Although the identity of the attackers remains unclear, security researchers have linked some Internet addresses recently used in similar attacks to computers in China.

In an e-mail message sent to staff last week, Oak Ridge Director Thom Mason said the breach "now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country."

A spokesman for the Los Alamos National Laboratory told United Press International that "a very small number, single figures," of the lab's unclassified computers had been compromised in a "malicious, sophisticated hacking" attack last month.

"The investigation is continuing," said the spokesman, Kevin Roark. He declined to comment on whether the attack was linked to the one on Oak Ridge.

Mason said the Oak Ridge hackers made more than 1,000 attempts to steal data "with a very sophisticated strategy" involving the use of highly targeted so-called spear phishing emails, "all of which at first glance appeared legitimate."

Phishing e-mails classically purport to come from a bank or other financial institution of which the target is a customer. They tell the recipient to go to a Web page to "confirm" their login and password, but the link in the e-mail instead directs them to a hacker site where their information is used to break into their account and steal their money.

"Phishing attacks are very problematic" for information security professionals, former Energy Department cybersecurity chief Bruce Brody told UPI.

"They exploit the weakest link in the system, the user," Brody said. "If done with even a little sophistication, it is almost impossible to protect the entire population" of system users from such attacks.

Spear phishing attacks are even harder to defend against, because they combine such e-mails with so-called social engineering techniques -- using known information about the target to personalize the attacks. The embedded link or attachment will often install software on the target's computer that steals their logins and passwords for multiple sites or systems they use.

In the Oak Ridge attack, the hackers used seven different kinds of e-mail, Mason said. One purported to advise staff about a scientific conference organized by the Department of Defense, while another pretended to be notification of a complaint to the Federal Trade Commission.

"At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data," Mason wrote in the message. In a separate notice posted on its Web site the lab stated that the first breach occurred Oct. 29.

The notice said the data stolen included a database of visitors to the top-security site, which houses a nuclear research reactor and the lab that does scientific work on a number of national security issues for the Department of Energy.

The Web site of the lab, which is run by UT-Battelle LLC, under contract from the department, says 300,000 people visit every year.

"If you visited (the lab) between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information," reads the notice, which advises visitors to monitor their credit records for possible identity theft or other fraud.

The message said there was no evidence that any of the information stolen had been used by hackers, and some observers were skeptical that the entire penetration had been devised simply to steal that kind of data.

"It could be a target of opportunity," said former Justice Department cybercrime chief Mark Rasch. "Once they (the hackers) were in there, they took whatever they could get."

On the other hand, he said, if the attack were from a foreign intelligence service, "It might be useful to know who had visited" a classified facility, if only as "a source of leads about who might have access to classified information."

Last month the U.S. Computer Emergency Readiness Team, an element of the Department of Homeland Security's infrastructure protection operation better known as U.S.-CERT, issued one of its periodic advisories to public and private sector computer network managers.

According to a Homeland Security official, the advisory alerted recipients to "a series of sophisticated attempt to compromise government and private networks and obtain access to secure systems �� and steal data."

"There was no information about the identity of the attackers" in the advisory, said the official.

However, the official said it listed 12 "signatures," which he described as a cyber "fingerprint �� which can be used to identify and track malicious activity on the network" -- such as an Internet address to which hacker software is sending stolen passwords or other information.

The attacks were similar in nature and sophistication, and most commonly used Trojan horse programs like those installed by the Oak Ridge hackers, but that did not necessarily mean they were linked, said the official.

One security researcher told The New York Times at the weekend that some of the Internet addresses listed by U.S.-CERT were linked to computers in China, but this does not mean the attackers were based there. China has one of the highest proportions of compromised or infected personal computers in the world, and such machines are easily used by hackers as proxies to launch anonymous attacks.

But the Chinese military has been fingered before as being behind such attacks, especially the so-called Titan Rain penetrations of top-security U.S. labs and other facilities.

National laboratories like Oak Ridge and Los Alamos "have historically been lucrative targets for foreign intelligence services," said Brody, the former cybersecurity official.

Roark, the Los Alamos spokesman, added that on a typical day the lab was subject to 50,000 attempted penetrations or other cyberattacks. "On a bad day, it will reach half a million," he said.

Community
Email This Article
Comment On This Article

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues