Aug 6, 2007

Another Security Breach at Los Alamos

Here we go again.




Contact: Danielle Brian or Peter Stockton 202-347-1122

Another Security Breach at Los Alamos

An incident involving the unauthorized release of classified data via email occurred last week at Los Alamos National Laboratory (LANL). The incident, which has been confirmed by the Project On Government Oversight (POGO), is rated among "the most serious threats to national security."

The incident follows the Department of Energy's (DOE) July decision to slap the Lab with a $3.3 million fine , and to threaten the Lab with another fine if it failed to comply with security rules. The fine was levied because of the October 2006 incident in which classified information was discovered during a methamphetamine drug bust. The discovery was originally revealed by POGO. Last week's breach follows a series of other incidents in recent months (see links below).

This most recent breach was originally rated an Impact Measurement Index-1 (IMI-1), which is the most serious level security violation. In an attempt to minimize the problem, the breach was downgraded to a less severe category of IMI-4. After another review, however, it was elevated back to IMI-1.

"LANL has been fined, lab officials have been fired, and the lab was even closed for a number of months so that it could get its act together," said POGO Senior Investigator Peter Stockton. "It's clear that it just can't."

According to LANL , an IMI-1 rated incident is defined as:

"Actions, inactions, or events that pose the most serious threats to national security interests and/or critical DOE assets, create serious security situations, or could result in deaths in the workforce or general public. IMI-1 includes, but is not limited to, (1) confirmed or suspected loss, theft, or diversion of a nuclear device or components or weapon data; (2) confirmed or suspected intrusions, hackings, or break-ins into DOE computer systems containing Top Secret, SAP [Special Access Programs] information, or Secret Compartmented information; and (3) confirmed or suspected acts or attempts of terrorist actions."

Below is a list of security incidents at the Los Alamos National Laboratory since the Wen Ho Lee scandal in 1999.


Los Alamos Security Incidents Since the Wen Ho Lee Controversy

July 2007 Los Alamos lab worker with "highest possible security clearance" arrested in cocaine drug bust. July 6, 2007. SOURCE: KRQE

June 2007 Los Alamos board member sends highly classified email message unsecured, comprising "the most serious breach of U.S. national security." SOURCE: Time Magazine

May/June 2007 Los Alamos staffer takes lab laptop containing "government documents of a sensitive nature" with him on vacation to Ireland, where it is stolen. Los Alamos scientist sends highly classified email over unclassified networks to the Nevada Test Site. SOURCE: Newsweek

October 2006 – Classified information from Los Alamos found during methamphetamine drug raid. SOURCE: POGO

June 2006 NNSA Administrator Linton Brooks informs Congress that computer hackers got access to detailed personal information, including Social Security numbers for about 1,500 DOE contract workers in September 2005. Yet neither the workers whose personal information was compromised, nor the DOE's cyber-security head were notified about the incident. SOURCE: Associated Press

July 2004 – POGO reports that 17 incidents of classified information from Los Alamos were sent over unclassified networks. On July 23, 2004, DOE shuts down operations involving Classified Removable Electronic Media (CREM) across the entire nuclear weapons complex. SOURCE: POGO

May 2004 – Classified computer media goes missing at Los Alamos. Lab claims it is "a single accounting discrepancy." SOURCE: POGO

December 2003 – Los Alamos confirms that computer disks were identified as lost during an "inventory of classified computer media." In total, ten disks were lost. SOURCE: POGO , LANL

January 2003 – A computer hard drive that contained classified data had been missing from the Los Alamos since October 2002, but top officials at DOE failed to investigate the loss. On January 16, 2003, DOE Secretary Spencer Abraham issues statement saying: "I am deeply troubled that Los Alamos National Laboratory is unable to account for computer equipment and other materials as part of lab management's inventory control and audit program." SOURCE: POGO , DOE

November 2002 – Documents leaked to POGO show that more than 200 computers are missing, some from top secret programs. A January 2003 report by the DOE Inspector General later corroborates the findings, and scolds Los Alamos for firing the officers who wrote the memo. SOURCE: POGO , DOI Inspector General

January 2002 – Computer data containing nuclear weapons design information goes missing. LANL locates the missing disk. SOURCE: POGO

June 2000 – Two hard drives containing nuclear weapons secrets disappear at Los Alamos. They are mysteriously found several weeks later behind a copy machine. SOURCE: LANL

March 1999 – Wen Ho Lee, a Los Alamos nuclear weapons scientist, is investigated by the FBI for allegedly downloading nuclear secrets onto his hard drive.


