DOE Lab Break-in May Be Tip of the Iceberg

Data breach at Oak Ridge National Laboratory part of a series of cyberattacks - possibly out of China - on US laboratories and institutions

In what may be part of a larger series of cyberattacks on various U.S. laboratories and institutions, cybercriminals have broken into computers at the Department of Energy's Oak Ridge National Laboratory (ORNL), and also reportedly targeted Los Alamos National Laboratory and Lawrence Livermore National Laboratory.

Authorities told ABC News that the attackers may be located in China. Security experts of late have been pointing the finger at China as the main source of many cyberattacks and cyber-espionage, but Chinese officials deny it. (See Cyberwarfare Now 'Business as Usual' and China Dismisses McAfee Cybercrime Findings .)

Names, Social Security numbers, and birth dates of visitors who were at the ORNL facility between 1990 and 2004 may have been stolen in the attack, according to ORNL. The around 12,000 potential victims have been contacted by ORNL, but so far, there's no evidence that the data has been used. ORNL says the sophisticated breach appears to be part of a wider "attempt to gain access to computer networks at numerous laboratories and institutions across the country."

ORNL did not reveal the names of any other sites or organizations that may have been targeted, but a Lawrence Livermore spokesman said its security systems blocked recent attack attempts.

The attackers apparently gained access to ORNL's computers over the past few weeks via phishing emails posing as official and legitimate messages. Around 11 employees reportedly fell for the phishing schemes, which infected their machines with malware that let the attacker or attackers steal and copy data. No classified data was taken, however.

It all started with an email and possible infection on October 29, according to a memo ORNL officials sent to the lab's employees. There were over 1,000 phishing emails sent to the lab, which houses one of the fastest supercomputers in the world, nicknamed Jaguar.

"This was not just a coincidence... someone finding a laptop that coincidentally had sensitive data on it," says Ted Julian, vice president of marketing and strategy for AppSecInc. "Someone was diligently searching for stuff of value. They didn't just stumble upon this."

The DOE attack demonstrates just how difficult it is to lock down data, according to Julian. Attackers only need one hole to get in, he says. "You're never going to stop every user from clicking on a [bad] link," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: