National labs suffer cybersecurity breaches

Editor's note: This story was updated at 5:45 p.m. Dec. 17, 2007. Please go to Corrections & Clarifications to see what has changed.


Two national labs suffered cybersecurity breaches that possibly exposed unclassified personally identifiable information.

The Los Alamos and Oak Ridge National laboratories have suffered database break-ins in the past month, officials at the labs said.

Oak Ridge was penetrated through several waves of phishing e-mail messages starting Oct. 29. The attackers gained access to a database containing names, Social Security numbers and birthdates of visitors to the Tennessee-based laboratory between 1990 and 2004.

Hackers hit Los Alamos barely a week later. Lab employees were informed of the attack Nov. 9.

In an e-mail message to Oak Ridge employees earlier this week, lab Director Thom Mason said the attacks were “part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”

A Los Alamos lab representative said intruders gained access to the lab’s unclassified network, dubbed the Yellow network. The representative would not elaborate on the details of the attack or the type of information that might have been leaked, saying releasing that information would damage the current investigation.

“A significant amount of data was removed from the unclassified Yellow network through this event,” the lab representative said.

Oak Ridge primarily handles energy and environmental research. Los Alamos handles weapons. The Energy Department oversees both labs.

Another DOE facility, Lawrence Livermore National Laboratory, disclosed in an interview that it was the target of e-mail based attacks. In October and November, about 1,000 spam-type e-mails with attachments were sent to employees at the lab, said Steve Wampler, public information officer at the lab. “These e-mails were successfully identified and removed by Lawrence Livermore's cybersecurity systems. As a result, there was no compromise of data at LLNL,” he said.

National labs have experienced several security problems in the past year. A DOE inspector general’s report released in March found that Lawrence Livermore was not getting rid of excess computer equipment properly, including some that contained sensitive information.

In January, Linton Brooks, administrator of the National Nuclear Security Administration, was fired after classified data breaches occurred at several labs, including Los Alamos.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.