By Frank Munger
January 15, 2008
ORNL communications chief Billy Stair said the lab has not received a
single call or e-mail indicating that anyone has had their personal
information used or abused as a result of the hacking that took place
last fall and was revealed  in early December.
Hackers gained access to a database with the stored personal information
(Social Security numbers, etc.) of thousands of people who visited the
lab over a period of years (1990-2004). ORNL sent letters to 12,000
potential victims, and the "sophisticated cyber attack" gained worldwide
Stair said he's still extremely limited in the information he can
release and said the lab may never be able to release some details, but
he did discuss a few issues in general terms.
"We think we have a broader picture of what happened than we did at the
first of November. The circumstances involved relate to a lot of very
sensitive issues involving security that would just make it difficult to
talk in detail publicly about who was involved and the tactics they
used," Stair said.
He would not confirm published reports that said the attacks originated
"I can't address any speculation about who the attackers might have
been," he said.
Asked if the lab knew who the hackers were, Stair said, "We can
speculate with some confidence who they may have been."
He indicated that part of the reason for limited info on the ORNL attack
may be ongoing investigations at other sites. "Anytime you're involved
in security circumstances, it is possible that one incident may be
linked to another, and therefore for that reason you have to be cautious
about which strategy you use."
Stair and other ORNL officials have refused to say if they expect
arrests to be made in the hacking case. Asked if there were illegal
activities involved, he said, "I would think the answer would be yes.
I'm not the legal expert . . . but if you steal something from someone
else, it's usually considered a felony."
Asked if the lab knows for sure that information was stolen, he said,
"We know they attempted to . . . I can't discuss all the details of that
The ORNL official added: "It is accurate to say there are a lot more
attempts to break into our system than most people realize. There are
certainly dozens of serious attacks and hundreds -- if not thousands --
of less serious attacks on a weekly basis."
Subscribe to InfoSec News