Significant Cyber Attacks on Federal Systems — 2004-present

I received the list below (of “Significant Cyber Attacks” on Federal systems since 2004) from sources on Capitol Hill last week.  After reading through it and checking the data, it seemed worth making the list part of the public record.  The list is alphabetical by agency/department and continues after the jump:

Central Intelligence Agency:

• CIA website – June 2011 – The CIA’s website homepage was taken down due to a cyber attack by LulzSec. http://www.techradar.com/news/internet/cia-website-and-fbi-hacked-by-lulzsec-966715

 Congress:

• U.S. Senate – June 2011 – The Sergeant at Arms confirmed that the U.S. Senate’s website had been hacked after files from the website were posted online, indicating that Lulz Security had broken into the Senate’s computer network.  http://www.reuters.com/article/2011/06/13/us-cybersecurity-usa-senate-idUSTRE75C5JI20110613
• Senator Bill Nelson’s office – March 2009 – Senator Nelson confirmed that his personal office computers had been subject to three separate attacks. http://www.ypfp.org/content/hackers-based-china-break-florida-senator%E2%80%99s-office-computers
• Representative Wolf and Foreign Affairs Committee offices – August 2006 – Rep. Wolf announced that that the computers at his personal office, a number of unnamed Representatives’ offices, and the office of the House Foreign Affairs Committee had been hacked. http://wolf.house.gov/index.cfm?sectionid=34&parentid=6§iontree=6,34&itemid=1174

Department of Agriculture:

• USDA DC headquarters – June 2006 – The Department of Agriculture was subject to a cyber attack where the names, social security numbers, and photographs of 26,000 employees were stolen. http://www.msnbc.msn.com/id/31000126/ns/technology_and_science-security/t/cyber-attacks-continue-grow/

Department of Commerce:

• Economic Development Administration – February 2012 – The Department of Commerce had to disconnect their computers from the Internet because unknown intruders placed a virus on the Economic Development Administration’s computer network. http://www.washingtonpost.com/politics/for-agency-a-loss-of-technology-has-had-down–and-upsides/2012/04/08/gIQAvpAY5S_story.html
• Website breach – December 2009 – Department accidentally leaked Personally Identifiable Information and Social Security Numbers on website and didn’t notify employees for 7 weeks. http://www.washingtonpost.com/wp-dyn/content/article/2010/01/26/AR2010012603509.html?hpid=news-col-blog
• Commerce Secretary – December 2007 – Spying software was found on the devices of then Commerce Secretary following a trip to China with the Joint Commission on Commerce and Trade. http://www.nationaljournal.com/magazine/china-s-cyber-militia-20080531
• Bureau of Industry and Security – October 2006 – The Department of Commerce had to take the Bureau of Industrial Security’s networks offline for several months and replace hundreds of computers because its networks were hacked by unknown foreign intruders. This Commerce Bureau reviews confidential information on high tech exports. http://www.informationweek.com/news/193105227

Department of Defense:

