Saturday, December 8, 2007
Hackers Launch Major Attack on US Military Labs
"sophisticated cyberattack" has been detected at Oak Ridge National Laboratory over the last several weeks, and authorities suspect the hackers are based in China.
The breach might have compromised the personal information of thousands of visitors to the lab, according to a communiqué sent to employees.
Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory and Los Alamos National Laboratory.
Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Laboratory in New Mexico.
In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.
The attack was described as being conducted through several waves of phishing emails with malicious attachments, starting on Oct. 29. Although not stated, these would presumably have launched Trojans if opened, designed to bypass security systems from within, which raises the likelihood that the attacks were targeted specifically at the lab.
ORNL director, Thom Mason, described the attacks in an email to staff earlier this week as being a "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."
"Because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack," he added.
The ORNL has set up a web page giving an official statement on the attacks, with advice to employees and visitors that they should inform credit agencies so as to minimize the possibility of identity theft.
Less is known about the attacks said to have been launched against the ORNL's sister-institution at Los Alamos, but the two are said to be linked. It has not been confirmed that the latter facility was penetrated successfully, though given that a Los Alamos spokesman said that staff had been notified of an attack on Nov. 9 - days after the earliest attack wave on the ORNL - the assumption has to be that something untoward happened there as well, and probably at other science labs across the U.S.
The ORNL is a multipurpose science lab, a site of technological expertise used in homeland security and military research, and also the site of one of the world's fastest supercomputers. Los Alamos operates a similar multi-disciplinary approach, but specializes in nuclear weapons research, one of only two such sites doing such top-secret work in the U.S.
Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests.
"This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian, executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks
The possibility that the latest attacks were the work of fraudsters will be seen by some as optimistic - less positive would be the possibility of a rival government having been involved. Given the apparently coordinated nature of events, speculation will inevitably point to this scenario, with the data theft a cover motivation for more serious incursions.
The intrusion is under active investigation by multiple agencies. FBI and Department of Homeland Security officials tell ABC News they believe the attacks originated in China with Chinese entities probing U.S. systems.
Investigators have not been able to determine whether the attacks came from government or private entities in China.
The statement, from Laboratory Director Thom Mason, said the attack "appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."
Other federal labs, including Los Alamos National Laboratory in New Mexico and California's Lawrence Livermore National Laboratory, have also been targeted in the scheme.
Livermore lab spokesman Stephen Wampler tells ABC News that the facilities employees received "approximately 1,000 spam-type e-mails with attachments" in October and November, but said the lab's cybersecurity systems thwarted the attempted attack.
"As a result, there was no compromise of data at our laboratory," he said.
A Los Alamos spokesman said the lab notified employees on Nov. 9 that a "malicious, sophisticated hacking event" affected a small number of computers on the facility's unclassified network.
"A significant amount of data was removed," the spokesman said. "The exact nature of the information is currently under computer forensic investigation."
As for the Oak Ridge breach, the message went on to explain that "hackers potentially succeeded in gaining access to one of the laboratory's nonclassified databases that contained personal information of visitors to the laboratory between 1990 and 2004."
The personal information at risk includes names, dates of birth and Social Security numbers of the visitors.
"You would be amazed at the number of attempts we experience every week, both coordinated and uncoordinated, to penetrate networks," Homeland Security Secretary Michael Chertoff said Friday, "whether it is government agencies or private sector agencies."
Chertoff said that the department has been increasing its anti-hacking efforts over the past months. He said cyber security protection requires a multi-pronged approach, including building firewalls to prevent outside intrusion and increasing the funding of cyber security efforts, but that computer users also need to be mindful about opening suspicious emails.
As part of the hit on Oak Ridge, "thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven 'phishing' e-mails, all of which at first glance appeared legitimate."
One of the fake e-mails appeared to be an announcement for a scientific conference; the other claimed it was a notice of a complaint on behalf of the Federal Trade Commission.
The lab's investigation found that approximately 11 employees took the bait and opened the e-mail attachments, "which enabled the hackers to infiltrate the system and remove data."
The sensitive Tennessee nuclear research facility has a staff of more than 4,200 and hosts approximately 3,000 guest researchers each year.
Mason said in the communiqué that the lab would attempt to contact the possible victims of the breach, but acknowledges that "the large number of out-of-date addresses will complicate this effort."
On a Web site the lab created to provide information to those at risk, a message recommends visitors place a fraud alert on their credit file, though Mason's message states that there is currently no evidence that any of the hacked information has been used.