Data breach at Oak Ridge National Laboratory part of a series of cyberattacks - possibly out of China - on US laboratories and institutions
December 7, 2007
In what may be part of a larger series of cyberattacks on various U.S. laboratories and institutions, cybercriminals have broken into computers at the Department of Energy's Oak Ridge National Laboratory (ORNL), and also reportedly targeted Los Alamos National Laboratory and Lawrence Livermore National Laboratory.
Authorities told ABC News that the attackers may be located in China. Security experts of late have been pointing the finger at China as the main source of many cyberattacks and cyber-espionage, but Chinese officials deny it. (See Cyberwarfare Now 'Business as Usual' and China Dismisses McAfee Cybercrime Findings .)
Names, Social Security numbers, and birth dates of visitors who were at the ORNL facility between 1990 and 2004 may have been stolen in the attack, according to ORNL. The around 12,000 potential victims have been contacted by ORNL, but so far, there's no evidence that the data has been used. ORNL says the sophisticated breach appears to be part of a wider "attempt to gain access to computer networks at numerous laboratories and institutions across the country."
ORNL did not reveal the names of any other sites or organizations that may have been targeted, but a Lawrence Livermore spokesman said its security systems blocked recent attack attempts.
The attackers apparently gained access to ORNL's computers over the past few weeks via phishing emails posing as official and legitimate messages. Around 11 employees reportedly fell for the phishing schemes, which infected their machines with malware that let the attacker or attackers steal and copy data. No classified data was taken, however.
It all started with an email and possible infection on October 29, according to a memo ORNL officials sent to the lab's employees. There were over 1,000 phishing emails sent to the lab, which houses one of the fastest supercomputers in the world, nicknamed Jaguar.
"This was not just a coincidence... someone finding a laptop that coincidentally had sensitive data on it," says Ted Julian, vice president of marketing and strategy for AppSecInc. "Someone was diligently searching for stuff of value. They didn't just stumble upon this."
The DOE attack demonstrates just how difficult it is to lock down data, according to Julian. Attackers only need one hole to get in, he says. "You're never going to stop every user from clicking on a [bad] link," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024