A US-CERT memo obtained by the New York Times strongly suggests that China is behind the phishing attacks on US nuclear weapons research labs.
Starting in October hackers launched "coordinated and targeted attacks" on the Oak Ridge National Laboratory, the memo said. The attacks were traced to machines in China but this doesn't necessarily mean the Chinese government is behind the attacks. The Chinese computers may have been infiltrated by private hackers.
The attackers sent phishing messages to 1,100 Oak Ridge employees in October and at least 11 people opened the attachment, giving the hackers an in to the lab's networks. Thom Mason, the lab's director, sent a letter to employees:
“At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”
The lab says that a database containing personal information of visitors to the lab -- a virtual who's who of nuclear researchers -- was stolen.
Just the usual criminal hackers seeking the goods for identity theft scams? US-CERT suggests otherwise:
“The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”
The phishing messages were clearly targeted to their audience; they described a scientific conference and an FTC complaint. The Times' John Markoff concludes:
Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.