Phishing attacks on the Oak Ridge National Laboratory in Tennessee, a nuclear weapons research facility, appear to have originated in China, raising concerns that the attacks represent some form of Internet warfare.
The United States Computer Emergency Response Team (US-CERT) prepared a memorandum that traced IP addresses involved in the attack to computers in China. The memo was distributed by the Department of Homeland Security to public and private security officials and obtained by the New York Times.
"The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems," the memo said.
1,100 Phishing E-Mails
According to Thom Mason, the director of the Oak Ridge lab, attackers sent 1,100 phishing e-mails to lab employees, with attachments purporting to contain information  about a scientific conference or an FTC complaint.
"At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven phishing e-mails, all of which at first glance appeared legitimate," Mason wrote to employees. "At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data."
The attackers stole a database containing personal information of visitors to the lab, about 3,000 researchers annually.
The fact that phishing attacks worked at a top-secret lab shows the power of the technique, said Andrew Storms, director of security operations at nCircle Network Security. "One would think that despite technical security mechanisms in place, that
employees at Oak Ridge and Los Alamos would be some of the most security-aware
persons," he wrote in a e-mail.
Phishing a Way of Life
Still, Storms questioned the "sophistication" of the operation. "Calling it an attack at all seems nebulous," he said. "This was just one of thousands phishing e-mails private and government sectors receive daily. While we still coin phishing as an attack, it's more of a way of life for today's Internet user."
Storms said the Chinese identity of the source computers hardly indicates a Chinese government attack. "All of southeast Asia has been a popular hacker dwelling for years," he said. "Of all the security incidents I've personally researched in the last five years, 90 percent have all shown links back to Asian countries. This in no way means that government officials are behind the attacks. It's just the way of life, just as is phishing."
Another concern is whether the lab's secure networks are properly protected. "This isn't the first time that a U.S. lab has been an attack target, nor is it the first time that private information left the building walls," Storms said. "While there are rules and guidelines for handling sensitive data, exactly what the public might deem classified takes on a different definition inside the workings at Los Alamos for example."
|
