Hackers Attack Sandia Computers

Insight on the News, April 16, 2001 by Kenneth R. Timmerman

National-security secrets are being stolen from the Sandia National Nuclear Laboratory by foreign governments intent on waging information warfare with the United States.

Hackers recently penetrated national-security computer systems at Sandia National Nuclear Laboratory in Albuquerque gaining access to classified information relating to nuclear-weapons design, sources with knowledge of the cyberattack tell Insight.

The cyberattack was so serious, according to counterintelligence analysts, that the CIA conducted a full damage assessment and briefed President George W. Bush on the problem during the first week of his presidency. "In cases such as this, it's hard to know exactly what was compromised," a security analyst tells Insight. "You have to do an awful lot of work to see how bad it is, in part because of the lack of security-consciousness at the labs."

The most common method used by foreign hackers to acquire classified information from the nuclear labs is to attack large local area networks (LANs) which connect the computers used by the scientists. "Often, scientists will download classified information onto an unclassified system for convenience and forget to delete it" a former Department of Energy (DOE) official tells Insight. "The information then resides on the LAN or on large printers that are addressable from the outside, so it can be retrieved over an unclassified network" (see "DOE `Green Book' Secrets Exposed" Jan. 1).

Neither the White House, the DOE nor the FBI would comment specifically on this latest cyberattack, or say whether it involved a breach of the separate, classified computer network used by the labs. "We make no comment on threats, vulnerabilities or assessments of cybersecurity" says Darwin Morgan, a spokesman for DOE's National Nuclear Security Administration, which is in charge of lab security.

But the growing number of attacks from foreign sources on U.S. national-security computer systems prompted former president Bill Clinton last year to propose a $2.03 billion budget to fund a National Plan for Information Systems Protection -- funding that top congressional Republicans support.

"U.S. efforts at protecting these systems from cyberattack are not sufficient in any respect, whether it's our national nuclear labs, our universities, the private sector, the Department of Defense [DOD] or the service branches" Sen. Jon Kyl, RAriz, tells Insight in an interview. "There's a lot more work that has to be done. This is an area where the offense leads the defense, with rapidly evolving technology and intrusion capability. Even if we could say yesterday that we have done everything we could to prevent cyberattacks -- which we cannot -- it would be insufficient for tomorrow."

Sen. Pete Domenici, R-N.M., who chairs the Senate committee that oversees security at the nation's nuclear labs, told the Associated Press he thought the initial news report on the alleged security breach at Sandia, by Bill Gertz in the Washington Times, was "not accurate." Rep. Heather Wilson, R-N.M., contacted lab officials about the report and came away impressed that they "have made great progress on making their computers secure," a Wilson aide says. But aides said both lawmakers have expressed considerable nervousness at this latest report given the long list of previous security breaches at the labs.

Larry Perrine, a spokesman for Sandia, reacts nervously to information gathered during Insight's investigation. "We're not villains; we're trying to protect nuclear information" he says. Pressed to describe the types of measures

the lab had taken to prevent computer spying, however, Perrine clams up. "Sandia does not discuss its computer security, what threats we face or what safeguards we've taken. We consider not discussing it adds one more layer to our security." If subpoenaed, Sandia Director C. Paul Robinson would appear before Congress to defend the lab's record, he adds.

Last July, Rep. Bart Stupak, DMich., chastised Robinson and other lab directors in response to a Government Accounting Office (GAO) report detailing missing computer hard drives containing classified nuclear-weapons data and other security lapses. "I don't believe the labs have produced any evidence to assure me that they are suddenly going to take their security function seriously" Stupak said. "Rather than complain about budget cuts or other concerns, the labs need to require their people to do their jobs and protect our nation's nuclear-weapons data. McDonald's and the [local] library keep track of their employees and property for a lot less."

Sources tell Insight that a damage assessment conducted by the CIA tentatively concluded that a foreign power had directed this latest cyber-penetration at Sandia, with top suspects being Russia and China.

"It's clear that the really serious hacker attacks are coming from abroad" former deputy undersecretary of defense Stephen D. Bryen tells Insight. "These attacks are dress rehearsals for full-scale information warfare by potential enemies of the United States."