Founded in 1981, the Project On Government Oversight (POGO) is an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.

# # #


Anonymous said...


I'm beginning to subscribe to the conspiracy theories. Surely it can't be that all the security incompetence is concentrated in Los Alamos.

Anonymous said...

Basically, the security gain knob is turned all the way up here at LANL. You do know that the GAO, in doing their cyber review, is going to camp out two weeks of each month until the end of the calendar year.

Anonymous said...

I don't believe that the GAO is finding these infractions. It's probably the security office at LANL, NNSA or DOE.

Anonymous said...

As briefed (in the open) to managers each month, the average is about 1 IMI-1 or IMI-2 per month - has been for a long time. Somebody slips and uses the wrong word or phrase in an open email. Reasons: 1) too much stuff is classified; 2) the classification rules are too voluminous and arcane for anyone to know or remember; 3) there is a lot of pressure on LANL staff to get stuff done NOW. Despite all that, considering the millions (literally) of open emails sent from LANL every month, it is an incredibly good record. The breathless POGO stuff is getting a little tired.

Anonymous said...

see this:

Anonymous said...

Every Q-cleared staff member who works behind the fence should be supplied with a LANL thin-client secure terminal which is provided quickly, easily, and free of charge so that the chances of this happening are greatly reduced. This thin-client and it's network would primarily be used for secure E-mail communications. Is that too much to ask? It's what other agency and facilities that handle classified information routinely provide to all their staff. The RedNet is a joke. It took me over 8 months to get a secure port installed in my office with an installation cost of over $15K. In addition to this, new cyber-security rules have made operations of a RedNet PC in offices very burdensome. The goal should be to make secure communication at LANL both ubiquitous and easy to use.

We can do better. Why hasn't this been fixed yet? Where did all that extra cyber-security money supplied to LANL go? It certainly didn't go into expanding out a convenient and easy to use network for secure communications between the staff. If you've been to other secure facilities, you've seen how they operate. Why is LANL so behind the times when it comes to this issue?

Anonymous said...

the most recent security breach involved the "flagship" 1663 magazine and classified data regarding pit manufacturing and specific weapons. The information was very current as opposed to JQ's 20 and 30 year old classified crap.

But like the Board of Governors and their recent OOPS with classified emails this one will also go under the rug.... and not Mikey's

Anonymous said...

1) How can 1 incident per month be acceptable, per 6:23 ?

2) The tone of 9:17 about old materials is inappropriate. One would think that old information is of prime value to Bin Laden.

Anonymous said...

Am I missing something? I don't see "another security breach", just people talking more about ones we already know about. It appears the most recent instance was that coked up dipshit from a month or so ago, and nothing additional yet. Or is there something new to report?

Anonymous said...

Not to worry. Uncle Boddy will lable *this* incident "human error" just like he did for LANS' little oopsie just a month or so ago. Then Mikey and his boys will sweep it all under the table again. And then we will resume our trip down the path to becoming the nation's new plutonium pit production facility.

Anonymous said...

9:32 PM: "How can 1 incident per month be acceptable, per 6:23 ?"

It is obviously not acceptable; just unavoidable. How do you propose it be avoided? It is one incident amounting to one in 10.000.000 (approximately) per month. What better incident statistic can you cite? Is your rate of stupid mistakes in your life less? If some government agency were mandating controls over your behavior that you couldn't possibly comply with, woould you do as well? Name a human endeavor that results in zero mistakes.

Anonymous said...

@9:32 PM

Some percentage of TMI-1/2 come up because of code words being combined in an email by someone without that person knowing they were code-words (but might have known by being in the same organization as the words showing up.)

