China connection eyed in Oak Ridge cyber attack

China connection eyed in Oak Ridge cyber attack

Summary: Last week's phishing attack at the Oak Ridge National Laboratory in Tennessee reportedly has a China connection.Oak Ridge and Los Alamos National Laboratory were hit with a cyber attack where hackers accessed Social Security numbers and birth dates of visitors to the lab between 1990 and 2004.

SHARE:

Last week's phishing attack at the Oak Ridge National Laboratory in Tennessee reportedly has a China connection.

Oak Ridge and Los Alamos National Laboratory were hit with a cyber attack where hackers accessed Social Security numbers and birth dates of visitors to the lab between 1990 and 2004. A series of malicious phishing emails were sent to the labs--known for nuclear and military research--on Oct. 29. The emails carried attachments that appear to be designed specifically to elude lab security, according PC World.

 

The big question--after wondering why someone at a high-security nuke lab would open an attachment he didn't recognize--is where did these attacks come from?

The New York Times is reporting that the servers originated in China--although that doesn't necessarily mean the Chinese government or any of its citizens were involved. The Times saw a confidential memo outlining the China link.

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.

Is any of this surprising? Not really. For starters, if you're going to launch a cyber attack on a national lab you wouldn't do it from New Jersey--or some other state. You'd launch from abroad--and since China is a hacker haven that's an obvious jump-off point. Russia would be another.

What's particularly galling is that national labs should have better security procedures. Most cubicle dwellers know that you shouldn't open attachments you don't recognize. You'd think folks at Oak Ridge and other labs would be more in tune with security concerns.

Topics: China, CXO, Government, Government US, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Unbelievable!

    How could this happen?
    The_Nutty_Zealot
    • Well since you left yourself wide open for this

      That is what you get for running WINDOWS!

      :)
      dragosani
      • you can be phished using any os and be hacked so how

        you can be phished using any os and be hacked so how can you say "you left your self wide open for this running windows"

        you do not even know what os they were running. it could have been Linux or osx.

        just because the hacker norm does not hack Linux and osx because theres not much money in it. linux only has a 1 or 2% desktop share.

        does not mean governments don't do it and they are not going to disclose the hole like the privet sector.

        so just put your head in the sand and think only windows gets hacked.

        phishing attack and all you need for that is a stupid computer user.
        SO.CAL Guy
        • Thanks for playing

          It was a joke. It was in fun. It was a jest.

          That is why I stuck the :) at the end.

          Please take a breather.

          First, it sounds like they may need to be doing a better job of segregating off client computers which have access the Internet and E-mail. I wouldn't have computers running a nuclear power plant even talking to client computers. Also since I know how government systems can get used without properly being locked down. I worked in state government IT before moving to the more sane private sector. This doesn't surprise me much.

          Anyone want to take bets this machine was being used with full administrative rights?
          dragosani
    • and yes

      I know that you are [b]not[/b] the real nonzealot.
      dragosani
    • How?

      I believe the emails were done quite professionally, and looked like actual missives that are received regularly at such places. There was a variety of them sent, and one was supposed to have been an announcement of a seminar. It is still stupid to open attachments that you haven't verified with the sender.

      There are managers that insist on sending out everything as an attachment, and then get angry if you don't read the attachment. Having a manager like that just makes people more likely to open everything, just so they don't miss something.
      LadyGray
    • Security... the final frontier....

      The general question at large is why a government laboratory is receiving e-mail from the outside world without properly verifying its content. There are a multitude of ways to do so that don't require action on the part of the end recipient; why aren't any of these in place?

      I've said it before and I'll say it again: it doesn't matter in what occupation a user is, an end-user is stupid. To guard against the end-user's stupidity, require all valid e-mails to have digital encrypted signatures. Put up a phishing filter on the POP3 server that checks for non-standard links and scans each attachment for malware.

      That's the JOB of IT departments everywhere: be the electronic conscience of those who don't have a lick o' sense. Put up the firewalls, virus scanners, and such. Use the tools available! They're there for a reason!
      GoodmanCPA-IT Tech
    • tight lipped

      They didnt go into details of the phishing attack or how the emails were crafted, but it is a lot easier to phish if you know what your phish are biting on. I would assume a pdf document was the payload, and they probably spoofed an email address or name of somebody that would regularly send emails to the target group. That is how I would do it if hacking was my bag. On the other hand, maybe the payload was a link to a driveby website as most inbound email scanners should pickup on a maliciuos pdf file.
      smarmybastard
  • such a cat and mouse game, like

    the one your advertising hackers play, mutating tags to force such mindless slogans as 'the go-to place' over and over and over upon us, hoping to beat our filtering of such glop, and leave a residue on our consciousness.

    Why stupidity so often, I wonder, for ZDNet. You have much else as opportunity, if you will ever forsake opportunism, and the language and its embedded practices of business dullness.

    Why hang this on your watch, Ryan? Because that is where this dumbing-down from ZDNet self-ads appears to me, since I actually read your column.

    I do think you are a bit harsh on the Oak Ridge lab people for the success of the social engineering here. We can all be fooled. I was, just once, early in phish days. Immediate change of all passwords seems it got me past it.

    Regards
    Narr vi