Phishers hook data on visitors to Oak Ridge Labs

Accessed database storing personal data on those visiting between 1990 and 2004

In yet another example showing that clueless consumers aren't the only ones who fall victim to computer scams, the Oak Ridge National Laboratory yesterday disclosed that phishing attacks may have provided cybercrooks with access to personal data on people who visited the lab between 1990 and 2004.

In an e-mail sent to staffers this week, Thom Mason, director of the government research facility, reported that the lab has been the target of what he described as a sophisticated cyberattack by hackers seeking to gain access to computer networks at numerous research facilities and other government institutions across the country.

According to the note, the unknown hackers gained access to a nonclassified laboratory database, which contained personal information on people who have visited the facility in Oak Ridge, Tennessee, over a 14-year period starting in 1990.

Mason said the hackers made about 1,100 attempts to steal data by sending an unknown number of staffers a total of seven phishing e-mails. It was not immediately clear from the letter if that meant a total of 1,100 such e-mails were sent or if 1,100 separate attempts were made to send such messages to the organization.

According to Mason's e-mail, the phishing e-mails appeared legitimate and attempted to persuade recipients to open attachments or links. One of the bogus e-mails, for instance, purported to notify individuals of a scientific conference. Another pretended to notify the recipients of Federal Trade Commission complaint, he noted.

"At present, we believe that about 11 staffers opened the attachments, which enabled the hackers to infiltrate the system and remove data," Mason's note stated.

"Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete," he added. Meanwhile, he said, the lab is attempting to notify all the potential victims, whose Social Security numbers, names and dates of birth may have been pilfered.

The Oak Ridge incident is the second recent widely publicized phishing attack on a large organization. Earlier this year, grocery chain Supervalu Inc. was nearly scammed out of US$10 million by phishers.

In that incident, the company received e-mails that falsely claimed to be from two of its approved suppliers -- American Greetings and PepsiCo's Frito-Lay unit. The e-mails instructed Supervalu to send future payments to both suppliers to new bank accounts, one in Florida and the other in Arkansas.

The company sent over US$10 million to these fake accounts before realizing that it had been conned.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?