Top-secret US labs penetrated by phishers
One of the most sensitive science and technology labs in the US has been hacked as part of what it called “a sophisticated cyber attack that now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.” The unknown attackers managed to access a non-classified computer maintained by the Oak Ridge National Laboratory by sending employees hoax emails that contained malicious attachments. That allowed them to access a database containing the personal information of people who visited the lab over a 14-year period starting in 1990. The institution, which has a staff of about 3,800, conducts top-secret research that is used for homeland security and military purposes.” At this point we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ emails, all of which at first glance appeared legitimate,” Thom Mason, the lab’s director, wrote in an email sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”
Los Alamos National Laboratories, another institution that conducts highly sensitive research, has also been breached in the past few months. “Recently, malicious and determined hackers have accessed the Lab’s unclassified Yellow Network and removed a significant amount of unclassified material,” according to a November 9 memo sent to employees. The lab’s so-called red network, which is reserved for classified information, was not affected. Word of the attacks comes less than a week after security provider McAfee said state-sponsored cyber spying is on the rise, with at least 120 countries using the internet to conduct espionage. It also comes a few days after MI5, the UK counterintelligence agency, warned UK businesses of the threat posed by state-sponsored Chinese hackers.
Is this part of the cyber attack we were recently warned about?
Perhaps it’s time to update their messaging system to something more secure.
1. I DONT THINK IT HAPPENED.
2. its a work environment, WHY are they getting EMAILS, BESIDES those that deal with WORK.
3. First location, non-classified computer, personal information of people who visited. Look at the wording, It seems that this was NOT a secure system and was used to Log Visitors, from the LAST 14 years..
4. unclassified Yellow Network, unclassified material.
This really sounds more like a TEST, on the internet to see how Vulnerable a system can be.
#2 – they were getting typical e-mail at work like how to lengthen your member, where to buy V1agra/Ciali$ and where to get free pr0n, They are government workers, of course they opened it. Social engineering is always the quickest route.
“TOP SECRET” like what a windooz server running 2000? This ranks up there with Earth invaded by alien asteroids! And what did they expect to find at a top secret lab? A parallel processing program for calculating the time to pop popcorn with neutron rad? I’m sure the good stuff sits out on the internet ? Not. All this will do is freak out the unwashed to fret more about how screwed up we are and how superior the ‘hackers’ are… NOT… The mere fact that you are reading this opens you up to have your identity stolen! SUCKER!!!
well..imho, this is probably just propaganda. given past history, i doubt they would release such relatively embarrassing news unless they had long term goals. -in this case i would say its just more fuel to fire “the need” for putting major restrictions on internet traffic in the name of “national security”
this would help validate the need for traffic monitoring or maybe using hardcoded machine ID’s in cpu’s (which, iirc is already in them, just lying dormant) that would facilitate packet fingerprinting or similar, -that would help in locating the source of the attacks etc. -not to mention the NSA’s long standing push for a “government key” or backdoor to be required in all encryption software , which imo, would effectively make any encryption using it null and void.
the internet is probably the single most biggest threat to those in power who need to maintain control of all facets of news and information the public can get a hold of in order to further their own ideals etc.
why else would all the vague language being used in things such as the patriot act or even nspd51 be so prevalent.
these days basically anyone who is a patriot or speaks against the government, even using language from the constitution itself (god forbid) can be considered enemies of the state and rounded up for questioning or the like..
any articles such as the one above will only serve to further enforce the need to put every packet that transverses the internet under government scrutiny in the name of national security.
if they cannot achieve it via the national security umbrella, they’ll just trot out some more of our favorite rhetoric: “its to protect the children from the evils of porn and the millions pedophiles preying on them in a chat room near you..”
-which of course, the federal government must keep a watchful eye.
ok.. enough of that..
good day,
-s
All I can think of is a Chinese Goverment sponsored hacking.
Its a WORK environment…
The only emails they should be getting is from APPROVED sources, and EVERYTHING ELSE is dumped..
This is NOT a public SITE to be sent LOTS of crap.
Hey ECA –
I want that magic email filter that blocks everything except what I want to get in my InBox… that super-duper invincible Spam filter…
I think that you have been watching magic computers on television a little too much… some news for you… CSI is not a documentary…
You do have to wonder how this kind of news hits the press. Because there were interviews with some people involved, the information doesn’t seem to have come from an anonymous tip.
So why would the lab report this news, when the only result is them looking stupid?
I’m going to have to go with soundwash’s explanation. The real deal might not be as conspiracy-laden as he made it sound, but certainly someone, or some group has something to gain from this knowledge hitting the public airwaves.
Here’s a thought: Take those computers with the sensitive info off-line. Use secondary computers for outside contact. Does it take a graphic artist to rewrite the nation’s security? Apparently so. All you need is one stooge to open the wrong e-mail. I’ve seen it done.
Awake,
its not to hard…
1. you look for mass sending, to EACH account from same locations, same title, same ANYTHING.
2. you have a person monitor ALL incoming for ANYTHING thats NOT BUSINESS RELATED..
3. you setup that ALL email locations TO: the lab have to be Verified/OK’d BEFORE you can get EMAIL from that location, NOTHING else passes…
So, if you want your MySpace account to be ABLE to send to the LAB/business, it has to be OK’d FIRST, otherwise its BOUNCED…Even verification of accounts IS BOUNCED, if you dont get the OK’ FIRST..
4. anything thats Caught as spam, or NOT OK’d is looked at, and checked, THEN sent back, or contact the PERSON for WHOM IT IS FOR… If a SITE SELLS your name and info, it could be tracked..
These are NOT public machines..WHO is getting EMAIL at WORK??