View Full Version : News: Hackers in US Military Labs

December 7, 2007, 01:39 PM
Hackers Launch Major Attack on US Military Labs

Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory and Los Alamos National Laboratory.

<!-- Part 1 of a special five-part series.

--> John E. Dunn, Techworld
Friday, December 07, 2007 8:00 AM PST

<!-- end recommendWidget --> Hackers have succeeded in breaking into the computer systems of two of the U.S. (http://www.pcworld.com/tags/United+States.html)' most important science labs, the Oak Ridge National Laboratory (ORNL) (http://www.pcworld.com/tags/Oak+Ridge+National+Laboratory.html) in Tennessee (http://www.pcworld.com/tags/Tennessee.html) and Los Alamos National Laboratory (http://www.pcworld.com/tags/Los+Alamos+National+Laboratory.html) in New Mexico (http://www.pcworld.com/tags/New+Mexico.html).
In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.
The attack was described as being conducted through several waves of phishing emails with malicious attachments, starting on Oct. 29. Although not stated, these would presumably have launched Trojans if opened, designed to bypass security systems from within, which raises the likelihood that the attacks were targeted specifically at the lab.
ORNL director, Thom Mason (http://www.pcworld.com/tags/Thom+Mason.html), described the attacks in an email to staff earlier this week as being a "coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."
"Because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack," he added.
The ORNL has set up a web page giving an official statement on the attacks, with advice to employees and visitors that they should inform credit agencies so as to minimize the possibility of identity theft.
Less is known about the attacks said to have been launched against the ORNL's sister-institution at Los Alamos (http://www.pcworld.com/tags/Los+Alamos.html), but the two are said to be linked. It has not been confirmed that the latter facility was penetrated successfully, though given that a Los Alamos spokesman said that staff had been notified of an attack on Nov. 9 - days after the earliest attack wave on the ORNL - the assumption has to be that something untoward happened there as well, and probably at other science labs across the U.S.
The ORNL is a multipurpose science lab, a site of technological expertise used in homeland security and military research, and also the site of one of the world's fastest supercomputers. Los Alamos operates a similar multi-disciplinary approach, but specializes in nuclear weapons research, one of only two such sites doing such top-secret work in the U.S.
Los Alamos has a checkered security history, having suffered a sequence of embarrassing breaches in recent years. In August of this year, it was revealed that the lab had released sensitive nuclear research data by email, while in 2006 a drug dealer was allegedly found with a USB stick containing data on nuclear weapons tests.
"This appears to be a new low, even drug dealers can get classified information out of Los Alamos," Danielle Brian (http://www.pcworld.com/tags/Danielle+Brian.html), executive director of the Project On Government Oversight (POGO), said at the time. Two years earlier, the lab was accused of having lost hard disks
The possibility that the latest attacks were the work of fraudsters will be seen by some as optimistic - less positive would be the possibility of a rival government having been involved. Given the apparently coordinated nature of events, speculation will inevitably point to this scenario, with the data theft a cover motivation for more serious incursions.

Source: http://www.pcworld.com/article/id,140390-c,hackers/article.html

December 7, 2007, 02:17 PM
May be moshin_31 can ask the hackers for help re. his hotmail account!

December 10, 2007, 01:26 PM
Followup... those Chinese are coming .... ;)

December 10th, 2007 <!-- by Richard Koman -->

Oak Ridge attacks linked to China (http://government.zdnet.com/?p=3553)

<!-- /toolbar -->
<!-- /interact --> A US-CERT memo obtained by the New York Times (http://www.nytimes.com/2007/12/09/us/nationalspecial3/09hack.html?_r=1&ref=technology&oref=slogin) strongly suggests that China is behind the phishing attacks on US nuclear weapons research labs. (http://government.zdnet.com/?p=3550)
Starting in October hackers launched “coordinated and targeted attacks” on the Oak Ridge National Laboratory, the memo said. The attacks were traced to machines in China but this doesn’t necessarily mean the Chinese government is behind the attacks. The Chinese computers may have been infiltrated by private hackers.
The attackers sent phishing messages to 1,100 Oak Ridge employees in October and at least 11 people opened the attachment, giving the hackers an in to the lab’s networks. Thom Mason, the lab’s director, sent a letter to employees: “At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”
The lab says that a database containing personal information of visitors to the lab — a virtual who’s who of nuclear researchers — was stolen.
Just the usual criminal hackers seeking the goods for identity theft scams? US-CERT suggests otherwise: “The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”
The phishing messages were clearly targeted to their audience; they described a scientific conference and an FTC complaint. The Times’ John Markoff concludes: Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.