the federal government’s nuclear weapons laboratories may have originated in China

China Link Suspected in Lab Hacking

A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.

Government computer security officials said the warning, which was issued by the United States Computer Emergency Response Team, known as US-CERT, was related to an October attack that was also disclosed last week by officials at the Oak Ridge laboratory.

According to a letter to employees written by the laboratory’s director, Thom Mason, an unknown group of attackers sent targeted e-mail messages to roughly 1,100 employees as part of the ruse.

“At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”

In a statement posted on the laboratory’s Web site, the agency stated: “The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory.”

The laboratory said the attackers were able to gain access to a database containing personal information about visitors to the laboratory going back to 1990.

The US-CERT advisory, which was not made public, stated: “The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”

The US-CERT memo referred to the use of e-mail messages that fool employees into clicking on documents that then permit attackers to plant programs in their computers. These programs are then able to copy and forward specific data — like passwords — to remote locations.

Despite improvements in computer security, phishing attacks are still a big problem. In the case of the Oak Ridge intrusion, the e-mail messages were made to seem authentic. One described a scientific conference and another referred to a Federal Trade Commission complaint.

Computer security researchers cautioned that despite the US-CERT description of the attacks as sophisticated, such threats are frequently undertaken by amateur computer hackers.

Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.

Hackers Breach Security at Major U.S. Labs
In a major development that has raised concerns about security for American military laboratories, hackers managed to hack into the computer systems of the Oak Ridge National Laboratory in Tennessee and the Los Alamos National Laboratory in New Mexico, two of the most vital scientific labs in the United States.

While some details are available about the attack on the Oak Ridge lab, not much is known about the attack on the Los Alamos facility. This lab is considered a sister institution of the one at Oak Ridge. Scientists believe the two attacks are interlinked, though there is not enough information to confirm the attack on the Los Alamos facility was totally successful.

Even though there is no official word to the effect that the attack on the Los Alamos lab was successful, there are pointers that indicate this to be the case. For instance, a lab spokesman earlier said the staff had received information about an attempted breach on November 9, which was just a few days after the attacks at the Oak Ridge facility.

One can surmise that the notification could only mean that the attack had been successful, and that there had been attacks on other laboratories across the U.S. as well. There is no information yet, however, on whether the hackers had targeted other laboratories across the United States as well.

An Oak Ridge spokesman said the attacks occurred in the form of phishing e-mails with malicious attachments that the hackers sent to the e-mail ids of personnel working at the lab. The general assumption currently is that these attachments, if opened, would have resulted in the release of Trojans that had the ability to sidestep all the security systems in place at the lab internally. The first wave of attacks started on October 29.

Describing the attack on the Oak Ridge laboratory as a ‘sophisticated cyber attack’, a lab spokesman said the hackers had gained access to a database the lab maintained about visitors to the lab between 1990 and 2004. The visitors’ information on the database included vital data such as their birth dates and social security numbers.

Thom Mason, the director of the Oak Ridge lab, said the hacking attempt as a ‘coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.’ He said the lab could not give out any more details about the attacks for a while, till they were able to understand exactly what the attack was all about, as the whole matter was of a highly sensitive nature.

What makes the hacking of the Oak Ridge lab computers all the more worrisome is the fact that about 3,000 people visit the lab each year, and the visitors’ list here makes up literally the who’s who of the U.S. science community.

The Oak Ridge lab serves multiple purposes. This science laboratory specifically dabbles in military research, and is where the technological expertise that the homeland security people use originates. It also is home to one of the fastest supercomputers in the whole world.
The Los Alamos lab is another multipurpose lab, though its area of specialization is specifically research in nuclear weapons. Currently it is one of only two labs in the U.S. working on an issue of such a highly sensitive nature.

However, over the years, security at Los Alamos has become somewhat of a laughing matter, with a number of security breaches being recorded over the past few years. As recently as August this year, the lab apparently released highly sensitive data related to nuclear research over e-mail. Again, in 2006, a USB data stick with information on nuclear weapons tests had been recovered from a drug dealer.

The latest attack is another blot on the security apparatus at Los Alamos. What is more worrying probably is the fact that the two attacks on the two different facilities could be part of one coherent and cohesive plan possibly involving a rival government. Another possibility, all the more worrying, is that the theft of data could merely be a cover for something much more serious.