Heck I remember one example was an email of someone talking about taking vacation days because their dog needing an operation and they needed to go to a school to meet their daughter. The school, dog name/breed, daughters name etc were all found to be code-words. They also ended up being the real name of their daughter and the school she was attending, dog name/breed. It got flagged and labeled a TMI-2 I think.

They usually get a high ranking because of the fact that at some point in the past there was a perception that LANL didnt do enough to protect secrets so bumping it up a couple of levels makes the auditors happy.

Now that doesnt mean there aren't legitimate lapses.. it just means that some percentage of them are 'false-positives' that have to be flagged and investigated as possible Intelligence problems, user stupidity, or other issues.

Pinky and The Brain said...

8/6/07 9:37 PM,

Written by John Fleck
Monday, 06 August 2007
Los Alamos National Laboratory officials are confirming another security incident from last week, in which classified information was improperly emailed around within the lab.

POGO first revealed the incident in an email to reporters this morning. The organization offered little detail, but lab spokesman Kevin Roark confirmed this afternoon that a lab employee emailed a classified document within the lab on the lab's "yellow" network. It's an internal network, but because it is connected to the outside world via the Internet, you're not supposed to use it for classified stuff.

POGO's Pete Stockton told me this afternoon that in addition to the improper use of the yellow network, the classified document in question was emailed to a lab employee who does not have a security clearance, which would also be a problem.

Anonymous said...

Nice rationalization. Not acceptable, but we should accept it anyway.

How would I avoid this? Fire the careless. Hire people who give a shit. Apparently not you.

1 in 10,000,000? There are 10M classified communications per month? That’s about 1,000 per employee, ranging from the janitors to the director. 50 per workday? 6 per hour?

Boo hoo. You have to go to ladder training, so you feel it is acceptable to compromise our nation’s most important secrets.

Do I make mistakes? Sure. Not with secrets that could compromise the nation’s security. If you have something to say, go to a vault. Or shut up. Pay some attention to what you are doing, or do the world a favor and resign.

Anonymous said...


You have not f*ing idea what you are talking about nor do you the know the numbers at the other DOE labs and other federal goverment organizations. Yes we need to do the best we can, however you have to consider what our
record is relative to other comparable organizations that never make the news. I bet you do not work at LANL. I do agree that we should hire better people. This is not just true at LANL but at these other places as well.

Anonymous said...

I'm not shocked, although this sort of mistake always causes some level of aggrivation to hear about. What has baffled me for my entire time here at the lab is that there are two types of people: those who are paranoid about security and will send even unclassified communications on the secure, just to be safe, and those who seem to feel that the secure network is too much bother, and like to push the line on what they can send in the open. Unfortunately, I see a larger number of people in the second category (although I find the paranoid group to be larger by experience with my colleagues), and the excuse typically is "I don't have a secure workstation", or "It's inconvenient to use the secure if *I know* it's unclassified".

The problem is, most of these arrogant idiots aren't ADCs, so it's a dubious claim that they can make the judgement call on classification issues and quite honestly, I don't understand why people insist in participating in classified work without taking the corresponding responsibility for using the secure net and becoming good friends with their local ADC for open communications. What is more bothersome is that I've seen individuals who like to push this line get scolded by their peers (fortunately, I haven't seen an actual violation - knock on wood), yet their management does little in terms of attitude adjustment to fix these idiots who like to find the line and get as close to it as they can.

Oh wait - that's considered acceptable management practices around here. What was I thinking! Carry on.

Anonymous said...

11:47. Two wrongs don't make a right, so who cares what other organizations do?

And don't do your best. That's clearly not good enough. Do it right, instead.

Anonymous said...

8/7/07 12:15 AM - you sound just like lloyd gordon. Good grief. It must feel great to be so perfect.

Anonymous said...

I have been an ADC for a decade and I am still baffled by most of the "gray area" questions that my colleagues bring to me. "Can I say this isotope in association with this project?" Shoot, I don't know, and I don't have a guide on that topic. How about you just don't mention the isotope at all? Can't do that? Ok, then how about not mentioning the project so specifically, maybe just say "experiment."


