Friday, December 7, 2007
Hackers Get Data of Federal Lab Visitors
The Oak Ridge National Laboratory revealed on Thursday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen.
The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.
Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004.
"There was no classified data of any kind compromised," lab spokesman Bill Stair said Thursday. "There are people who think that because they accessed this database that they had access to the lab's supercomputer. That is not the case. There was no access at all."
The lab currently has the second-fastest supercomputer in the world, an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and has plans to build another.
About 3,000 researchers annually visit the facility, a major DOE energy research and high-performance computing center, about 25 miles west of Knoxville.
Officials have sent letters to about 12,000 potential victims. Mason said so far there was "no evidence that the stolen information has been used."
The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The practice is called "phishing."
The first fake e-mail arrived Oct. 29. At least six more waves followed.
"At first glance, they appeared legitimate," Mason wrote. One notified employees of a scientific conference. Another pretended to notify the employee of a complaint on behalf of the Federal Trade Commission.
Each one instructed recipients to open an attachment for further information. And when they did, it "enabled the hackers to infiltrate the system and remove data," Mason wrote.
The lab's cyber police determined about 1,100 phony e-mail messages entered the lab's network. In 11 cases, an employee took the bait and opened the attachments.
"Our cyber security staff has been working nights and weekends to understand the nature of this attack," Mason wrote. "Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete."
Meanwhile, the lab will post updates on its Web site at http://www.ornl.gov/identitytheft .
"Every year we build bigger and more sophisticated fences around our databases and every year our enemies find new and more sophisticated ways to tunnel under the fence," Stair said. "This is an ongoing challenge that is going to be there as far as we can see in the future."
Posted by SANJIDA AFROJ at 8:30 PM