Software // Information Management
News
12/7/2007
03:48 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

DOE Lab Hacked

No classified information was lost but the personal information of visitors may have been stolen from the Oak Ridge National Laboratory.

Oak Ridge National Laboratory, a U.S. Department of Energy facility, said on Thursday that its computer network had been comprised by a spear-phishing attack.

"A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications," ORNL said in a statement. "When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees' computers that enabled the hacker to copy and retrieve information. The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory."

ORNL said that no classified information was lost but that the personal information of visitors may have been stolen. Visitors to the laboratory between 1990 and 2004 may have had their personal information, such as Social Security number and date of birth, stolen as a result of the data theft.

The breach occurred on Oct. 29, 2007. ORNL said there's no evidence that the stolen information has been used for identity theft fraud, but nonetheless recommended that anyone who visited the lab between 1990 and 2004 place a fraud alert on their credit file.

A spokesperson for ORNL wasn't immediately available.

Spear-phishing -- sending e-mail messages that appear to come from a business or associate with whom the recipient has a relationship in order to dupe the recipient into clicking on a link to a malicious site or content -- is a major concern for the government because it has proven to be an effective means of cyberespionage. It works because it relies on human gullibility to bypass perimeter-based security measures.

More than 90% of the serious breaches in which sensitive information is taken from government agencies involve spear phishing, according to Alan Paller, research director for the SANS Institute. In a phone interview prior to the release of the SANS Top 20 Internet Security Risks of 2007, Paller spoke of a chief information security officer of a federal agency who discovered that his computer was sending information to China. The official had been the target of spear phishing. "Even the people who are responsible for security aren't secure," said Paller.

According to a report released earlier this week by the Anti-Phishing Working Group, the number of password-stealing Trojan keyloggers detected rose for the fourth month in a row in August, for a total of 294 unique variants. The working group also said that the number of unique phishing reports submitted to the group in August was 25,624, an increase from the 2,500 reports in July.

Last year, InformationWeek published a report about the prevalence of compromised computers (bots) at government agencies and laboratories. Data provided by Trend Micro suggested that thousands of bots were operating from within government organizations and affiliated entities.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.