Cyber Attack Launched by Hackers on Federal Lab

On December 6, 2007, Oak Ridge National Laboratory (ORNL) declared that due to a sophisticated cyber attack in last week, private data of several lab visitors might have stolen.

Thom Mason, the lab Director, said in a memo to the 4, 200 employees at the Department of Energy facility, that the attack was intended to gain access to computer networks at various laboratories and institutions around the country, as per the news by Associated Press on December 7, 2007.

The attack was in the form of a fake mail containing attachments that on opening takes the hacker into the lab's computer security. This practice is known as 'phishing'. The first phony mail came at October 29 followed by six more waves.

As per Thom, they would appear genuine at first look. One of the mails notified employees of a scientific conference while the other appears to inform the employee about a complaint on behalf of the FTC (Federal Trade Commission).

Mason further added that each of these mails directed the users to open the attachment for more information. And on doing this, it enabled the hackers to infiltrate the system and steal data. The cyber police of the lab estimated that around 1,100 fake mails entered the lab's network. Further, almost in 11 cases, an employee took the bait and opened the attachment.

Bill Stair Labs spokesman said that there was no categorized data of any kind compromised. He claimed that just by gaining access to this database, many people started thinking that they can also use the lab's supercomputer. This is not possible and there was no access at all, Bill added, as reported by Associated Press on December 7, 2007.

Till now, the officials of Oak Ridge have not recognized the other institutions that were affected by this breach. But they informed that hackers have stolen a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004.

Presently, the cyber security team of ORNL is working hard to get hold of the nature of the attack. Thom said that reconstructing this event has been proved as a very boring and time-consuming effort that would take a considerable amount of time.

Officials have sent letters to around 12,000 potential victims. Thom also said that so far, there are no proofs that the stolen information has been used.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 12/18/2007