Nuclear secrets leak through USB via Insider

857

Well, it cannot be termed exactly as an insider threat. But surely, an innocent mistake of an employee could have/might have leaked sensitive details to the outside world such as hackers.

An IT worker of Sellafield Ltd,UK, accidentally forgot her bag in the parking lot and when she got to know about it and went to pick it up, the USB containing sensitive files fell from the bag into the car park leaving the worker in a state of shock.

The incident took place in the year 2018 when she attended a meeting related to an employment tribunal over a security matter. And during this time, the black bag with a mesh pocket went missing. After a while she found the bag, but without the USB stick, as some things fell off from the bag during the search. And after some hours of search the USB stick containing data related to Thorp Primary Domain Controller (PDC) was recovered.

Evidentially, such the smallest information spill often leads to a bigger espionage program that can turn into a serious national threat at any moment.

And this made the tribunal launch a damage control program in which the employee was a kind of prosecuted.

Despite having 20 years’ experience working for Sellafield, she forgot to follow basic cyber hygiene principles that could have resulted in a kind of info leak from an insider.

Interestingly, the USB was also being used by the employee on her computer at her home and office network. And she was about to use the same pen drive at her another project site related to a game developer.

What if the USB was induced with spyware that could have leaked to the office network, damaging the network or the software forever?

As the employee operated in the field where national security and safety ought to be of paramount significance, the incident was termed to be extremely serious.

And so, the panel dismissed her from the duty as her laxity could have deeply affected nuclear safety and could have offered classified info to terrorists and state funded actors.

Despite of her explanation that she was not at fault and faced many health issues because of the work schedule & environment, the disciplinary committee fired her from duty and ordered the IT engineers of the multi-function nuclear site to look for any misuse of info in the past and the future.

 

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display