The last few months have seen two top secret US military research laboratories hacked by one of the oldest methods, that of the phishing emails, which once opened infected the users computers with a trojan horse. Surely technology savvy employees should know better by now?
Last month, Representatives of Los Alamos National Laboratory (LANL) acknowledged that an attack on their network had taken place, although they understandably seemed unwilling to go in to much detail. Now, Oak Ridge National Laboratory (ORNL), has publicly admitted that a hacking attempt took place last week, which successfully managed to obtain potentially sensitive information about visitors to, and employees of, the lab.
ORNL said in a statement:
“A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications. When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees’ computers that enabled the hacker to copy and retrieve information.”
“No classified information was lost; however, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information.”
Despite no classified information being stolen during these two events, surely this raises serious question marks over the security of sensitive material being held on government and military computers?
ORNL itself believe that this intrusion was part of a larger attack on numerous research facilities in the United States, possibly by a co-ordinated group. How long until one of the attacks manages to sneak through from just personal information kept about visitors, to something much more usable, and dangerous in the wrong hands?
Both the ORNL, and LANL facilities are used for research in to numerous areas including national security, energy and nanotechnology, so you’d think security, and anti-phishing measures would be top priority. You’d also like to believe that the employees themselves would have a bit more nous than to click on an attachment, or follow a link in an email which has come from an external source.
It’s thought that only 0.1 percent of the phishing emails sent to Oak Ridge employees was responded to, but in this day and age, where the Internet is one of the key battlegrounds in espionage, that is 0.1 percent too much.