Cyber-attackers hit another Department of Energy research laboratory last week, forcing IT managers to shut down all of the facility's computer links to the outside world to try to contain the damage.
Essential computer services remain offline nearly a week
after a cyber-attackers hit another Department of Energy laboratory, this time
in the state of Washington.
The Energy Department's Pacific Northwest National
Laboratory in Washington shut down Internet access and email services
following a sophisticated cyber-attack, according to a July 5 post on the
facility's
Twitter account. Officials became aware of the cyber-attack on July 1, Greg
Koller, the lab's spokesperson, told the Associated Press.
Officials shut down most of the computer services for
employees, including email, SharePoint, wireless network and Internet access,
immediately after discovering the breach while the IT staff worked through the
holiday weekend to restore services. The lab also blocked all external attempts
to reach the Website and blocked all incoming email requests.
"Full access will be
restored once we can repel further attacks," according to the Twitter post.
As of July 6, email and the laboratory Website remained
inaccessible. The Website displayed a message that it was undergoing system
maintenance. Internal email was apparently restored July 5, according to local
CBS affiliate KEPR.
Full access is not expected to be restored until the end of the week.
Koller could not immediately be reached for additional
details on the incident. A pre-recorded message on his voicemail described the
incident as a "sophisticated cyber-attack" against the laboratory.
The attack on PNNL appears to be part of a larger attack occurring
around the same time that included another national laboratory in Virginia and
the Ohio headquarters of Battelle Memorial Institute, which operates PNNL, KEPR
reported. It doesn't appear as if any classified information was compromised at
this time, although the cyber-security team is still investigating.
The PNNL breach is just the latest in a string of attacks
targeting government agencies and contractors. The
Oak
Ridge National Laboratory in Tennessee shut down its email systems and
Internet access on April 15 after a spear-phishing attack. When two employees
clicked on a link in a malicious email, they were directed to a Website that
exploited a remote code execution vulnerability in Internet Explorer, which
Microsoft had patched days earlier in its
Patch
Tuesday update. The Oak Ridge attackers were after sensitive information,
Lab officials had said at the time.
Shortly after the Oak Ridge breach, other national labs and
government agencies reported an increase in phishing attacks trying to
compromise their systems.
The latest round of attacks on national laboratories caught
the attention of
Rafal
Los, enterprise security evangelist for HP Software. While there isn't a
lot of information regarding the attacks themselves, it is clear attackers
entered the network and some data was breached or stolen, Los wrote on his
blog. The fact that email and Internet services were shut down seem suggestive
of the fact that PNNL was hit by a spear-phishing attack similar to what
happened at Oak Ridge.
Los said the attacks are most likely targeting Energy
Sciences Network (ESnet), a high-speed, high-resiliency network that
inter-connects major Department of Energy laboratories including Oak Ridge,
PNNL, FermiLab and the Y12 National Security Complex.
"It's not too far of a stretch to think that the attackers,
whomever they are, are likely after something within the DOE network -
something probably classified," Los said. Attackers were after credentials and
network access, and it's likely they have managed to harvest some through these
attacks, Los speculated, noting that attackers used SQL injection to obtain
several login credentials from a Y12 National Security Website in June.
PNNL easily fends off four million cyber-attacks a day, most
of which are simple to detect and defend against, but this attack was more
serious than usual, Koller told local AM radio station KONA.
"These are well funded, very persistent individuals
looking for intellectual property or national security secrets and so they're
very dedicated to trying to attack," Jerry Johnson, PNNL's chief
information officer, told KEPRTV.
PNNL is a research and development facility working in areas
of nuclear science, information analysis and cyber-security.
Email
Print
