Dec 9, 2007

China Link Suspected in Lab Hacking

By JOHN MARKOFF
Published: December 9, 2007

SAN FRANCISCO, Dec. 8 — A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.

Government computer security officials said the warning, which was issued by the United States Computer Emergency Response Team, known as US-CERT, was related to an October attack that was also disclosed last week by officials at the Oak Ridge laboratory.

According to a letter to employees written by the laboratory’s director, Thom Mason, an unknown group of attackers sent targeted e-mail messages to roughly 1,100 employees as part of the ruse.

“At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”

In a statement posted on the laboratory’s Web site, the agency stated: “The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory.”

The laboratory said the attackers were able to gain access to a database containing personal information about visitors to the laboratory going back to 1990.

The US-CERT advisory, which was not made public, stated: “The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”

The US-CERT memo referred to the use of e-mail messages that fool employees into clicking on documents that then permit attackers to plant programs in their computers. These programs are then able to copy and forward specific data — like passwords — to remote locations.

Despite improvements in computer security, phishing attacks are still a big problem. In the case of the Oak Ridge intrusion, the e-mail messages were made to seem authentic. One described a scientific conference and another referred to a Federal Trade Commission complaint.

Computer security researchers cautioned that despite the US-CERT description of the attacks as sophisticated, such threats are frequently undertaken by amateur computer hackers.

Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.

13 comments:

  1. Quick...arrest Wen Ho Lee! Maybe this time Presidential Candidate Richardson will get it right. Then again, probably not.

    ReplyDelete
  2. I sense we may be heading toward a complete stand-down of all internet access at LANL in the next few weeks. Only traffic from ".gov" and ".mil" sites would be allowed. If this happens, it's anybodies guess as to how long the stand-down would stay in effect. Six months, perhaps?

    ReplyDelete
  3. JB Weld works in ethernet ports, right?

    ReplyDelete
  4. JB Weld works everywhere, 2:58 PM. It even has it's own Wiki page:

    en.wikipedia.org/wiki/J-B_Weld

    I suspect the LANL procurement office is getting ready to order many more caseloads of it. Perhaps LANS' final solution to our perceived problems is to securely weld shut the front gates.

    ReplyDelete
  5. Keep it up and you will have the AWE model of internet access....

    ReplyDelete
  6. Perhaps we should put a honey pot on the net with nothing but NNSA orders and regulations. It will take the Chinese years to sort it out.

    ReplyDelete
  7. We don't need hackers to destroy the U.S. We are doing just fine destroying it ourselves. Our enemies must be truly joyous this season, watching all our top scientists and engineers being hung out to dry.

    Funny thought, 12/9/07 8:15 PM. If we translate it to Navajo first, that will really keep them going.

    ReplyDelete
  8. This hacking from China would stop overnight if we threaten to put tariffs on their goods. Sure that would raise prices at our Walmart, but why are we helping finance other countries that do not play by the rules and are likely to be our future enemy?

    ReplyDelete
  9. Ashiiké tʼóó diigis léiʼ tółikaní łaʼ ádiilnííł dóó nihaa nahidoonih níigo yee hodeezʼą́ jiní. Áko tʼáá ałʼąą chʼil naʼatłʼoʼii kʼiidiilá dóó hááhgóóshį́į́ yinaalnishgo tʼáá áłah chʼil naʼatłʼoʼii néineestʼą́ jiní. Áádóó tółikaní áyiilaago tʼáá bíhígíí tʼáá ałʼąą tłʼízíkágí yiiʼ haidééłbįįd jiní. "Háadida díí tółikaní yígíí doo łaʼ ahaʼdiidził da," níigo ahaʼdeetʼą́ jiníʼ. Áádóó baa nahidoonih biniiyé kintahgóó dah yidiiłjid jiníʼ....

    ReplyDelete
  10. Bill Richardson's incompetence has made Wen Ho Lee a wealthy man.

    ReplyDelete
  11. "Sure that would raise prices at our Walmart,"

    Bingo, Walmart is more powerfull than the
    goverment.

    ReplyDelete
  12. Here is a secret message to all our non-chinese friends.

    ReplyDelete

Note: Only a member of this blog may post a comment.