Headline – “Tennessee: Lab Reports Cyber Attack”
When was this revealed: December 7, 2007
Who did it happen to: The Oak Ridge National Laboratory “Originally known as Clinton Laboratories, ORNL was established in 1943 to carry out a single, well-defined mission: the pilot-scale production and separation of plutonium for the World War II Manhattan Project. From this foundation, the Laboratory has evolved into a unique resource for addressing important national and global energy and environmental issues. Today, ORNL pioneers the development of new energy sources, technologies, and materials and the advancement of knowledge in the biological, chemical, computational, engineering, environmental, physical, and social sciences.”
What Happened: Oak Ridge Lab reported a “sophisticated cyber attack” over the last few weeks might have allowed personal information about thousands of laboratory visitors to be stolen.
“The attack appeared “to be part of a coordinated effort to gain access to computer networks at numerous laboratories and other institutions across the country,” the laboratory’s director, Thom Mason, said in a memorandum to the 4,200 employees of the facility, part of the Department of Energy. Laboratory officials said hackers might have infiltrated a database of names, Social Security numbers and birth dates of every laboratory visitor from 1990 to 2004.”
“Officials have sent letters to about 12,000 potential victims. The assault was in the form of phony e-mail messages containing attachments, which when opened allowed hackers to penetrate the laboratory’s computer security.”
What are the Potential Consequences? If you go to the Oak Ridge web site there is NO MENTION of this attack against their data base. Can YOU start speculating about how this particular information could be abused? Think who “visitors” to this very specialized and high security facility might have been? Grade school students? NO! Tourists from Norway? Hardly!
How about people who themselves have massive amounts of highly sensitive information on nuclear and other processes that are crucial to US national security?
Now whoever stole this information can launch attacks against these 12K visitors web sites, e-mail, data-bases and computers.
Maybe they can even create false ID’s with the information they obtained and maybe they can now become “visitors” to Oak Ridge!
Is there no end to the incompetence, laziness, and data leaking behavior of our government organizations?!