http://blogs.knoxnews.com/knx/munger/2008/01/followup_ornl_hacking.html By Frank Munger January 15, 2008 ORNL communications chief Billy Stair said the lab has not received a single call or e-mail indicating that anyone has had their personal information used or abused as a result of the hacking that took place last fall and was revealed [1] in early December. Hackers gained access to a database with the stored personal information (Social Security numbers, etc.) of thousands of people who visited the lab over a period of years (1990-2004). ORNL sent letters to 12,000 potential victims, and the "sophisticated cyber attack" gained worldwide attention. Stair said he's still extremely limited in the information he can release and said the lab may never be able to release some details, but he did discuss a few issues in general terms. "We think we have a broader picture of what happened than we did at the first of November. The circumstances involved relate to a lot of very sensitive issues involving security that would just make it difficult to talk in detail publicly about who was involved and the tactics they used," Stair said. He would not confirm published reports that said the attacks originated in China. "I can't address any speculation about who the attackers might have been," he said. Asked if the lab knew who the hackers were, Stair said, "We can speculate with some confidence who they may have been." He indicated that part of the reason for limited info on the ORNL attack may be ongoing investigations at other sites. "Anytime you're involved in security circumstances, it is possible that one incident may be linked to another, and therefore for that reason you have to be cautious about which strategy you use." Stair and other ORNL officials have refused to say if they expect arrests to be made in the hacking case. Asked if there were illegal activities involved, he said, "I would think the answer would be yes. I'm not the legal expert . . . but if you steal something from someone else, it's usually considered a felony." Asked if the lab knows for sure that information was stolen, he said, "We know they attempted to . . . I can't discuss all the details of that aspect." The ORNL official added: "It is accurate to say there are a lot more attempts to break into our system than most people realize. There are certainly dozens of serious attacks and hundreds -- if not thousands -- of less serious attacks on a weekly basis." [1] http://www.knoxnews.com/news/2007/dec/07/cyber-hackers-infiltrate-ornl/ ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Jan 16 2008 - 01:33:35 PST