Oak Ridge Cyber Attack May Be From China


Printer-friendly version Email this CRN article

A cyber attack reported last week by a federal government nuclear weapons laboratory may have been launched from China, according to a confidential Department of Homeland Security memorandum.

The Department of Homeland Security distributed the confidential warning to public and private security officials Wednesday, which security researchers said included a list of Web addresses linked to locations in China, according to a New York Times report.

While appearing to be from China, such links do not necessarily mean that Chinese government or malicious Chinese agencies were behind the attacks, experts said. Security researchers assert that cyber criminals from any location in the world could possibly infiltrate or compromise computers based in China and subsequently use them for their own malicious aims.

"There's a lot more people in China, period. That's going to equate more cybercrime in and out of China," said Dave Marcus, security and information manager at McAfee Avert Labs.

Marcus added that cyber attacks from China are similar to attacks from other world nations that lack legitimate economic opportunities. "The ability to make a living is limited. Malware makes a very attractive way of making a living. It doesn't take a lot of skill and it's effective at making money. That's a strong motivator," he said.

The cyber attack was launched on numerous employees of Oak Ridge National Laboratory in Tennessee through a series of seven phishing e-mails that lured lab personnel into downloading attachments containing malware. The attack allowed hackers to gain access to one of the lab's non-classified databases that contained the personal information of visitors between 1990 and 2004, according to an all-staff e-mail issued last week. Security researchers estimate that at least 11 employees opened the malicious attachments.

Lab officials assert that while no classified information was removed, personal identifying information of visitors, such as social security numbers and date of births, might have been stolen. It is estimated that there have been least 1,100 attempts of data theft since the first attack Oct. 29, according to the ORNL letter.

Printer-friendly version Email this CRN article