The national laboratory that may or may not have played a supporting role in the Stuxnet cyberattack on Iran's nuclear facilities has been hacked, officials said yesterday, and facility-wide Internet access was cut Friday to stop data from flowing out of the lab. Oak Ridge National Laboratory, located in Tennessee, only lost a few megabytes of data. But it's unclear what data was stolen, and even less clear where it went.
The attack was sophisticated, ORNL's deputy director said, akin to the attacks that hit Google last year and security firm RSA just last month. The malware got inside through a pretty standard spear-phishing scheme in which an email posing as a note from human resources linked users to a malicious Web page that installed malware to their terminals.
Of 530 emails sent (out of about 5,000 total workers) only 57 users clicked through. From those, only two machines were actually compromised. But that was enough. On April 11 admins noticed a server was breached when data began flowing outward, but they were able to quickly head that attack off and disinfect the server. But apparently another set of code was laying dormant elsewhere in the system, and on Friday evening it began exfiltrating data from a number of servers.
That's when ORNL security pulled the plug on the Internet. As of yesterday, limited email has been restored for ORNL workers, but the investigation is ongoing. Given that cybersecurity is one of ORNL's research foci, the attack could be construed as ironic. Or it could be construed as a security success, given that very little data actually made it off the ORNL servers before the breach was detected and the plug pulled.
Still, someone--and investigators, at least publicly, say they have no idea who--got inside. Considering ORNL also researches nuclear technology and dabbles in other classified areas alongside its better-known unclassified work, that's more than a little worrisome.
It must be skynet preparing to take over the world. Oooorrrr.. I could make the more relevant assumption and say it was probably somewhere like... ohhhhhh from China..
- Darth Lithicus
It was China, hired by the Iranians to search for the source of Stuxnet. Even if ORNL wasn't involved in the attack directly you can be sure that there is a file buried deep within the system that says who and where it (Stuxnet) was developed.
I applaude the admins for pulling the plug rather than losing more data while trying to track the hack back to its Chinese source.
Say...what's that writing on the server on the left in this picture?
I would say probably the engineers who built the system and/or prominent/ex scientists that worked there. Signatures of some people important to ORNL.
Probably some bored technician viewing porn and infected the system with a virus.
@10jacobf - I think it was a two fold attack... while the admins were scrambling to deal with the hack, a local Oak Ridge Gang broke in and tagged the servers!
Looks like China finally got bored with plagiarizing (baidu) and hacking google.
Lunch menu for Monday.
I hate Monday's
what i gathered from this story was: only ~10% of ORNL employees are retarded, or only ~10% of ORNL employees check their e-mail. or maybe it was Stu, looking at Horse-Porn, or typing a pseudo-random string into google, containing words such as Ass and Sex/Sexy. Checking browser history, that's what happened last time I had to remove 'Win 7 Security 2011' from someone's PC. Easiest/fastest/least frustrating solution, btw, is a nuke & reinstall, because i'm lazy and it had corrupted so much. bootable linux usb, copy all important files, nuke, reinstall.
lol that's for the ORNL employees, because I know they love it. Dave's not here.
hello dave, we got you now