Malware

Phishers attack top U.S. labs

Two top military laboratories in the United States, the Oak Ridge National Laboratory and Los Alamos National Lab, were the target of phishing attacks that resulted in access to personal information of visitors to the labs over a 14-year period.

Two top military laboratories in the United States, the Oak Ridge National Laboratory and Los Alamos National Lab, were the target of phishing attacks that resulted in access to personal information of visitors to the labs over a 14-year period.

An excerpt from ComputerWorld:

According to the note, the unknown hackers gained access to a non-classified laboratory database, which contained personal information on people who have visited the facility in Oak Ridge, Tenn., over a 14-year period starting in 1990.

Thom Mason, director of the government research facility, said the hackers made about 1,100 attempts to steal data by sending an unknown number of staffers a total of seven phishing e-mails. It was not immediately clear from the letter if that meant a total of 1,100 such e-mails were sent or if 1,100 separate attempts were made to send such messages to the organization.

The coordinated phishing attacks have been traced back to servers from China. At risk were the names, birthdays, and social security numbers of all individuals who visited the labs during the period of 1990 to 2004.

In the backdrop of emerging cases of cyber-spying, the latest breaches will raise serious questions about the integrity of the security systems in place at top military and research institutions.

More information:

Dept of Energy labs hacked by phishers (ZDNet)

Oak Ridge Speared in Phishing Attack Against National Labs (eWeek)

7 comments
wessonjoe
wessonjoe

t by those affected for the agency not securing a database with SSN info. a disgraceful and negligent activity such as this needs to be punished. this proves yet again that china is still our enemy and no-one should be doing business with them. :) .

robindor
robindor

As a retiree from ORNL (and one whose data was involved in the recent cyber attack), I must point out that neither it nor LANL are "military" laboratories and have not been for 60 years or so, since the end of the Manhattan Project. They are both Department of Energy "multipurpose" laboratories. LANL, of course, has well-known associations with nuclear weapons, but it is a civilian laboratory and has many other interests as well. ORNL is a major player in research on materials, computing, biology, and so on, but is not especially known for its "military" interests.

DigitalFrog
DigitalFrog

He did not say these were military labs. The phrase was "questions about the integrity of the security systems in place at top military AND research institutions" [caps added] Since these are obviously research institutions, the statement was perfectly valid.

M.W.H.
M.W.H.

The first line of the story clearly says... "Two top military laboratories in the United States, the Oak Ridge National Laboratory and Los Alamos National Lab". The point the gentleman was making was that these are NOT military labs any longer and haven't been so in nearly 60 years.

adeal
adeal

Our daily, monthly, ... security logs show over 90% of the attacks coming from mainland China. China, you suck!

north2007
north2007

Many people like to blame China maybe because it's big and it gives someone achievement to do that. What the point if you blame a small country? I think the truth is many servers in China are not managed very well and they are broken in by overseas hackers. Then further attack was launched from there. Usually in these scenarios it's hard to track back by the victims so it's the favourate way of many hackers...

adeal
adeal

Talk about naive. Obviously, you've no experience with this sort of thing, as your assumptions show.

Editor's Picks