• F-35 development – February 2012 – It was announced that delays and high costs for the development of fighter plane F-35 stemmed from responding to cyber attacks that stole classified information discussing the technology. http://defensetech.org/2012/02/06/did-chinese-espionage-lead-to-f-35-delays/
• Unmanned aerial vehicle – December 2011 – Iran claims to gained possession of RQ-170 Sentinel stealth drone with a cyber attack. http://www.washingtonpost.com/world/national-security/iran-says-it-downed-us-stealth-drone-pentagon-acknowledges-aircraft-downing/2011/12/04/gIQAyxa8TO_story.html
• DOD – July 2011 – In a speech unveiling the DOD cyber strategy, the Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files relating to sensitive systems being developed at DOD were stolen. http://www.fiercehomelandsecurity.com/story/24000-files-stolen-dod-contractor-single-march-attack/2011-07-17
• National Guard – December 2010 – Personal info of 650 soldiers was stolen from Santa Fe headquarters. http://www.krqe.com/dpp/news/local/southeast/soldiers’-personal-information-stolen-
• Army – April 2010 – Lost personal data of reservists. http://www.newsday.com/news/new-york/army-warns-reservists-of-identity-theft-threat-1.1876244
• Unmanned aerial vehicle feeds – December 2009 – Downlinks from U.S military UAV’s were hacked by Iraqi insurgents using inexpensive file sharing software, allowing them to see what the UAV has viewed. http://online.wsj.com/article/SB126102247889095011.html
• US Central Command – November 2008 – Classified networks at DOD and Central Command relating to U.S. involvement in Iraq and Afghanistan were subject to a cyber attack. http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28
• Secretary of Defense’s email – June 2007 – The Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf
• National Defense University – May 2007 – Spyware in the system left the University’s email systems vulnerable to attacks and the University ultimately had to take its systems offline due to hacks by unknown foreign intruders. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf
• Naval War College – November 2006 – The Naval War College in Rhode Island had to shut down all of its computer systems for two weeks following a cyber-attack.  The Naval War College develops strategies for naval warfare, as well as on cyberspace.  https://www.nextgov.com/cybersecurity/2006/12/china-is-suspected-of-hacking-into-navy-site/213191/
• Non-Classified IP Router Network – August 2006 – A senior Air Force Officer announced that, “China has downloaded 10 to 20 terabytes of data from the NIPRNet.” https://www.route-fifty.com/digital-government/2002/11/the-red-storm-is-rising-for-sandia-labs/290010/

Department of Education:

• August 2006 – Computers containing personal info of grant reviewers were stolen. http://www.idtheftcenter.org/artman2/uploads/1/ITRC_Breach_Report_20061231.pdf

Department of Energy:

• Nuclear Security Administration – October 2011 – A DOE report disclosed that the department has been hit by recent successful cyber attacks. http://www.foxbusiness.com/technology/2011/10/24/energy-department-discloses-cyber-attacks/

DOE/National Laboratories:

• Pacific Northwest National Labs – July 2011 – PNNL shut down access to their networks after learning they were subject to a highly sophisticated cyber attack.  http://ca.reuters.com/article/technologyNews/idCATRE7656M020110706
• Thomas Jefferson National Labs – July 2011 – Thomas Jefferson labs shut down access to their networks after learning they were subject to a highly sophisticated cyber attack.  http://ca.reuters.com/article/technologyNews/idCATRE7656M020110706
• Oak Ridge National Labs – April 2011 – ORNL, home to powerful supercomputers, shut down access to the Internet after employees received emails with a link that allowed the attackers to siphon out information. It was reported that a “few megabytes” of data were stolen. http://www.wired.com/threatlevel/2011/04/oak-ridge-lab-hack/
• Oak Ridge National Labs – October 2007 – Over a thousand staffers at ORNL received an email with an attachment that, when opened, provided unknown intruders with access to the Lab’s databases. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf

Department of Homeland Security:

• DHS website – February 2012 – The DHS website was taken down due to a cyber attack, attributed to Anonymous. http://rt.com/usa/news/homeland-security-website-anonymous-473/
• Homeland Security Information Network – May 2009 – The Homeland Security Information Network (HSIN) was hacked by unknown intruders, who gained access to state and federal information.  The HSIN is intended to be a secure portal for information sharing between federal, state, and industry partners. http://fcw.com/Articles/2009/05/13/Web-DHS-HSIN-intrusion-hack.aspx
• DHS – September 2007 – Dozens of DHS’s computers and servers were hacked, allowing sensitive information to be stolen.  The contractor hired to protect DHS computers tried to hide the incident from DHS, citing that DHS elected to stop paying for security monitoring services. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/23/AR2007092301471_pf.html
• DHS – June 2007 – Officials acknowledged that two internal DHS servers were infected with a technology designed to steal passwords and other sensitive data. http://www.computerweekly.com/news/2240081110/DHS-suffered-more-than-800-cyber-attacks-in-two-years
• DHS Headquarters – 2007 – a report cited that the department had suffered 884 cyber attacks during 2005 and 2006. http://www.computerweekly.com/news/2240081110/DHS-suffered-more-than-800-cyber-attacks-in-two-years

Department of Interior:

