Oak Ridge National Lab shuts down Internet, email after cyberattack
DOE laboratory says it was victim of an Advanced Persistent Threat designed to steal technical data
Computerworld - The Oak Ridge National Laboratory, home to one of the world's most powerful supercomputers , has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.
The restrictions on Internet access will remain in place until those investigating the attack know for sure that it has been completely contained, said Barbara Penland, ORNL's director of communications.
The lab is expected to restore external email service sometime on Wednesday, however no attachments will be allowed for the time being.
Penland said several other national laboratories and government organizations were targeted in the same attacks, which appear to have been launched earlier this month.
The measures at Oak Ridge were implemented late on Friday night after initial investigations showed that those behind the attacks were attempting to steal technical data from lab's systems and send it to an external system, Penland said.
So far, though, it appears that no significant amount of data has been stolen. Penland said investigators believe that whoever was behind the attacks managed to steal less than 1GB of data.
Penland said that there is nothing to show yet where the attacks originated from, or who might have been behind them.
The attacks were launched through phishing emails that were sent to about 573 lab employees. The emails were disguised to appear like it came from the lab's HR department and purported to inform employees of some benefits related changes.
The emails contained a link that employees were asked to click on for further information.
Some employees appear to have clicked on the link resulting in an information-stealing malware program being downloaded on their systems.
Penland did not offer any more details on the malware itself. But a story in Knoxnews.com quoted ORNL director Thom Mason as saying the malware program exploited a zero-day vulnerability in Internet Explorer.
The story quoted Mason as describing the attack as a sophisticated Advanced Persistent Threat (APT), designed to gain a foothold on the lab's networks and then to quietly look for and steal specific types of information.
"If you look at this APT, it is much more sophisticated than what was being used a few years ago," Mason told Knoxnews.com. "Certainly what we've seen is very consistent with the RSA attack," he said referring to an attack on RSA a few weeks ago that resulted in data relating to the company's SecurID two-factor authentication technology being stolen.
Almost all of the lab's 200 IT staff are currently engaged in either investigating the attacks or ensuring that other systems remain available, Penland said. Staff from other national laboratories, are also helping in the investigations, she said. At the moment, the attacks are the subject of an IT investigation only and not a criminal one.
Penland said that the attacks appear to have been directed at Oak Ridge's business systems. The lab's supercomputers, including the world's most powerful system, the 1.75-petaflop Jaguar, have been unaffected by the attacks and continue to operate normally.
As of this afternoon, the attacks appear to have been contained, she added. "Keeping the Internet down is a precaution to make sure that nothing gets out as we investigate further."
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts