The organization overseeing the safety of U.S. nuclear reactors has fallen victim to overseas hackers three times in the past three years.
Citing an internal investigation, the Nextgov website reports that computers at the Nuclear Regulatory Commission were successfully hacked on three occasions. Two of the attacks were conducted by foreigners and a third came from “an unidentifiable individual,” according to Nextgov, which obtained an Office of Inspector General report through an open-records request.
Experts say that foreign powers could use the NRC's sensitive information for surveillance or even sabotage, although the Commission says that the handful of attacks were detected and dealt with.
In one incident, which was traced to a hacker in an unnamed foreign country, emails were sent to about 215 NRC employees in "a logon-credential harvesting attempt," according to the Inspector General report. Employees were invited to verify their user accounts by clicking a link and logging in, with victims taken to "a cloud-based Google spreadsheet." A dozen NRC employees clicked the link.
NRC spokesman David McIntyre told FoxNews.com that, based on the mere fact of clicking on the link, the Commission cleaned their systems and changed their user profiles. What the employees put on the spreadsheet is unknown, he added.
The Inspector General report also said that hackers attacked NRC employees with ‘spearphishing’ emails linked to malicious software. Investigators wrote that a URL embedded in the emails linked to "a cloud-based Microsoft Skydrive storage site," which held the malware. There was one “incident of compromise,” according to the report, with the attack also traced to an unnamed foreign country.
In another incident, hackers broke into the personal email account of an NRC employee and sent malware in the form of an infected PDF attachment to 16 other workers in the employee’s contact list.
NRC spokesman David McIntyre told FoxNews.com that only one of the 16 workers opened the attachment, causing their computer to become infected and subsequently replaced.
Experts say that the incidents reinforce the need for extra-tight security within organizations. “As can be seen from the Skydrive and Email incidents, it only takes one wrong click to give attackers access the ‘keys to the kingdom’,” wrote Tal Klein, vice president of Strategy at Palo Alto, Calif.-based cloud security specialist Adallom, in a statement emailed to FoxNews.com. “These sort of advanced phishing attacks go under the radar, undetectable by traditional endpoint protection and network firewalls, similar to the ‘Ice Dagger’ attack we uncovered last year.”
“In the cyber era of numerous state-sponsored targeted attacks with the motive of cyber espionage, surveillance, or sabotage, it is not very surprising that Nuclear Regulatory Commission (NRC) has been targeted multiple times,” added Deepen Desai, director of security research for San Jose, Calif.-based Zscaler ThreatLabZ, in an emailed statement. “The sensitive information maintained by NRC will be of prime interest to some foreign states with the motives ranging from espionage, surveillance, or sabotage. This makes it very important for the organizations like NRC that maintains nation’s critical infrastructure information to not only continuously train their employees but also update their training content more frequently.”
NRC spokesman McIntyre told FoxNews.com that the Commission is always concerned about the potential for cyber intrusions into its networks. “Every NRC employee completes mandatory annual training on computer security that covers phishing, spear phishing and other attempts to gain illicit access to agency networks,” he said. “The NRC’s Computer Security Office detects and thwarts the vast majority of such attempts, through a strong firewall and reporting by NRC employees.”
“The few attempts documented in the OIG Cyber Crimes Unit report as gaining some access to NRC networks were detected and appropriate measures were taken,” he added.
Overseas cyberattacks have been attracting plenty of attention recently. Earlier this month, for example, research specialist Hold Security, which has a strong track record of uncovering data breaches, reported that a Russian crime ring has got its hands on more than a billion stolen Internet credentials.
This was followed by news that U.S. Investigation Services (USIS), the main provider of background checks to the U.S. government, had been targeted in an attack possibly launched by a foreign power.
Follow James Rogers on Twitter @jamesjrogers