By Frank Munger
Knoxville News Sentinel
December 6, 2007
OAK RIDGE - Oak Ridge National Laboratory was the target of a
sophisticated cyber attack that potentially gave hackers access to the
personal information of thousands of visitors to the lab from 1990 to
2004, the laboratory confirmed today.
ORNL Director Thom Mason informed lab staff members of the issue earlier
this week and said the lab would attempt to notify as many persons as
possible whose personal information may have been stolen.
Lab spokesman Billy Stair said today about 12,000 letters had been sent
to potential victims.
Mason outlined the general aspects of the attack, which included a
number of phishing e-mails sent to staff members, but he concluded the
note by saying: Because of the sensitive nature of this event, the
laboratory will be unable for some period to discuss further details
until we better understand the full nature of this attack.
Phishing is the practice of sending official-looking e-mails to extract
information from victims who believe them to be from legitimate
institutions such as banks.
Mason told staffers that the attack appeared to be part of a coordinated
attempt to gain access to computer networks at numerous laboratories and
other institutions across the country. He said ORNLs cyber security team
has been working nights and weekends to try to understand the nature of
A spokesman at Los Alamos National Laboratory, a weapons design
laboratory in New Mexico, confirmed this afternoon that LANL also was
attacked by hackers.
Kevin Roark of Los Alamos would not discuss the hacking, except to say
that it occurred on unclassified systems and was significant and
sophisticated. He said Los Alamos employees were notified Nov. 4.
The first potential corruption at ORNL occurred Oct. 29, lab officials
Our review to date has shown that while every security system at ORNL
was in place and in compliance, the hackers potentially succeeded in
gaining access to one of the laboratorys non-classified data bases that
contained personal information of visitors to the laboratory between
1990 and 2004, Mason said. At this point we have determined that the
thieves made approximately 1,100 attempt to steal data with a very
sophisticated strategy that involved sending staff a total of seven
phishing e-mails, all of which at first glance appeared legitimate.
Investigators believe that 11 staff members opened the attachment,
enabling hackers to infiltrate the system and remove data, he said.
Reconstructing the event will likely take weeks, if not longer, to
complete, the ORNL director said.
According to Mason, the personal information potentially vulnerable
would be names, dates of birth and social security numbers of lab
Stairs said the visitors would include scientists, university officials,
industrial and business representatives, as well as members of the news
media and many others who come to the national laboratory. He said it
would not include young students who tour the laboratory.
More details as they develop online and in Friday's News Sentinel.
Related blog - Frank Munger's Atomic City Underground: Los Alamos also
Visit InfoSec News