[Infowarrior] - ORNL (hack) attack

Richard Forno rforno at infowarrior.org
Fri Dec 7 13:55:40 UTC 2007 


http://www.salon.com/wires/ap/scitech/2007/12/06/D8TC7K582_cyber_attack/inde
x.html


Hackers Get Data of Federal Lab Visitors
By DUNCAN MANSFIELD Associated Press Writer

Dec 6th, 2007 | KNOXVILLE, Tenn. -- The Oak Ridge National Laboratory
revealed on Thursday that a "sophisticated cyber attack" over the
last few weeks may have allowed personal information about thousands
of lab visitors to be stolen.

The assault appeared "to be part of a coordinated attempt to gain
access to computer networks at numerous laboratories and other
institutions across the country," lab director Thom Mason said in a
memo to the 4,200 employees at the Department of Energy facility.

Oak Ridge officials would not identify the other institutions
affected by the breach. But they said hackers may have infiltrated a
database of names, Social Security numbers and birth dates of every
lab visitor between 1990 and 2004.

"There was no classified data of any kind compromised," lab spokesman
Bill Stair said Thursday. "There are people who think that because
they accessed this database that they had access to the lab's
supercomputer. That is not the case. There was no access at all."

The lab currently has the second-fastest supercomputer in the world,
an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and
has plans to build another.

About 3,000 researchers annually visit the facility, a major DOE
energy research and high-performance computing center, about 25 miles
west of Knoxville.

Officials have sent letters to about 12,000 potential victims. Mason
said so far there was "no evidence that the stolen information has
been used."

The assault was in the form of phony e-mails containing attachments,
which when opened allowed hackers to penetrate the lab's computer
security. The practice is called "phishing."

The first fake e-mail arrived Oct. 29. At least six more waves followed.

"At first glance, they appeared legitimate," Mason wrote. One
notified employees of a scientific conference. Another pretended to
notify the employee of a complaint on behalf of the Federal Trade
Commission.

Each one instructed recipients to open an attachment for further
information. And when they did, it "enabled the hackers to infiltrate
the system and remove data," Mason wrote.

The lab's cyber police determined about 1,100 phony e-mail messages
entered the lab's network. In 11 cases, an employee took the bait and
opened the attachments.

"Our cyber security staff has been working nights and weekends to
understand the nature of this attack," Mason wrote. "Reconstructing
this event is a very tedious and time-consuming effort that likely
will take weeks, if not longer, to complete."

Meanwhile, the lab will post updates on its Web site at
http://www.ornl.gov/identitytheft.

"Every year we build bigger and more sophisticated fences around our
databases and every year our enemies find new and more sophisticated
ways to tunnel under the fence," Stair said. "This is an ongoing
challenge that is going to be there as far as we can see in the
future."

More information about the Infowarrior mailing list