The Classification Group, for some bizarre reason doesn't want ordinary folks to have access to the guides as reference materials. On the theory that they would be "making classification determinations" with them. In reality, the main reason most people become ADC's is out of a sense of self-preservation, not public service.

Even an IMI-1 doesn't necessarily mean an unauthorized person DID receive and read a copy of a classified document much less have the ability to identify the classified information therein), it means the information existed somewhere in the space/time continuum that COULD HAVE allowed an unauthorized person to read it.

I'm not sweeping this under the rug. Just need to point out that an IMI-1 email isn't likely to have a cutaway diagram of the W-88 with full dimensions and tolerances. The one's I've seen have been far more obscure concatenations of words and even cost codes. Classification is an art, not a science, and it's well known that different NNSA sites use difference guidance/interpretations, even though we are all following the same ultimate DOE rules.

Oh, and that Red Net? The project is just to bring the wires to your building, not to your desk.

Anonymous said...

From our good friends at the Santa Fe New Mexican (August 5):

From 2002 through 2004, there were 35 “Category 1” security incidents at Lawrence Livermore National Laboratory in California, and 22 at Los Alamos, New Mexican archives show. A Category 1 incident is the most serious tracked by the Department of Energy. That information was provided by the department.

As another poster just pointed out, two wrongs don't make a right. But there sure are a lot of Livermites - bitter about their own contract transition - who want to pretend that their own security record is soooooooo lily-white. That gets old.

Anonymous said...

Well it's obvious what the solution is to all these revelations of Lab stupidity. We need to make sure we permanently muzzle all whistleblowers. We need to pass legislation in Congress that makes it a federal offense to disclose anything negative about Los Alamos. We need to develop hallucegenics that can be slipped into the water supply to sedate all employees and to ensure total 100% unquestioned loyalty towards the Lab. Lastly, we need to elect a Bechtel executive as President, thus breaking the oil industry's grip on power and placing it squarely where it belongs--in the hands of the military-industrial complex that I love like my own mama. If we can get Rupert Murdock in as VP we can also control the media. In short the solution, put quite simply, is to gut and bleed dry every lousy do-gooder in the bunch.

--These thoughts of inspiration shared with you through the generosity of the King Richard and Emperor Mikey of LANS Think Tank.

Anonymous said...

11:23PM claims that a simple email about the family dog and kids can mistakenly be flagged as a classified communique. That's about the dumbest thing I've ever heard. While the general public may be viewed as largely stupid in the eyes of many of my Lab colleagues, that doesn't mean the general public is going to believe such nonsense as this. So let's stop making excuses for why the Lab can't manage to manage much these days. Maybe if we could admit. at least once in awhile, when we mess up, we'd be better off as an institution. At least then people could move on to the next issue without harping so much on the past.

Anonymous said...

How about the incident was self reported. There are many honest employee's who self report.

Anonymous said...

Yes, the rules that ADC's have to follow are complex. Yes, there seem to be many grey areas. The one solution LANL can do to help in this matter is to make secure communication facilities ubiqitious at the lab so that there is less chance for these incidents to occur. That is not what they are doing. LANL, with NNSA's help, is making secure computing and communication more difficult to implement at the desktop, not less.

Put a secure thin-client at every Q-clear workers desktop who works behind the fence. This thin-client could be used mainly for Email and light word processing tasks. This won't completely solve the problem, but it will go a long way to helping make sure that the chances of it occuring are greatly reduced.

Anonymous said...

11:40pm: That makes too much sense, so you must not be a LANL person. You are obviously not considering the fact that the thin client won't have anyplace to put the JB Weld, and we all know - JB Weld equals secure computing.

Anonymous said...

Perhaps it time to start putting the JB Weld in all of our office electrical outlets. Bad things can happen with all those nasty electrical products being used at LANL.

Opps! I think I just gave NNSA their next bright idea.

Anonymous said...

Follow rules wisely