• May 2010 – Lost CD contained info of 7,500 employees. http://fcw.com/articles/2010/06/16/interior-loses-cd-with-personal-data-for-7500-federal-employees.aspx
• DOI Audit – November 2009 – The Department “failed” a cybersecurity audit, which cited that the agency falls short of security requirements. http://www.informationweek.com/news/government/security/221601054
• DOI – February 2002 – The Department was forced, under court order, to shut down all computers from the Internet for a period of two months until it could prove that it had fixed major security problems. http://articles.cnn.com/2002-02-06/tech/doi.security.idg_1_trust-funds-internet-access-security-problems?_s=PM:TECH

Department of Justice:

• DOJ website – January 2012 – Hacker group Anonymous claimed responsibility for taking down the DOJ websites, usdoj.gov and justice.gov, in a cyber attack to protest the FBI shutting down Megaupload.com. http://www.washingtonpost.com/business/economy/department-of-justice-site-hacked-after-megaupload-shutdown-anonymous-claims-credit/2012/01/20/gIQAl5MNEQ_story.html

DOJ/Federal Bureau of Investigation:

• FBI conference call – February 2012 – Anonymous intercepted and posted online a FBI and Scotland Yard conference call discussing the hacking group Anonymous. https://www.nytimes.com/2012/02/04/us/fbi-admits-hacker-groups-eavesdropping.html?_r=1
• FBI website – January 2012 – Anonymous claimed credit for taking down the FBI website, FBI.gov, in a cyber attack to protest the FBI shutting down Megaupload.com. http://techland.time.com/2012/01/20/10-sites-skewered-by-anonymous-including-fbi-doj-u-s-copyright-office/
• FBI website – June 2011 – The FBI’s phone network was taken down due to a cyber attack by LulzSec.  http://www.techradar.com/news/internet/cia-website-and-fbi-hacked-by-lulzsec-966715

Department of State:

• Bureau of East Asian Affairs – June 2006 – The State Department confirmed that its networks at its headquarters and offices dealing with Asia were subject to an attack that started at U.S. embassies in the East Asia-Pacific region. Unknown foreign intruders downloaded sensitive information and passwords. http://www.nytimes.com/2006/07/12/washington/12hacker.html  http://www.informationweek.com/news/190303153
• Employee illegally accessed over 60 passport application files between 2005 and 2008.  http://www.justice.gov/opa/pr/2010/March/10-crm-304.html

Department of Transportation:

• National Highway Traffic Safety Administration – June 2010 – It was discovered that NHTSA was inadvertently publishing sensitive personal info on the web. http://www.thetruthaboutcars.com/nhtsas-complaint-database-leaks-private-information-like-a-sieve/
• DOT website – July 2009 – the DOT website was shut down by a cyber attack that was part of a larger effort to bring down websites in the United States and South Korea. http://www.pcworld.com/article/168027/cyber_attack_his_south_korean_web_sites.html

DOT/Federal Aviation Administration:

• FAA – May 2009 – A report released by the Department of Transportation acknowledged that the FAA administrative networks that manage air-traffic flow and electric power were subject to cyber attacks that gained access to information used to control the network. http://online.wsj.com/article/SB124165272826193727.html

Department of Treasury:

• Treasury Department website – July 2009 – the Treasury website was shut down by a cyber attack that was part of a larger effort to bring down websites in the United States and South Korea. http://www.msnbc.msn.com/id/31789294/ns/technology_and_science-security/t/us-eyes-n-korea-massive-cyber-attacks/

Department of Veterans Affairs:

• 4,000 records exposed between March and December of 2011 when Social Security Numbers were posted to Ancestry.com. http://www.federaltimes.com/article/20120125/DEPARTMENTS04/201250304/
• 26.5 million records were stolen in May 2009. http://searchsecurity.techtarget.com/news/1189759/Personal-data-on-265-million-veterans-stolen

Federal Deposit Insurance Corporation:

• From August 2008 to July 2009, a former employee leaked private financial information of a client. http://www.pogowasright.org/?p=4596

Federal Trade Commission:

• FTC online security website – January 2012 – The website run by the FTC dedicated to cybersecurity education, OnGuardOnline.gov, was taken down and defaced by a cyber attack. http://www.pcworld.idg.com.au/article/413253/u_government_online_security_website_hacked/
• FTC website – July 2009 – the FTC website was shut down by a cyber attack that was part of a larger effort to bring down websites in the United States and South Korea. http://www.msnbc.msn.com/id/31789294/ns/technology_and_science-security/t/us-eyes-n-korea-massive-cyber-attacks/

