Cyber attackers breach defences at secret US labs

Posted by   Virus Bulletin on   Dec 10, 2007

Spearphishing and trojans penetrate research lab security.

At least one major US science lab, used to handle highly classified government and military material, has had its networks penetrated by hackers, using targeted email campaigns to sneak custom trojans onto systems and extract data. While no information has emerged on the source of the attacks, rumours of international espionage have been widespread.

The attack, on Oak Ridge National Laboratory in Tennessee, began in late October with a series of highly targeted emails aimed at tricking staff to run trojan software, according to a report released last Friday by PCWorld. With the network compromised, data on visitors to the labs in a 14-year period from 1990 to 2004 was harvested, including sensitive information such as social security numbers for thousands of high-level scientists and other experts.

The only details so far released have come from an email sent to employees by the director of Oak Ridge, but further possible breaches may also have occurred at Los Alamos National Laboratory in New Mexico, site of several earlier security leaks. With both labs regularly used for secret government and military work, many reports have suggested links to government-sponsored Chinese or Russian hackers.

The initial report from PCWorld is here. Further reports are here (in the New York Times), here (at ABCNews) or here (on DarkReading).

Posted on 10 December 2007 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.