recommended reading

Labor’s Toxic Exposure Website Serves Up Spyware to Energy's Nuclear Workers

Kheng Guan Toh/

A type of cyber breach that hacks website visitors has struck a Labor Department site visited by Energy Department employees who have worked with nuclear weapons, according to researchers who identified the virus.

Labor officials acknowledged one of their sites was compromised. 

Researchers at security provider Invincea, tipped off by an unnamed individual on Tuesday night, identified a "watering hole" assault on Labor's “Site Exposure Matrices” public website. The database lists nuclear-related illnesses linked to Energy facilities  and toxicity levels at each location that might have sickened employees developing atomic weapons, according to the Institute of Medicine. The website is intended to help Labor caseworkers and former Energy workers determine appropriate compensation.

"We can infer the target of the attack are [Energy Department] folks in a watering hole style attack compromising one federal department to attack another," Anup Ghosh, Invincea's founder and  a former program manager at the Defense Advanced Research Projects Agency, told Nextgov.

Watering hole attacks exploit existing flaws in websites to implant malicious software that then infiltrates the computers of people visiting the site. In this instance, Ghosh concluded, the hackers took advantage of an error in older versions of the Internet Explorer browser.

Labor spokesman Jesse Lawder said in an email that on Wednesday, "Labor confirmed that a website related to a DoL program appeared to be compromised." The agency immediately took the site offline and began investigating the incident with "appropriate internal and external authorities" to identify and minimize potential impacts.  

Similar intrusions recently hit sites belonging to the Council on Foreign Relations, NBC and renewable energy technology supplier Capstone Turbine Corp, according to various researchers. NBC later reported strong evidence linking that particular campaign to China. 

Ghosh said it was likely that nothing unique to Labor’s database made it more vulnerable than any other large organization's site. 

Atlantic Media, which owns The National Journal Group and Nextgov, disclosed earlier this year that was distributing malware to visitors. Ghosh, who documented that episode at the time, said on Wednesday, "No one is immune to these attacks." 

He added, "The federal enterprise isn't much different from corporate enterprises in terms of using older versions of Windows and Internet Explorer. As a result, these attacks are likely to be successful unless the target is using more advanced forms of browser protection software such as virtual containers.”

While the method of infection might not be considered "sophisticated," the targeting and persistence of the adversary, after infection, could indicate this was a sophisticated attacker, Ghosh said. 

Microsoft, Apple and Facebook officials admitted their employees fell prey to watering hole attacks while visiting a software developer website. 

Right now, there is no evidence internal Labor data and services were manipulated or lost, according to agency officials. "The department will continue the investigation and will ensure that appropriate precautions and safeguards remain in place to protect our information and information systems" Lawder added. 

Incidentally, about a month ago, the Institute of Medicine released a study that criticized this nuclear illness database for, among other things, poor navigation, insufficient details, and inconsistent descriptions for particular locations and jobs.

Independently, researchers at Alienvault Labs seem to have happened upon the same Labor Department penetration, according to the company's blog. They suggest that techniques used to raid Labor’s site match those "used by a known Chinese actor called DeepPanda."   

(Image via Kheng Guan Toh/

Threatwatch Alert

Accidentally leaked credentials

U.K. Cellphone Company Leaks Customer Data to Other Customers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.