US tech labs report cyber attack

Computer systems at Oak Ridge National Laboratory, an American science and technology lab under the U.S. Department of Energy, has reportedly suffered a cyber attack last week and there were indications other institutions may have also been targets.

Oak Ridge National Laboratory Thursday disclosed it has been compromised by what it described as a “sophisticated cyber attack that appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”

Other reports indicate ORNL’s sister institution at Los Alamos was also hit, though it has not been confirmed that Los Alamos was hit successfully.

In a public statement, Oak Ridge National Laboratory, which has 3,800 staff and US$1.06 billion budget under management by the U.S. Deptartment of Energy with UT-Battelle, said a hacker gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications.

“When the employee opened the attachment or accessed an embedded link, the hacker planted a program on the employees’ computers that enabled the hacker to copy and retrieve information,” ORNL said.

ORNL said the compromise has been traced back to Oct. 29, 2007, and that the lab has “reason to believe that data was stolen from a database used for visitors to the Laboratory.”

ORNL, which conducts highly sensitive energy research in the neutron science and high-energy physics as well as biology research, does not believe that classified information was lost. However, ORNL said anyone who visited the lab, which is based in Oak Ridge, Tenn., between the years 1990 and 2004 may have had their name and other personal information, such as Social Security numbers and birth date, stolen by the attackers.

Thom Mason, director of ORNL, on Monday sent an e-mail to staff employees that said, “Our cyber security staff has been working nights and weekends to understand the nature of this attack.”

“Our review to date has shown that while every security system at ORNL was in place and in compliance, the hackers potentially succeeded in gaining access to one of the laboratory’s non-classified databases that contained personal information of visitors to the laboratory between 1990 and 2004. At this point we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate. One of these fake e-mails notified employees of a scientific conference.

Another pretended to notify the employee of a complaint on behalf of the Federal Trade Commission, ” Mason said.

Mason said it looks as though 11 staff opened the attachments, which then “enabled the hackers to infiltrate the system and remove data.”

Mason said reconstructing the exact chain of events in their entirety “will likely take weeks, if not longer, to complete.”

ORNL is making the effort to contact all the people whose personal information was compromised, but that a large number of out-of-date addresses is complicating this effort. He added there is no evidence to date that the stolen information has been used.

ORNL spokesman Ron Walli said the lab couldn’t comment further on the nature of the attack or its possible origination due to its extreme sensitivity. “It’s a serious matter and we’ve told not to discuss it,” he said.

Related content:

Cyber attack prompts US to send team to Estonia

Government lags cyber crime fight, says report

RCMP urges cyber crime reporting

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now