Nov 13, 2007


Computer attack reminder for employees

November 13, 2007
Be cyber security aware

The Laboratory is investigating a recent attack on its unclassified Yellow Network. A significant amount of unclassified material was removed. The exact nature of the stolen information is under forensic investigation.

Affected computers were disconnected from the Lab's network and the hacker's software has been disabled.

Laboratory Director Michael Anastasio reminded employees in an all-employee memo to be cyber security aware. "This recent occurrence is a reminder that awareness is the first and most important layer of defense against fast-spreading worms that target known vulnerabilities. The threat of comprehensive, malevolent attacks is continuous and high," said Anastasio.

He also reminded employees not to open unknown e-mail attachments or click on suspicious links, ensure that computers have the most recent operating system security patches, make sure anti-virus applications are installed and functioning with the latest software, and ensure that computers scan all files for viruses.

9 comments:

Anonymous said...

Any bets on what the next knee-jerk will be? Maybe fill in those ethernet ports with J-B Weld?

Anonymous said...

I happen to know that it only affected Windows systems. I rest my case.

Anonymous said...

My guess is that the idiots known as LANS management will mandate that nobody can use laptops on Lab property ... call it another preemptive move!

Anonymous said...

All unclassified PC's at LANL are to be unplugged until further notice. You will be given a supply of pencil and paper to continue your work. Paper will be $10 per page and pencils will be $50 each. Please have a charge code ready to pay for these items. Note that erasers will need to be placed as special order items and will require 4 months delivery time. As before, all personal info will need to be encrypted so be sure to have a Cracker-Jack decoder ring on hand. Also, remember to think safety. Paper cuts must be avoided. Course CA-37281 must be taken before you will be allowed to handle paper items.

Anonymous said...

Here's one simple solution to keeping the trojan problems minimized. It may not work for everyone, but it does minimize the threat of trojans gaining wide access to PC data.

(1) Have one light weight PC connected to the internet for Email, web, etc. This could even be a thin client PC.

(2) Have another beefy PC that you use as your real "work" machine that uses no ethernet connections.

(3) Use sneaker-net transfers to pass files between these two machines (either a USB pen-drive or DVD drive).

This greatly cuts down on the chances that a trojan can infect your main "work" system and then use an open IP port to transfer lots of information back to the hackers. High speed USB pen-drives are cheap and very fast at doing reads and writes. If loss of a pen-drive is a concern, then get one of the newer pen-drives that use hardware based encryption.

Following this policy will greatly reduce the chance that a trojan can snoop around an enterprise LAN searching for "interesting" files.

Anonymous said...

Web browsing and external email on the Green only.
Yellow "air gapped" from the Green.
Internal email only on the Yellow.

Oh, and so that it's easier to control and maintain all this, centrally administered Windows computers only!

Sadly, it'll probably come to this eventually.

Anonymous said...

I happen to know that it only affected Windows systems. I rest my case.

11/13/07 7:45 PM

Really? That seems to be a fourth grade mentality. Grow up

Anonymous said...

Yes, 8:05 AM. That is, indeed, the plan. Deviations from it will take a lot of special paper work and place the staff member at job peril if anything goes wrong with their system. It's not about getting work done, anymore. It's only about CYA.

Anonymous said...

Yes, every employee gets TWO computers!

One to do all your real work on, not coneected to the Internet,

The other one for the other 95% of your time, watching YouTube videos, playing Solitaire, reading the LANL Blog, whatever.