IAEA Server Breached, Scientists’ Email Addresses Spilled

The International Atomic Energy Agency has confirmed to Reuters that one of its decommissioned servers had been accessed and had data stolen from it.

The International Atomic Energy Agency has confirmed to Reuters that one of its decommissioned servers had been accessed and had data stolen from it.

The admission from the United Nations’ nuclear regulatory arm came in response to the publication of some 170 email addresses, apparently belonging to the same number of scientists, showed up in identical entries on Cryptome and the text sharing site Pastebin.

The list of email addresses comes alongside a veiled threat to release more information from the compromised server if the IAEA doesn’t investigate nuclear weapons and other activities in Israel.

The list boasts email addresses from prominent universities, organizations, and government agencies, including the National Institute of Standards and Technology, the Institute of Electrical and Electronics Engineers, SANDIA Labs, the Department of Energy, and the Los Alamos National Laboratory to name some of the more noticeable email domains.

The author of the entries on Cryptome and Pastebin claims to be affiliated with a hacker group operating under the handle Parastoo. According to the group, the hack is not an attack on the IAEA, with whom they claim an unexplained brotherhood, but rather a request that the owners of the purloined email addresses sign a petition demanding an investigation of “the activities at Dimona.”

“The activities at Dimona” likely refers to Israel’s unofficial and unrecognized nuclear program and the Negev Nuclear Research Center located near the Israeli city of Dimona.

The entry reads like an extortion letter when the author threatens to publish the “whereabouts of every single one of these individuals” who would be considered “partner[s] in crime” along with the IAEA “should an accident take place there.”

A number of reports are identifying Parastoo as a pro-Iranian group, but their allegiance to Iran remains unclear. However, the group reassures the IAEA that it will keep safe other information accessed on the compromised server unless “a western-favored element entertains another sip of motorbike & magnetbomb cocktail.”

The somewhat cryptic reference to “motorbike & magnetbomb cocktail” probably refers to a series of assassinations that occurred earlier this year in which assassins on motorcycles magnetically attached bombs to the cars of nuclear scientists believed to be affiliated with Iran’s alleged nuclear weapons program.

“The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago,” IAEA spokesperson Gill Tudor told Reuters. “The IAEA’s technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.