A hacktivist group, self-identified as ‘gay furry hackers,’ recently targeted the Idaho National Laboratory (INL) nuclear research lab and leaked personal information of researchers online. The leaked data included full names, dates of birth, email addresses, and physical addresses. The hackers posted the information on their Telegram channel, claiming to have accessed ‘hundreds of thousands’ of details for users, researchers, and citizens. While no nuclear research data was leaked, the exposure of America’s top nuclear researchers’ names online has raised concerns among security experts.
The Siegedsec group, known for their previous data leaks from organizations like NATO and Atlassian, made no monetary demands. Instead, they openly shared the leaked data online. Security experts at SOCRadar suggest that the hackers may be motivated by the thrill of hacking, speculating that they are likely between the ages of 18-25.
The INL confirmed the cyber attack and stated that they are assessing the extent of the breach. Lori MacNamara, a spokesperson for the lab, mentioned that the breach affected the servers supporting the Oracle HCM system, which handles Human Resources applications. Immediate actions have been taken to protect employee data, and the lab is collaborating with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency, to investigate the incident.
Established in 1949, the Idaho National Laboratory has been actively involved in nuclear reactor research. The site has seen the construction of over 50 reactors and currently employs up to 5,700 individuals. The lab is engaged in research on new nuclear reactor technology. The breach by SiegedSec is disconcerting, considering the lab’s critical role in nuclear research and its status as part of the U.S. Department of Energy complex.
The hacktivist group, known for their vulgar jokes, has maintained a Telegram channel since spring 2022. They posted screenshots of internal tools used in the laboratory as proof of their successful breach. It is worth noting that the group has defaced websites and leaked information from various government websites, affecting at least 30 different organizations. SOCRadar.io suggests that SiegedSec may have connections with other hacktivist groups, including GhostSec, and that their attacks are primarily driven by amusement rather than financial gain.
Colin Little, a security engineer at Centripetal, expressed his views on the incident, stating, ‘Although media coverage of this event claims that no nuclear secrets, intellectual property, or research data were compromised, the leak of personal information from top nuclear researchers is still a matter of concern.’
The Idaho National Laboratory, as one of the 17 national labs constituting the U.S. Department of Energy complex, is considered critical national infrastructure. With its involvement in cutting-edge nuclear reactor research, the lab plays a vital role in advancing nuclear technology.