Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:18 AM
Connect Directly

DOE Lab Break-in May Be Tip of the Iceberg

Data breach at Oak Ridge National Laboratory part of a series of cyberattacks - possibly out of China - on US laboratories and institutions

In what may be part of a larger series of cyberattacks on various U.S. laboratories and institutions, cybercriminals have broken into computers at the Department of Energy's Oak Ridge National Laboratory (ORNL), and also reportedly targeted Los Alamos National Laboratory and Lawrence Livermore National Laboratory.

Authorities told ABC News that the attackers may be located in China. Security experts of late have been pointing the finger at China as the main source of many cyberattacks and cyber-espionage, but Chinese officials deny it. (See Cyberwarfare Now 'Business as Usual' and China Dismisses McAfee Cybercrime Findings .)

Names, Social Security numbers, and birth dates of visitors who were at the ORNL facility between 1990 and 2004 may have been stolen in the attack, according to ORNL. The around 12,000 potential victims have been contacted by ORNL, but so far, there's no evidence that the data has been used. ORNL says the sophisticated breach appears to be part of a wider "attempt to gain access to computer networks at numerous laboratories and institutions across the country."

ORNL did not reveal the names of any other sites or organizations that may have been targeted, but a Lawrence Livermore spokesman said its security systems blocked recent attack attempts.

The attackers apparently gained access to ORNL's computers over the past few weeks via phishing emails posing as official and legitimate messages. Around 11 employees reportedly fell for the phishing schemes, which infected their machines with malware that let the attacker or attackers steal and copy data. No classified data was taken, however.

It all started with an email and possible infection on October 29, according to a memo ORNL officials sent to the lab's employees. There were over 1,000 phishing emails sent to the lab, which houses one of the fastest supercomputers in the world, nicknamed Jaguar.

"This was not just a coincidence... someone finding a laptop that coincidentally had sensitive data on it," says Ted Julian, vice president of marketing and strategy for AppSecInc. "Someone was diligently searching for stuff of value. They didn't just stumble upon this."

The DOE attack demonstrates just how difficult it is to lock down data, according to Julian. Attackers only need one hole to get in, he says. "You're never going to stop every user from clicking on a [bad] link," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.