Dec 13, 2007

We Thought You'd Like to Know...

Pinky,
I haven't seen anything on the blog about it yet, but some LANL employes are receiving "Dear Sir or Madam" letters from Tom Harper, Chief Information Officer informing us "of a potential compromise of personally identifiable information (PII) related to you." Included in this information is the Social Security Number, and while he says "potential" in the first sentence, the description that follows makes it definite. Despite the fact that this information should not have been accessible over the Net, LANL is telling us that we are responsible for taking steps to protect our identity; it seems, they feel they have no liability even though they implicitly admit liability by belatedly disconnecting computers with this information from the Net.

Apparently, this is from the break-in recently revealed in the press. So far, I have only seen the ORNL details that you have posted on your blog. LANL seems to be escaping most of the attention. My wife and I received our letters just today. Some years ago, when the DOE dumped my wife's information on the web, they eventually paid for credit monitoring through Equifax for a year. I suppose for LANL to do the same would require one of the Bechtel people to have to forego a Santa Fe cocktail party.

-anonymous

4 comments:

Frank Young said...

From KnoxNews.com:

Following last week's revelations about a computer hacking that potentially exposed the personal data of thousands of lab visitors, Oak Ridge National Laboratory is saying little about the event and the ongoing investigation.

Lab spokesman Billy Stair said he couldn't comment about a report in The New York Times that the hacking may have had a link to China. The Times referred to a memo from the Department of Homeland Security that suggested "phishing" e-mails were sent to ORNL from Web locations with links to China, although that didn't necessarily mean the Chinese government or any of its citizens were behind the hacking efforts.

Stair also declined comment on what agencies are involved in the investigation and wouldn't say if ORNL is collaborating with Los Alamos National Laboratory, which experienced a similar event in the same time frame.

The "sophisticated" attack tapped into an unclassified database, but it would seem unlikely that ORNL was targeted for personal info on visitors. Surely, there would be easier places to infiltrate for identity theft than a high-security national lab.

The lab has been reluctant to discuss possible motives.

"That's a dangerous area to get into because ultimately we can only speculate, and speculation can get you into trouble," Stair said. "The prudent thing to do is to focus on keeping people out and not focus on why they're trying to get in."

Senior writer Frank Munger may be reached at 342-6329. His e-mail is munger@knews.com. His blog, Atomic City Underground, is available online at http://blogs.knoxnews.com/knx/munger/

Anonymous said...

I am retired since five years ago.
We got the letter.
The letter stated that it was
unlikely the personal information
had been compromised.

Anonymous said...

Cyber attack on LANL outs personal info


By ROGER SNODGRASS, Monitor Assistant Editor

People whose personal information was potentially compromised by a hacking incident at Los Alamos National Laboratory have begun to receive letters of notice from Tom Harper, LANL’s chief information officer.
A letter dated Dec. 7, to “Sir or Madam” informs the addressee, “We do not believe that your PII (personally identifiable information) was the target of the hackers. Nevertheless, our current analysis indicates that the computers attacked did contain the following items of your PII: social security number.”
The letters includes information on recommended precautions to protect against identity theft.
A laboratory spokesperson said all laboratory employees were informed on Nov. 9 of a “malicious, sophisticated hacking event” on a small number of unclassified computers on the laboratory’s unclassified or ‘Yellow network.”
The incident may be related to a similar attack acknowledged in more detail by Oak Ridge National Laboratory in an advisory issued last week that said the attack appeared to be “part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”
The advisory said the first Oak Ridge incident occurred on Oct. 29, 2007, and that there was “reason to believe that data was stolen from a database used for visitors at the laboratory.”
LANL officials said the attack removed a significant amount of data.
“They were able to get behind the firewall,” said Kevin Roark of the lab’s Communications Office.
Roark said it is not the first time that the firewall has been penetrated.
There was an incident about three years ago, also an attack on multiple facilities, which was under investigation and about which officials were unwilling to speak at the time.
Roark said he did not know what came of the previous incident.
He said the lab is the object of 50,000 cyber-attacks daily, and sometimes 10 times that number.
“The exact nature of the information is currently under computer forensic investigation,” he said in a prepared statement. “We cannot elaborate on the details of the nature of the attack or the nature of the data taken at this time because revealing specifics of this event could damage the current investigation and adversely affect our ability to effectively deal with situations like this in the future.”
In Sen. Jeff Bingman’s office, spokeswoman Jude McCartin said they had been briefed on the issue, which had affected a number of labs.
“We would have expected that a certain level of encryption would be in place for this kind of information,” she said. “They’re going to have to make some upgrades."

Anonymous said...

It is LANL/LANS,LLC policy that all personal information kept on a computer MUST be encrypted using Entrust or comparable. So, this enquiring mind has a couple of questions:
1) Who, exactly, blatantly violated LANL/LANS,LLC policy?
2) What will be the punishment meted to these violators for doing so, thereby jeopardizing many loyal employees financial future? If not, why not?
3) Is anyone at home here at LANL/LANS,LLC?
4) Is anyone at home in the offices of the New Mexico Congressional Contingent, who are allowing LANL/LANS,LLC to do this to the citizens of New Mexico?