Last week's phishing attack at the Oak Ridge National Laboratory in Tennessee reportedly has a China connection.
Oak Ridge and Los Alamos National Laboratory were hit with a cyber attack where hackers accessed Social Security numbers and birth dates of visitors to the lab between 1990 and 2004. A series of malicious phishing emails were sent to the labs--known for nuclear and military research--on Oct. 29. The emails carried attachments that appear to be designed specifically to elude lab security, according PC World.
The big question--after wondering why someone at a high-security nuke lab would open an attachment he didn't recognize--is where did these attacks come from?
The New York Times is reporting that the servers originated in China--although that doesn't necessarily mean the Chinese government or any of its citizens were involved. The Times saw a confidential memo outlining the China link.
Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.
Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.
The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.
Is any of this surprising? Not really. For starters, if you're going to launch a cyber attack on a national lab you wouldn't do it from New Jersey--or some other state. You'd launch from abroad--and since China is a hacker haven that's an obvious jump-off point. Russia would be another.
What's particularly galling is that national labs should have better security procedures. Most cubicle dwellers know that you shouldn't open attachments you don't recognize. You'd think folks at Oak Ridge and other labs would be more in tune with security concerns.