December 9, 2007
A cyber attack on the Oak Ridge National Laboratory (ORNL) near Knoxville, Tennessee, in the form of a phishing scam asking e’mail recipients to open attachments, may have stolen personal information about thousands of lab visitors, and was part of an attempt to access networks at laboratories and other institutions throughout the United States. The attack is believed to have originated in China.
The ORNL is part of the U.S. government’s Department of Energy. Some details of the attack were released on Thursday. According to lab director Thom Mason, who sent a memo to 4,200 employees, the hackers may have gained access to “a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004, according to FOXNews. About 12,000 letters were sent to potential identity theft victims. About 3,000 researchers visit Oak Ridge every year. Officials refused to identify the other affected institutions.
According to lab spokesman Bill Stair, no classified data was compromised. The phishing scam, which instructed recipients to open e’mail attachments, began on October 29, with at least six more waves totalling about 1,100 e’mails coming into Oak Ridge. Eleven employees opened the attachments. When they did, Mason said that it “enabled the hackers to infiltrate the system and remove data.” He added: “Our cyber security staff has been working nights and weekends to understand the nature of this attack…Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete.”
Updates about the compromise will be posted at Oak Ridge’s website.
The lab is home to the world’s second-fastest supercomputer. Known as “Jaguar,” it’s a 101.7-teraflop Cray XT3/XT4 open research system. Oak Ridge, about 25 miles northwest of Knoxville, is a major DOE energy research center which began as the super-secret Oak nuclear weapons facility during World War II; it was home to the infamous Manhattan Project which developed the atomic bomb.
Learn how to protect yourself from phishing scams and identity theft.
Copyright ©2007 pajamadeen.com