National Aeronautics and Space Administration:

• NASA – 2011 and 2010 – NASA announced March 2012 it was subject to 5,400 security incidents in 2010 and 2011, in which 13 times the hackers gained “full functional control” of important systems http://www.theregister.co.uk/2012/03/05/nasa_security_congressional_testimony/
• NASA satellite – November 2011 – It was announced that suspected Chinese hackers, using malicious cyber activity, took control of 2 NASA satellites for more than 11 minutes during 2007 and 2008. http://abcnews.go.com/blogs/politics/2011/11/us-satellites-compromised-by-malicious-cyber-activity/
• NASA’s Jet Propulsion Laboratory website – May 2011 – NASA’s JPL website was compromised due to a cyber attack. http://www.pcworld.com/businesscenter/article/227482/nasa_stanford_websites_hit_by_search_engine_scammers.html
• Goddard Earth Observation System – May 2011 – A hacker gained access to information contained on servers for the satellite-based Earth observation system. http://threatpost.com/en_us/blogs/hack-targets-nasas-earth-observation-system-051711
• International Space Station – March 2011 – A laptop containing the codes to control the International Space Station was stolen. 48 other NASA mobile computing devices were stolen or lost between April 2009 and April 2011 that contained sensitive information, including Social Security numbers. http://www.dailymail.co.uk/sciencetech/article-2108683/Stolen-Nasa-laptop-contained-codes-control-Space-Station.html
• Jet Propulsion Laboratory – 2009 – An Inspector General report identified that hackers had compromised one of NASA’s key mission networks, stealing export-restricted data from NASA Jet Propulsion Laboratory systems due to a cyber attack that made thousands of unauthorized connections to the network. http://www.informationweek.com/news/government/security/229400618
• NASA headquarters – December 2006 – NASA blocked emails with attachments before shuttle launches out of fear they would be hacked by unknown foreign intruders. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf
• NASA – 2004 – Suspected Chinese hackers, codenamed Titan Rain by the FBI, stole significant amount of information from sensitive networks at NASA and military labs.  http://www.time.com/time/magazine/article/0,9171,1098961,00.html
• Ames Research Center – 2004 – A cyber attack at Ames Research Center forced the agency to turn off its facility’s supercomputers to limit the loss of secure data. http://www.businessweek.com/print/magazine/content/08_48/b4110072404167.htm
• X-ray satellite and Goddard – September 1998 – NASA investigators reported that the failure of an X-ray satellite was due to a cyber attack at Goddard Space Flight Center. http://www.businessweek.com/print/magazine/content/08_48/b4110072404167.htm

National Archives:

• In April 2009, a hard drive containing SSNs of over 100,000 ppl who visited or worked in White House during Clinton Administration was lost. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133340

Office of Personnel Management:

• USAjobs – January 2009 – The Office of Personnel Management website and database for USAjobs, the job site for the federal government, came under a cyber attack, allowing perpetrators to gain access to contact and account information of its millions of users. http://www.msnbc.msn.com/id/31000126/ns/technology_and_science-security/t/cyber-attacks-continue-grow/#.TmzxJ0_Opog

Social Security Administration:

• Sensitive information of over 36,000 people were released by the SSA between May 2007 and April 2010. http://fcw.com/articles/2011/04/14/ssa-privacy-breach-death-master-file.aspx

U.S. Copyright:

• Copyright office – January 2012 – Anonymous claimed credit for taking down the US Copyright Office website, copyright.gov, in a cyber attack to protest the FBI shutting down Megaupload.com. http://techland.time.com/2012/01/20/10-sites-skewered-by-anonymous-including-fbi-doj-u-s-copyright-office/

Unknown agencies:

• Operation Shady RAT– August 2011 – A five year hacker operation, called Shady RAT, collected data from six unknown federal government agencies. http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109
• State Department cable – April – October 2008 – A State Department cable published by WikiLeaks reported that hackers stole “50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified (U.S. government) agency.” http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf