I received the list below (of “Significant Cyber Attacks” on Federal systems since 2004) from sources on Capitol Hill last week.  After reading through it and checking the data, it seemed worth making the list part of the public record.  The list is alphabetical by agency/department and continues after the jump:

Central Intelligence Agency:


  • U.S. Senate – June 2011 – The Sergeant at Arms confirmed that the U.S. Senate’s website had been hacked after files from the website were posted online, indicating that Lulz Security had broken into the Senate’s computer network.  http://www.reuters.com/article/2011/06/13/us-cybersecurity-usa-senate-idUSTRE75C5JI20110613
  • Senator Bill Nelson’s office – March 2009 – Senator Nelson confirmed that his personal office computers had been subject to three separate attacks. http://www.ypfp.org/content/hackers-based-china-break-florida-senator%E2%80%99s-office-computers
  • Representative Wolf and Foreign Affairs Committee offices – August 2006 – Rep. Wolf announced that that the computers at his personal office, a number of unnamed Representatives’ offices, and the office of the House Foreign Affairs Committee had been hacked. http://wolf.house.gov/index.cfm?sectionid=34&parentid=6§iontree=6,34&itemid=1174

Department of Agriculture:

  • USDA DC headquarters – June 2006 – The Department of Agriculture was subject to a cyber attack where the names, social security numbers, and photographs of 26,000 employees were stolen. http://www.msnbc.msn.com/id/31000126/ns/technology_and_science-security/t/cyber-attacks-continue-grow/

Department of Commerce:

Department of Defense:

  • F-35 development – February 2012 – It was announced that delays and high costs for the development of fighter plane F-35 stemmed from responding to cyber attacks that stole classified information discussing the technology. http://defensetech.org/2012/02/06/did-chinese-espionage-lead-to-f-35-delays/
  • Unmanned aerial vehicle – December 2011 – Iran claims to gained possession of RQ-170 Sentinel stealth drone with a cyber attack. http://www.washingtonpost.com/world/national-security/iran-says-it-downed-us-stealth-drone-pentagon-acknowledges-aircraft-downing/2011/12/04/gIQAyxa8TO_story.html
  • DOD – July 2011 – In a speech unveiling the DOD cyber strategy, the Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files relating to sensitive systems being developed at DOD were stolen. http://www.fiercehomelandsecurity.com/story/24000-files-stolen-dod-contractor-single-march-attack/2011-07-17
  • National Guard – December 2010 – Personal info of 650 soldiers was stolen from Santa Fe headquarters. http://www.krqe.com/dpp/news/local/southeast/soldiers’-personal-information-stolen-
  • Army – April 2010 – Lost personal data of reservists. http://www.newsday.com/news/new-york/army-warns-reservists-of-identity-theft-threat-1.1876244
  • Unmanned aerial vehicle feeds – December 2009 – Downlinks from U.S military UAV’s were hacked by Iraqi insurgents using inexpensive file sharing software, allowing them to see what the UAV has viewed. http://online.wsj.com/article/SB126102247889095011.html
  • US Central Command – November 2008 – Classified networks at DOD and Central Command relating to U.S. involvement in Iraq and Afghanistan were subject to a cyber attack. http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28
  • Secretary of Defense’s email – June 2007 – The Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf
  • National Defense University – May 2007 – Spyware in the system left the University’s email systems vulnerable to attacks and the University ultimately had to take its systems offline due to hacks by unknown foreign intruders. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf
  • Naval War College – November 2006 – The Naval War College in Rhode Island had to shut down all of its computer systems for two weeks following a cyber-attack.  The Naval War College develops strategies for naval warfare, as well as on cyberspace.  https://www.nextgov.com/cybersecurity/2006/12/china-is-suspected-of-hacking-into-navy-site/213191/
  • Non-Classified IP Router Network – August 2006 – A senior Air Force Officer announced that, “China has downloaded 10 to 20 terabytes of data from the NIPRNet.” https://www.route-fifty.com/digital-government/2002/11/the-red-storm-is-rising-for-sandia-labs/290010/

Department of Education:

  • August 2006 – Computers containing personal info of grant reviewers were stolen. http://www.idtheftcenter.org/artman2/uploads/1/ITRC_Breach_Report_20061231.pdf

Department of Energy:

  • Nuclear Security Administration – October 2011 – A DOE report disclosed that the department has been hit by recent successful cyber attacks. http://www.foxbusiness.com/technology/2011/10/24/energy-department-discloses-cyber-attacks/

DOE/National Laboratories:

  • Pacific Northwest National Labs – July 2011 – PNNL shut down access to their networks after learning they were subject to a highly sophisticated cyber attack.  http://ca.reuters.com/article/technologyNews/idCATRE7656M020110706
  • Thomas Jefferson National Labs – July 2011 – Thomas Jefferson labs shut down access to their networks after learning they were subject to a highly sophisticated cyber attack.  http://ca.reuters.com/article/technologyNews/idCATRE7656M020110706
  • Oak Ridge National Labs – April 2011 – ORNL, home to powerful supercomputers, shut down access to the Internet after employees received emails with a link that allowed the attackers to siphon out information. It was reported that a “few megabytes” of data were stolen. http://www.wired.com/threatlevel/2011/04/oak-ridge-lab-hack/
  • Oak Ridge National Labs – October 2007 – Over a thousand staffers at ORNL received an email with an attachment that, when opened, provided unknown intruders with access to the Lab’s databases. http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf

Department of Homeland Security:

Department of Interior:

Department of Justice:

DOJ/Federal Bureau of Investigation:

Department of State:

Department of Transportation:

DOT/Federal Aviation Administration:

  • FAA – May 2009 – A report released by the Department of Transportation acknowledged that the FAA administrative networks that manage air-traffic flow and electric power were subject to cyber attacks that gained access to information used to control the network. http://online.wsj.com/article/SB124165272826193727.html

Department of Treasury:

Department of Veterans Affairs:

Federal Deposit Insurance Corporation:

Federal Trade Commission:

National Aeronautics and Space Administration:

National Archives:

Office of Personnel Management:

Social Security Administration:

U.S. Copyright:

Unknown agencies:

  • Operation Shady RAT– August 2011 – A five year hacker operation, called Shady RAT, collected data from six unknown federal government agencies. http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109
  • State Department cable – April – October 2008 – A State Department cable published by WikiLeaks reported that hackers stole “50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified (U.S. government) agency.” http://csis.org/files/publication/120504_Significant_Cyber_Incidents_Since_2006.pdf

Share This

Share this post with your friends!