The Idaho National Laboratory (INL), one of the biggest nuclear labs in the US with thousands of employees, has been hacked by the group Sieged Security (stylised SiegeSec). The hackers are self-proclaimed "gay furry hackers" who have posted a sample of the data obtained online, and are threatening to release huge amounts of employee data unless the lab makes a peculiar deal: "We're willing to make a deal with INL," says SiegeSec alongside the post, "if they research creating IRL catgirls we will take down this post."
That is a reference to a long-running meme about furries wanting to create a race of sexy human-mutant cats and, yes, none of those words are in the Bible. The data breach consists of employee addresses, Social Security numbers, birthdates, numbers, and "lots lots more!" The East Idaho News reported it contacted some of the employees in the initial leak, and verified that the information was accurate (thanks, The Register).
INL is based in Idaho Falls and employs around 6,100 people, and the scale of this thing is almost unimaginable: 890 square miles. 52 reactors have been built and operated by INL since 1949 and former director John Grossenbacher once said "the history of nuclear energy for peaceful application has principally been written in Idaho." This place developed the first nuclear generator that could provide a usable amount of electricity.
Well. SiegeSec have hit some big targets in the past, including NATO, but this is almost certainly going to attract some men in suits. It should be said that the hack does not relate to the lab or its functioning, but is focused on "Human Resources services" and apparently involved a breach at an external vendor.
SiegeSec's public posts about the hack begin "meow meow meow meow meow meow meow" before boasting about how much "yummy" and "crunchy" data it has. It added the group had messaged users via the Oracle software the lab has "showing our access" before making the proposition about catgirls.
Following the hack being made public, the group's social media account commented "Many people ask 'why?' for INL breach. We are cats, intricacies such as 'why' do not concern us." In response to one person expressing incredulity at the target, with INL involved in efforts to tackle climate change among other things, and asking whether the hackers were 12 years old, SiegeSec replied:
"INL is responsible for a lot more than climate change solutions, they were not targeted due to their involvement in climate change mitigation," before going on to list its involvement in nuclear plants, control systems cybersecurity (!), vehicle testing, bioenergy, robotics, nuclear waste processing, and more.
None of those things seem especially egregious to me, but then I'm not a furry hacker. The INL says an investigation into the breach is underway and the feds are involved:
"Earlier this morning, Idaho National Laboratory determined that it was the target of a cybersecurity data breach [...] INL has been in touch with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency to investigate the extent of data impacted in this incident."