’s involvement, but the sophisticated nature of the attack points to involvement of a nation state.

The China People’s Daily ran a front-page article denying claims of official involvement.

Meanwhile, a recent cyber attack struck Twitter, accessing 250,000 accounts. And newspapers including The New York Times, The Wall Street Journal and Washington Post have also been targeted.

A former IT employee with the Post, who remained anonymous, told KrebsOnSecurity:

They transmitted all domain information (usernames and passwords). We spent the better half of 2012 chasing down compromised PCs and servers. [It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks. They seemed to have the ability to do anything they wanted on the network.

CNN reported last month that 2013 is feared to be the year that “cyberwarfare goes mainstream”:

At least 12 of the world’s 15 largest military powers are currently building cyberwarfare programs, according to James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

CNN cites a McAfee Labs report (see full report below) called “2013 Threats Predictions,” which includes these words:

Next year [2013] we anticipate more of the same: Cybercriminals and hacktivists will strengthen and evolve the techniques and tools they use to assault our privacy, bank accounts, mobile devices, businesses, organizations, and homes.