Cyber espionage, attacks, breaches, viruses — they are all among the concerns President Barack Obama cited Friday when he announced he will create a new White House office of cyber security, with that cyber czar reporting to the National Security Council as well as to the National Economic Council.
The nation’s vulnerability to cyber attacks has long been a concern. The Center for Strategic and International Studies said in a December report that the U.S. Defense Department alone has said its computers are probed hundreds of thousands of times each day.
These publicly known cases of hacks, thefts and viruses at government, military, utilities and educational sites are just some examples:
Law enforcement computers were struck by a mystery computer virus last week, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution. The U.S. Marshals said it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. "We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," said FBI spokesman Mike Kortan, who did not elaborate or identify the other agencies.
Spies have hacked into the electric grid of the United States, a former government official said last month, and they left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems, said the ex-official. In April, officials in the U.S., Britain and Germany accused Chinese hackers backed by China's military of intruding into their government and defense computer networks. China has denied the accusation.
America's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months to allow hackers access to personnel records and network servers, according to an audit released this month by the Department of Transportation's inspector general. The audit concluded that although most of the attacks disrupted only support systems, they could spread to the operational systems that control communications, surveillance and flight information used to separate aircraft. The report noted several recent cyber attacks, including a February incident, in which hackers gained access to personal information on about 48,000 current and former FAA employees, and an attack in 2008 when hackers took control of some FAA network servers.
The National Archives this month reported it is missing a computer hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures, congressional officials said. The drive, from the Archives facility in College Park, Md., was lost between October 2008 and March 2009 and contained 1 terabyte of data — enough material to fill millions of books. One of former Vice President Al Gore's three daughters is among those whose Social Security numbers were on the drive, but it was not clear which one. Other information includes logs of events, social gatherings and political records.
A six-month hacking effort at the University of California, Berkeley resulted in 97,000 Social Security numbers being stolen, said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, said this month. Hackers infiltrated restricted computer databases from October 2008 to April 9, putting at risk health and other personal information on 160,000 students, alumni and others. In addition to Social Security numbers, data included birth dates, health insurance information and some medical records dating back to 1999.
USAJobs.gov, the official job site of the federal government, was hacked, along with career site Monster.com in January. "It appears that Monster.com's database and USAJobs.gov's database were compromised and contact and account information was stolen," said Sophos, a security software firm. "Data stolen included users' login names, passwords, email addresses, names, phone numbers and some demographic data." The sites' millions of users were advised to immediately change their passwords.
In March, 2008, Harvard University said a computer hacker gained entry to its server and that about 10,000 of the previous year's graduate students and applicants may have had their personal information compromised, with 6,600 having their Social Security numbers exposed. The school said it would provide the applicants with free identity theft recovery services and help them with credit monitoring and fraud alerts.
As many as 1,500 Defense Department computers were taken offline in June 2007, because of a cyber attack, Pentagon officials said. Defense Secretary Robert Gates said the Pentagon sees hundreds of attacks a day, and this one had no adverse impact on department operations. He said the Pentagon shut the computers down when a penetration of the system was detected.
At the University of Missouri, a computer hacker accessed the Social Security numbers of more than 22,000 current or former students in May 2007, the second such attack that year, officials said. The hacker obtained the information through a Web page used to make queries about the status of trouble reports to the university's computer help desk, which is based in Columbia. The information had been compiled for a report, but the data had not been removed from the computer system.
The U.S. Department of Agriculture's computer system was breached in June 2006, when a hacker broke in over a weekend and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors, the department said. The information was used for staff or contractor badges in Washington, D.C. and the surrounding area, spokeswoman Terri Teuber said. Those who might have been affected were notified by e-mail and were being sent letters.
The Veteran's Administration lost track of a laptop in May 2006 that held personal data about 26.5 million American veterans. The story of the missing files hit just as U.S. news was peppered with other tales of missing or stolen computers that year containing 100 million pieces of data, including Social Security and credit card numbers. The VA said the laptop, recovered a month later, had been taken home by a subcontractor, and that no data was taken from the computer. Earlier this year, the VA agreed to pay up to $20 million in class-action lawsuit to veterans whose data was on the laptop.
In 2004, an FBI computer consultant gained access to the secret passwords of Director Robert Mueller and others using free software found on the Internet. The consultant, Joseph Thomas Colon, was sentenced in 2006 to six months of home detention after a federal judge said Colon was not trying to harm national security or use the information for financial gain. In his guilty plea, Colon acknowledged that he made his way into the deepest reaches of the FBI's internal computer network on four occasions in 2004.
A Southern California man admitted hacking into computers operated by NASA, Oregon State University and a San Francisco Bay area Internet service provider, and in September 2000, was sentenced to 21 months in federal prison. One hacking case involved the use of stolen credit card numbers in an attempt to wire transfer money through the Western Union Corporation. In the NASA incident, the hacker got into the agency's computers and used stolen credit card numbers to purchase electronic equipment.